Report Name: Linux Patch Wednesday May 2024
Generated: 2024-06-16 00:43:13

Vulristics Vulnerability Scores
Basic Vulnerability Scores
Products

Product NamePrevalenceUCHMLAComment
Kerberos12431257Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
AMD Processor0.9224Processor
Active Directory0.911Active Directory is a directory service developed by Microsoft for Windows domain networks
Apache HTTP Server0.921314534Apache HTTP Server is a free and open-source web server that delivers web content through the internet
GNU Bash0.922Bash is the shell, or command language interpreter, for the GNU operating system
GitLab0.944GitLab is a DevOps software package that combines the ability to develop, secure, and operate software in a single application
HTTP/20.91146HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web
Intel(R) Processor0.922Intel's processors from the pioneering 4-bit 4004 (1971) to the present high-end offerings
Linux Kernel0.93435335131092The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
Microsoft SCOM0.911System Center Operations Manager
Sudo0.9126514Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user
Windows Encrypting File System0.929516Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
Windows Kernel0.921432553Windows Kernel
Windows LDAP0.92633344Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
nghttp20.9224nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C
APT0.818411262A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
ASP.NET0.8314An open-source, server-side web-application framework designed for web development
Adobe Reader0.8112Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage Portable Document Format files
Binutils0.81162441The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
Chromium0.8473142Chromium is a free and open-source web browser project, mainly developed and maintained by Google
FreeIPA0.81427FreeIPA is a free and open source identity management system
GNOME desktop0.8852969GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
GNU C Library0.84828444The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
Google Chrome0.82103951102Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
ICMP0.8156The Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to diagnose network communication issues
Mozilla Firefox0.8441529106Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
Netty0.833Netty is a non-blocking I/O client-server framework for the development of Java network applications such as protocol servers and clients
Node.js0.83635751Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
OpenSSH0.8131222644OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
OpenSSL0.81314381773A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
PHP0.8289932642477PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
RPC0.8837550Remote Procedure Call Runtime
Safari0.8265529110Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
Samba0.881021544Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
Visual Basic for Applications0.81124Visual Basic for Applications is a computer programming language developed and owned by Microsoft
Webkit0.8213WebKit is a browser engine developed by Apple and primarily used in its Safari web browser, as well as all web browsers on iOS and iPadOS
WinRAR0.8314WinRAR is a trialware file archiver utility for Windows, developed by Eugene Roshal of win.rar GmbH
Windows NTFS0.813114The default file system of the Windows NT family
Windows Remote Desktop Protocol0.811Windows component
Xlib0.8112Xlib (also known as libX11) is an X Window System protocol client library written in the C programming language
Zoom0.822Zoom is the leader in modern enterprise video communications
libvpx0.8268libvpx is a free software video codec library from Google and the Alliance for Open Media (AOMedia)
libwebp0.822libwebp is a code library used to render and display images in the WebP format
.NET0.755.NET
.NET and Visual Studio0.711.NET and Visual Studio
Apache Tomcat0.712216Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
Apache Traffic Server0.721113The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
BIND0.711729855BIND is a suite of software for interacting with the Domain Name System
Babel0.7141318Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
Confluence0.711Confluence is a web-based corporate wiki
Curl0.7513422Curl is a command-line tool for transferring data specified with URL syntax
ESXi0.733VMware ESXi (formerly ESX) is an enterprise-class, type-1 hypervisor developed by VMware for deploying and serving virtual computers
FFmpeg0.78171003128FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
Kubernetes0.76410Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
MariaDB0.7112MariaDB is a community-developed, commercially supported fork of the MySQL relational database management system, intended to remain free and open-source software under the GNU General Public License
MediaWiki0.778132120MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
Oracle MySQL0.711MySQL is an open-source relational database management system
Point-to-Point Tunneling Protocol0.7112The Point to Point Tunneling Protocol (PPTP) is a network protocol used to create VPN tunnels between public networks
QEMU0.7532441QEMU is a generic and open source machine & userspace emulator and virtualizer
SQLite0.7510217SQLite is a database engine written in the C programming language
Struts0.711Apache Struts is a free, open-source, MVC framework for creating elegant, modern Java web applications. It favors convention over configuration, is extensible using a plugin architecture, and ships with plugins to support REST, AJAX and JSON
VMware Tools0.711VMware Tools is a set of services and modules that enable several features in VMware products for better management of, and seamless user interactions with, guests operating systems
Windows Security Center0.711Windows Security Center (WSC) is a comprehensive reporting tool that helps users establish and maintain a protective security layer around their computer systems
iOS0.71721644iOS is an operating system developed and marketed by Apple Inc
macOS0.7213macOS is an operating system developed and marketed by Apple Inc
vim0.766113Vim is a free and open-source, screen-based text editor program
Apache ActiveMQ0.6115310Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client
Bouncy Castle0.6369Bouncy Castle is a collection of APIs used in cryptography
DirectX0.622DirectX
Eclipse Mosquitto0.6325Eclipse Mosquitto provides a lightweight server implementation of the MQTT protocol that is suitable for all situations from full power machines to embedded and low power machines
Exim0.6112417Exim is a mail transfer agent (MTA) used on Unix-like operating systems
FreeRDP0.651713FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
ImageMagick0.6262771ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
Internet Explorer0.6113115Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft
Jetty0.61113Jetty is a Java based web server and servlet engine
Microsoft Excel0.611MS Office product
Microsoft Word0.611Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product.
Nokogiri0.622Nokogiri is an open source XML and HTML library for the Ruby programming language
Oracle Java SE0.6538Oracle Java SE
Perl0.6152370194617Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
Puma0.611Puma is a Ruby/Rack web server built for parallelism
Python0.6227043135Python is a high-level, general-purpose programming language
ReadyMedia0.644ReadyMedia (formerly known as MiniDLNA) is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients
Redis0.6217515Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
Roundcube0.61617630Roundcube is a web-based IMAP email client
Wireshark0.61413943196Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
libxml20.6325libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project
ownCloud0.6213ownCloud is an open-source software product for sharing and syncing of files in distributed and federated enterprise scenarios
pgAdmin0.611pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world
tiffcrop0.6224Tiffcrop processes one or more files created according to the Tag Image File Format, Revision 6.0, specification into one or more TIFF file(s)
wpa_supplicant0.61416wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation) and Haiku
7-Zip0.544KeePass is a free open source password manager, which helps you to manage your passwords in a secure way
CNG0.511CNG
Cacti0.519303281Cacti is an open source operational monitoring and fault management framework
DNSSEC0.54610The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups
Docker0.518716Docker
FRRouting0.5347Free Range Routing or FRRouting or FRR is a network routing software suite running on Unix-like platforms, particularly Linux, Solaris, OpenBSD, FreeBSD and NetBSD
Flask0.5224Flask is a lightweight WSGI web application framework
GDI0.51528GDI
Group Policy0.511Group Policy
HID0.5371323HID
KeePass0.52137-Zip is a file archiver with a high compression ratio
LNK0.5336LNK
Layer 2 Tunneling Protocol0.511Layer 2 Tunneling Protocol
Libarchive0.5110112Multi-format archive and compression library
NetBIOS0.511NetBIOS (Network Basic Input/Output System) is a network service that enables applications on different computers to communicate with each other across a local area network (LAN)
NumPy0.5123NumPy is a library for the Python programming language, adding support for large, multi-dimensional arrays and matrices, along with a large collection of high-level mathematical functions
Openfire0.511Openfire is a real time collaboration (RTC) server licensed under the Open Source Apache License
Scripting Engine0.5112Scripting Engine
TLS0.510375097TLS
TLS/SSL0.522TLS/SSL
TRIE0.51331246TRIE
VBScript0.511VBScript
WEBDAV0.511WEBDAV
Werkzeug0.511Werkzeug is a comprehensive WSGI web application library
Word PDF0.511Word PDF
Xrdp0.544xrdp is an open source remote desktop protocol server
libjpeg0.513720libjpeg
nginx0.575113Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache
ntopng0.52316ntopng is an open-source computer software for monitoring traffic on a computer network
spip0.5224SPIP is an open-source software content management system designed for web site publishing, oriented towards online collaborative editing
Azure0.433Azure
Flatpak0.4112Flatpak is a utility for software deployment and package management for Linux
GPAC0.4267336135GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
Git0.4136037110Git
LLDP0.411LLDP is an industry standard protocol designed to supplant proprietary Link-Layer protocols such as Extreme's EDP (Extreme Discovery Protocol) and CDP (Cisco Discovery Protocol)
Artifex Ghostscript0.3819Artifex Ghostscript is an interpreter for the PostScript® language and PDF files
Visual Studio0.311Integrated development environment
Unknown Product010406248935376442Unknown Product


Vulnerability Types

Vulnerability TypeCriticalityUCHMLA
Remote Code Execution1.05884151048361592
Authentication Bypass0.98142267296
Code Injection0.9722212045
Command Injection0.972304779
XXE Injection0.97152329
Arbitrary File Writing0.951218843243
Security Feature Bypass0.915451463200
Elevation of Privilege0.852882395
Arbitrary File Reading0.837491268
Information Disclosure0.834328353379
Cross Site Scripting0.892458135685
Open Redirect0.7514216
Denial of Service0.7722815318252591
Path Traversal0.71175236106
Incorrect Calculation0.513492780
Memory Corruption0.517985884201123
Spoofing0.425512
Unknown Vulnerability Type028174032144037


Comments

SourceUCHMLA
almalinux584358114
debian913111255371480211438
oraclelinux584862123
redhat595265131
redos7155724103
ubuntu119180213413


Vulnerabilities

Urgent (9)

1. Remote Code Execution - Apache HTTP Server (CVE-2021-42013) - Urgent [864]

Description: It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object, CISA object) website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42013 was patched at 2024-05-15

2. Code Injection - PHP (CVE-2017-9841) - Urgent [842]

Description: {'vulners_cve_data_all': 'Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), BDU websites
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9841 was patched at 2024-05-15

3. Remote Code Execution - Apache HTTP Server (CVE-2021-41773) - Urgent [840]

Description: A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions. The fix in Apache HTTP Server 2.4.50 was found to be incomplete, see CVE-2021-42013.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object, AttackerKB object, CISA object) website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41773 was patched at 2024-05-15

4. Remote Code Execution - Google Chrome (CVE-2021-30632) - Urgent [835]

Description: Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), BDU websites
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30632 was patched at 2024-05-15

5. Remote Code Execution - Apache Tomcat (CVE-2022-22965) - Urgent [830]

Description: A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (cisa_kev object), BDU websites
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-22965 was patched at 2024-05-15

6. Remote Code Execution - OpenSSL (CVE-2010-0742) - Urgent [823]

Description: The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object) website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenSSL CMS结构处理内存破坏漏洞, [seebug] OpenSSL Cryptographic Message Syntax "OriginatorInfo" Vulnerability)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0742 was patched at 2024-05-15

7. Code Injection - PHP (CVE-2009-1151) - Urgent [818]

Description: Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object) website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: PHPMYADMIN_INJECTION, [packetstorm] phpMyAdmin /scripts/setup.php Code Injection, [packetstorm] PhpMyAdmin Config File Code Injection, [seebug] phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit, [seebug] PhpMyAdmin Config File Code Injection, [seebug] phpMyAdmin setup.php脚本PHP代码注入漏洞, [metasploit] PhpMyAdmin Config File Code Injection, [d2] DSquare Exploit Pack: D2SEC_PHPMYADMIN_RCE, [dsquare] Phpmyadmin File Upload, [exploitpack] phpMyAdmin - scriptssetup.php PHP Code Injection, [exploitdb] phpMyAdmin - '/scripts/setup.php' PHP Code Injection, [exploitdb] phpMyAdmin - Config File Code Injection (Metasploit))
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1151 was patched at 2024-05-15

8. Security Feature Bypass - Google Chrome (CVE-2021-21220) - Urgent [817]

Description: Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object) website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Google Chrome XOR Typer Out-Of-Bounds Access / Remote Code Execution, [githubexploit] Exploit for Out-of-bounds Write in Google Chrome, [zdt] Google Chrome XOR Typer Out-Of-Bounds Access / Remote Code Execution Exploit, [seebug] Chrome 远程代码执行漏洞(CVE-2021-21220))
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-21220 was patched at 2024-05-15

9. Authentication Bypass - OpenSSH (CVE-2019-6110) - Urgent [808]

Description: {'vulners_cve_data_all': 'In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object) website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] OpenSSH SCP Client - Write Arbitrary Files Exploit, [zdt] OpenSSH 7.6p1 SCP Client - Multiple Vulnerabilities (SSHtranger Things) Exploit, [packetstorm] SSHtranger Things SCP Client File Issue, [exploitpack] OpenSSH SCP Client - Write Arbitrary Files, [exploitpack] SCP Client - Multiple Vulnerabilities (SSHtranger Things), [exploitdb] SCP Client - Multiple Vulnerabilities (SSHtranger Things), [exploitdb] OpenSSH SCP Client - Write Arbitrary Files)
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6110 was patched at 2024-05-15

Critical (132)

10. Security Feature Bypass - Apache ActiveMQ (CVE-2016-3088) - Critical [796]

Description: {'vulners_cve_data_all': 'The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object) website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3088 was patched at 2024-05-15

11. Security Feature Bypass - Google Chrome (CVE-2021-30533) - Critical [794]

Description: Insufficient policy enforcement in PopupBlocker in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted iframe.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (cisa_kev object) website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30533 was patched at 2024-05-15

12. Elevation of Privilege - BIND (CVE-2020-0041) - Critical [780]

Description: In binder_transaction of binder.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145988638References: Upstream kernel

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object, cisa_kev object, cisa_kev object) website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Improper Input Validation in Google Android)
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-0041 was patched at 2024-05-15

13. Denial of Service - Node.js (CVE-2015-8858) - Critical [770]

Description: The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8858 was patched at 2024-05-15

14. Memory Corruption - Google Chrome (CVE-2021-30633) - Critical [758]

Description: Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), BDU websites
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score1.010CVSS Base Score is 9.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30633 was patched at 2024-05-15

15. Memory Corruption - nghttp2 (CVE-2024-27983) - Critical [751]

Description: An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for CVE-2024-27983)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-27983 was patched at 2024-05-09, 2024-05-15, 2024-05-20

debian: CVE-2024-27983 was patched at 2024-05-15

oraclelinux: CVE-2024-27983 was patched at 2024-05-09, 2024-05-10, 2024-05-14, 2024-05-16, 2024-05-22

redhat: CVE-2024-27983 was patched at 2024-05-09, 2024-05-15, 2024-05-20, 2024-05-21, 2024-05-29, 2024-06-03

redos: CVE-2024-27983 was patched at 2024-04-25

16. Memory Corruption - Google Chrome (CVE-2021-21206) - Critical [746]

Description: Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), BDU websites
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-21206 was patched at 2024-05-15

17. Memory Corruption - Google Chrome (CVE-2021-30551) - Critical [746]

Description: Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object) website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Type Confusion in Google Chrome)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30551 was patched at 2024-05-15

18. Memory Corruption - Google Chrome (CVE-2021-30563) - Critical [746]

Description: Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), BDU websites
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30563 was patched at 2024-05-15

19. Path Traversal - Openfire (CVE-2023-32315) - Critical [720]

Description: Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object, cisa_kev object) website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.514Openfire is a real time collaboration (RTC) server licensed under the Open Source Apache License
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

redos: CVE-2023-32315 was patched at 2024-05-03

20. Memory Corruption - Babel (CVE-2022-26127) - Critical [717]

Description: A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-26127 was patched at 2024-05-15

ubuntu: CVE-2022-26127 was patched at 2024-06-05

21. Memory Corruption - Babel (CVE-2022-26128) - Critical [717]

Description: A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-26128 was patched at 2024-05-15

ubuntu: CVE-2022-26128 was patched at 2024-06-05

22. Memory Corruption - Babel (CVE-2022-26129) - Critical [717]

Description: {'vulners_cve_data_all': 'Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-26129 was patched at 2024-05-15

ubuntu: CVE-2022-26129 was patched at 2024-06-05

23. Denial of Service - HTTP/2 (CVE-2023-45288) - Critical [691]

Description: {'vulners_cve_data_all': 'An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for CVE-2023-45288)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-45288 was patched at 2024-04-23, 2024-04-29, 2024-04-30, 2024-05-06, 2024-05-07, 2024-05-22, 2024-05-23

debian: CVE-2023-45288 was patched at 2024-05-15

oraclelinux: CVE-2023-45288 was patched at 2024-04-23, 2024-05-07, 2024-05-08, 2024-05-29

redhat: CVE-2023-45288 was patched at 2024-04-23, 2024-04-26, 2024-04-29, 2024-04-30, 2024-05-02, 2024-05-06, 2024-05-07, 2024-05-09, 2024-05-20, 2024-05-21, 2024-05-22, 2024-05-23, 2024-05-29

redos: CVE-2023-45288 was patched at 2024-04-22

24. Remote Code Execution - Unknown Product (CVE-2016-4437) - Critical [690]

Description: {'vulners_cve_data_all': 'Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (cisa_kev object) website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Apache Shiro 1.2.4 Remote Code Execution, [zdt] Apache Shiro 1.2.4 Remote Code Execution Exploit)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4437 was patched at 2024-05-15

25. Remote Code Execution - Unknown Product (CVE-2019-17558) - Critical [690]

Description: {'vulners_cve_data_all': 'Apache Solr 5.0.0 to Apache Solr 8.3.1 are vulnerable to a Remote Code Execution through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/` directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled` by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (cisa_kev object) website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Injection in Apache Solr, [githubexploit] Exploit for Injection in Apache Solr, [githubexploit] Exploit for Injection in Apache Solr, [zdt] Apache Solr 8.3.0 Velocity Template Remote Code Execution Exploit, [packetstorm] Apache Solr 8.3.0 Velocity Template Remote Code Execution)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17558 was patched at 2024-05-15

26. Remote Code Execution - Unknown Product (CVE-2021-33035) - Critical [690]

Description: {'vulners_cve_data_all': 'Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33035 was patched at 2024-05-15

27. Remote Code Execution - Unknown Product (CVE-2022-25942) - Critical [690]

Description: {'vulners_cve_data_all': 'An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25942 was patched at 2024-05-15

28. Remote Code Execution - Unknown Product (CVE-2022-25972) - Critical [690]

Description: {'vulners_cve_data_all': 'An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25972 was patched at 2024-05-15

29. Remote Code Execution - Unknown Product (CVE-2022-26061) - Critical [690]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-26061 was patched at 2024-05-15

30. Security Feature Bypass - Chromium (CVE-2024-3838) - Critical [680]

Description: {'vulners_cve_data_all': 'Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3838 was patched at 2024-04-20, 2024-05-15

redos: CVE-2024-3838 was patched at 2024-05-03

31. Denial of Service - GNU C Library (CVE-2024-2961) - Critical [675]

Description: The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for CVE-2024-2961, [githubexploit] Exploit for CVE-2024-2961, [githubexploit] Exploit for CVE-2024-2961)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-2961 was patched at 2024-05-07, 2024-05-22, 2024-05-23

debian: CVE-2024-2961 was patched at 2024-04-23, 2024-05-15

oraclelinux: CVE-2024-2961 was patched at 2024-05-08, 2024-05-29, 2024-06-05

redhat: CVE-2024-2961 was patched at 2024-05-07, 2024-05-09, 2024-05-22, 2024-05-23, 2024-05-28, 2024-05-29, 2024-06-04

redos: CVE-2024-2961 was patched at 2024-05-03

ubuntu: CVE-2024-2961 was patched at 2024-04-18, 2024-04-29, 2024-05-02

32. Security Feature Bypass - Unknown Product (CVE-2020-35380) - Critical [672]

Description: {'vulners_cve_data_all': 'GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35380 was patched at 2024-05-15

33. Denial of Service - Binutils (CVE-2017-16829) - Critical [669]

Description: The _bfd_elf_parse_gnu_properties function in elf-properties.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not prevent negative pointers, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted ELF file.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16829 was patched at 2024-05-15

34. Unknown Vulnerability Type - Node.js (CVE-2015-8857) - Critical [669]

Description: {'vulners_cve_data_all': 'The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8857 was patched at 2024-05-15

35. Denial of Service - nghttp2 (CVE-2024-28182) - Critical [650]

Description: {'vulners_cve_data_all': 'nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-28182 was patched at 2024-05-09, 2024-05-15, 2024-05-20, 2024-05-30

debian: CVE-2024-28182 was patched at 2024-05-15

oraclelinux: CVE-2024-28182 was patched at 2024-05-09, 2024-05-10, 2024-05-14, 2024-05-16, 2024-05-22

redhat: CVE-2024-28182 was patched at 2024-05-09, 2024-05-15, 2024-05-20, 2024-05-21, 2024-05-30, 2024-06-03, 2024-06-06

redos: CVE-2024-28182 was patched at 2024-05-07

ubuntu: CVE-2024-28182 was patched at 2024-04-25, 2024-05-07

36. Unknown Vulnerability Type - Linux Kernel (CVE-2013-6282) - Critical [650]

Description: {'vulners_cve_data_all': 'The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application, as exploited in the wild against Android devices in October and November 2013.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (cisa_kev object) website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Linux ARM - Local Root Exploit, [zdt] Android get_user/put_user Exploit, [packetstorm] Android get_user/put_user Exploit, [metasploit] Android get_user/put_user Exploit, [exploitpack] Linux Kernel 3.4.5 (Android 4.2.24.4 ARM) - Local Privilege Escalation, [exploitdb] Google Android - get_user/put_user (Metasploit), [exploitdb] Linux Kernel < 3.4.5 (Android 4.2.2/4.4 ARM) - Local Privilege Escalation)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6282 was patched at 2024-05-15

37. Memory Corruption - Chromium (CVE-2024-3834) - Critical [645]

Description: Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3834 was patched at 2024-04-20, 2024-05-15

redos: CVE-2024-3834 was patched at 2024-05-03

38. Memory Corruption - Google Chrome (CVE-2021-30549) - Critical [645]

Description: Use after free in Spell check in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30549 was patched at 2024-05-15

39. Memory Corruption - Google Chrome (CVE-2021-30554) - Critical [645]

Description: Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object), BDU websites
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30554 was patched at 2024-05-15

40. Memory Corruption - Chromium (CVE-2024-4671) - Critical [639]

Description: Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-4671 was patched at 2024-05-10, 2024-05-15

41. Remote Code Execution - Windows Kernel (CVE-2008-2430) - Critical [638]

Description: Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] VLC Media Player WAV文件缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2430 was patched at 2024-05-15

42. Denial of Service - Unknown Product (CVE-2020-36066) - Critical [636]

Description: {'vulners_cve_data_all': 'GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36066 was patched at 2024-05-15

43. Remote Code Execution - GNU C Library (CVE-2002-0391) - Critical [633]

Description: Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: TTDB_XDRARRAY, [canvas] Immunity Canvas: CMSD_XDRARRAY)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0391 was patched at 2024-05-15

44. Remote Code Execution - GNU C Library (CVE-2014-9984) - Critical [633]

Description: nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Cisco Device Hardcoded Credentials / GNU glibc / BusyBox, [packetstorm] WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9984 was patched at 2024-05-15

ubuntu: CVE-2014-9984 was patched at 2024-05-02

45. Remote Code Execution - Google Chrome (CVE-2012-2864) - Critical [633]

Description: Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute arbitrary code via unspecified vectors that trigger an "array overflow."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Google Chrome OS 远程代码执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2864 was patched at 2024-05-15

46. Remote Code Execution - Google Chrome (CVE-2020-6572) - Critical [633]

Description: Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to execute arbitrary code via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object) website
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-6572 was patched at 2024-05-15

47. Remote Code Execution - Mozilla Firefox (CVE-2009-3377) - Critical [633]

Description: Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Mozilla Firefox多个内存破坏漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3377 was patched at 2024-05-15

48. Remote Code Execution - OpenSSL (CVE-2022-2274) - Critical [633]

Description: The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Out-of-bounds Write in Openssl)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2274 was patched at 2024-05-15

49. Remote Code Execution - PHP (CVE-2021-32708) - Critical [633]

Description: Flysystem is an open source file storage library for PHP. The whitespace normalisation using in 1.x and 2.x removes any unicode whitespace. Under certain specific conditions this could potentially allow a malicious user to execute code remotely. The conditions are: A user is allowed to supply the path or filename of an uploaded file, the supplied path or filename is not checked against unicode chars, the supplied pathname checked against an extension deny-list, not an allow-list, the supplied path or filename contains a unicode whitespace char in the extension, the uploaded file is stored in a directory that allows PHP code to be executed. Given these conditions are met a user can upload and execute arbitrary code on the system under attack. The unicode whitespace removal has been replaced with a rejection (exception). For 1.x users, upgrade to 1.1.4. For 2.x users, upgrade to 2.1.1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([srcincite] SRC-2021-0021 : League flysystem removeFunkyWhiteSpace Time-Of-Check Time-Of-Use File Write Remote Code Execution Vulnerability)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32708 was patched at 2024-05-15

50. Remote Code Execution - PHP (CVE-2023-24813) - Critical [633]

Description: Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of `image` tags and respects `xlink:href` even if `href` is specified. However, php-svg-lib, which is later used to parse the svg file, parses the href attribute. Since `href` is respected if both `xlink:href` and `href` is specified, it's possible to bypass the protection on the Dompdf side by providing an empty `xlink:href` attribute. An attacker can exploit the vulnerability to call arbitrary URLs with arbitrary protocols if they provide an SVG file to the Dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, which will lead, at the very least, to arbitrary file deletion and might lead to remote code execution, depending on available classes. This vulnerability has been addressed in commit `95009ea98` which has been included in release version 2.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Incorrect Authorization in Dompdf Project Dompdf, [githubexploit] Exploit for Incorrect Authorization in Dompdf Project Dompdf)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-24813 was patched at 2024-05-15

51. Remote Code Execution - PHP (CVE-2023-28115) - Critical [633]

Description: Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the `file_exists()` function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution especially when snappy is used with frameworks with documented POP chains like Laravel/Symfony vulnerable developer code. If a user can control the output file from the `generateFromHtml()` function, it will invoke deserialization. This vulnerability is capable of remote code execution if Snappy is used with frameworks or developer code with vulnerable POP chains. It has been fixed in version 1.4.2.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-28115 was patched at 2024-05-15

52. Remote Code Execution - Samba (CVE-2002-1318) - Critical [633]

Description: Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Samba 2.2.2 < 2.2.6 - nttrans Buffer Overflow Exploit)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1318 was patched at 2024-05-15

53. Remote Code Execution - Samba (CVE-2003-0085) - Critical [633]

Description: Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: SAMBA_NTTRANS, [packetstorm] Samba nttrans Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0085 was patched at 2024-05-15

54. Remote Code Execution - Samba (CVE-2003-0196) - Critical [633]

Description: Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([saint] Samba call_trans2open buffer overflow, [saint] Samba call_trans2open buffer overflow, [saint] Samba call_trans2open buffer overflow, [saint] Samba call_trans2open buffer overflow, [packetstorm] Samba trans2open Overflow (Solaris SPARC), [packetstorm] Samba trans2open Overflow, [packetstorm] Samba trans2open Overflow (Mac OS X), [canvas] Immunity Canvas: SAMBA_TRANS2)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0196 was patched at 2024-05-15

55. Remote Code Execution - Samba (CVE-2003-0201) - Critical [633]

Description: Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([saint] Samba call_trans2open buffer overflow, [saint] Samba call_trans2open buffer overflow, [saint] Samba call_trans2open buffer overflow, [saint] Samba call_trans2open buffer overflow, [packetstorm] Samba trans2open Overflow (Solaris SPARC), [packetstorm] Samba trans2open Overflow, [packetstorm] Samba trans2open Overflow (Mac OS X), [canvas] Immunity Canvas: SAMBA_TRANS2)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0201 was patched at 2024-05-15

56. Remote Code Execution - Samba (CVE-2004-0600) - Critical [633]

Description: Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] sambaPoC.txt)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0600 was patched at 2024-05-15

57. Command Injection - Node.js (CVE-2019-10061) - Critical [627]

Description: utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for OS Command Injection in Node-Opencv Project Node-Opencv)
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10061 was patched at 2024-05-15

58. Remote Code Execution - Linux Kernel (CVE-2008-4395) - Critical [626]

Description: Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Linux Kernel ndiswrapper模块远程溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 8.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4395 was patched at 2024-05-15

59. Remote Code Execution - Windows Kernel (CVE-2021-40826) - Critical [626]

Description: Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40826 was patched at 2024-05-15

60. Remote Code Execution - Windows LDAP (CVE-2006-3747) - Critical [626]

Description: Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([saint] Apache mod_rewrite LDAP URL buffer overflow, [saint] Apache mod_rewrite LDAP URL buffer overflow, [saint] Apache mod_rewrite LDAP URL buffer overflow, [saint] Apache mod_rewrite LDAP URL buffer overflow, [packetstorm] apache2058-rewrite.txt, [packetstorm] Apache module mod_rewrite LDAP protocol Buffer Overflow, [packetstorm] apache-mod-rewrite.rb.txt, [packetstorm] modrewrite-offbyone.txt, [packetstorm] modrewritepoc.txt, [seebug] Apache Mod_Rewrite Off-by-one Remote Overflow Exploit (win32), [seebug] Apache mod_rewrite模块单字节缓冲区溢出漏洞, [seebug] Apache < 1.3.37 2.0.59 2.2.3 (mod_rewrite) Remote Overflow PoC, [seebug] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC, [exploitpack] Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow, [exploitpack] Apache 1.3.372.0.592.2.3 mod_rewrite - Remote Overflow, [exploitdb] Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow, [exploitdb] Apache < 1.3.37/2.0.59/2.2.3 mod_rewrite - Remote Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3747 was patched at 2024-05-15

61. Memory Corruption - Unknown Product (CVE-2023-47212) - Critical [625]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflow vulnerability exists in the comment functionality of stb _vorbis.c v1.22. A specially crafted .ogg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-47212 was patched at 2024-05-15

62. Memory Corruption - FreeRDP (CVE-2024-32041) - Critical [623]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32041 was patched at 2024-05-15

ubuntu: CVE-2024-32041 was patched at 2024-04-24

63. Memory Corruption - FreeRDP (CVE-2024-32458) - Critical [623]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support).

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32458 was patched at 2024-05-15

ubuntu: CVE-2024-32458 was patched at 2024-04-24

64. Memory Corruption - FreeRDP (CVE-2024-32459) - Critical [623]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32459 was patched at 2024-05-15

ubuntu: CVE-2024-32459 was patched at 2024-04-24

65. Remote Code Execution - Google Chrome (CVE-2021-30526) - Critical [621]

Description: Out of bounds write in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30526 was patched at 2024-05-15

66. Remote Code Execution - Mozilla Firefox (CVE-2009-3378) - Critical [621]

Description: The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Mozilla Firefox多个内存破坏漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3378 was patched at 2024-05-15

67. Remote Code Execution - Mozilla Firefox (CVE-2010-1028) - Critical [621]

Description: Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Mozilla Firefox 3.6 - Integer Overflow Exploit, [seebug] Mozilla Firefox 3.6 WOFF解码器整数溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1028 was patched at 2024-05-15

68. Remote Code Execution - PHP (CVE-2018-14857) - Critical [621]

Description: Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] OCS Inventory NG Webconsole Shell Upload, [zdt] OCS Inventory NG Webconsole Shell Upload Vulnerability)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14857 was patched at 2024-05-15

69. Remote Code Execution - Safari (CVE-2008-2307) - Critical [621]

Description: Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari内存破坏漏洞, [seebug] Apple Safari WebKit JavaScript数组远程溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2307 was patched at 2024-05-15

70. Remote Code Execution - Safari (CVE-2009-1686) - Critical [621]

Description: WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1686 was patched at 2024-05-15

71. Remote Code Execution - Safari (CVE-2009-1701) - Critical [621]

Description: Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1701 was patched at 2024-05-15

72. Remote Code Execution - Safari (CVE-2009-1711) - Critical [621]

Description: WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1711 was patched at 2024-05-15

73. Remote Code Execution - Safari (CVE-2009-1712) - Critical [621]

Description: WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1712 was patched at 2024-05-15

74. Remote Code Execution - Safari (CVE-2017-2505) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WebKit JSC BindingNode::bindValue Failed Reference Count Increase, [seebug] WebKit: JSC: BindingNode::bindValue doesn't increase the scope's reference count(CVE-2017-2505))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2505 was patched at 2024-05-15

75. Remote Code Execution - Safari (CVE-2017-2514) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WebKit WebCore::FrameView::scheduleRelayout Use-After-Free, [zdt] Apple WebKit / Safari 10.0.3(12602.4.8) - WebCore::FrameView::scheduleRelayout Use-After-Free Exploi, [seebug] WebKit WebCore::FrameView::scheduleRelayout Use-After-Free(CVE-2017-2514))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2514 was patched at 2024-05-15

76. Remote Code Execution - Safari (CVE-2017-2515) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit - Stealing Variables via Page Navigation in FrameLoader::clear Exploit, [packetstorm] WebKit FrameLoader::clear Variable Theft)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2515 was patched at 2024-05-15

77. Remote Code Execution - Safari (CVE-2017-2521) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit JSC JSObject::ensureLength Failure Check Vulnerability, [seebug] WebKit Unspecified Memory Corruption Vulnerability(CVE-2017-2521), [packetstorm] WebKit JSC JSObject::ensureLength Failure Check)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2521 was patched at 2024-05-15

78. Remote Code Execution - Safari (CVE-2017-2531) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] WebKit JSC emitPutDerivedConstructorToArrowFunctionContextScope Incorrect Check(CVE-2017-2531), [packetstorm] WebKit JSC emitPutDerivedConstructorToArrowFunctionContextScope Incorrect Check, [zdt] WebKit JSC emitPutDerivedConstructorToArrowFunctionContextScope Incorrect Check Vulnerability)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2531 was patched at 2024-05-15

79. Remote Code Execution - Safari (CVE-2017-2536) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Apple Safari 10.1 - Spread Operator Integer Overflow Remote Code Execution Exploit, [seebug] Exploiting an integer overflow with array spreading (WebKit))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2536 was patched at 2024-05-15

80. Remote Code Execution - Safari (CVE-2017-2547) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WebKit JSC Jit Optimization Check Failure, [zdt] WebKit JSC - JIT Optimization Check Failed in IntegerCheckCombiningPhase::handleBlock Exploit)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2547 was patched at 2024-05-15

81. Remote Code Execution - Safari (CVE-2017-6980) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit JSC - arrayProtoFuncSplice does not Initialize all Indices Exploit, [packetstorm] WebKit JSC arrayProtoFuncSplice Initialization Fail)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6980 was patched at 2024-05-15

82. Remote Code Execution - Safari (CVE-2017-6984) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit JSC - Heap Buffer Overflow in Intl.getCanonicalLocales Exploit, [packetstorm] WebKit JSC Intl.getCanonicalLocales Heap Buffer Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6984 was patched at 2024-05-15

83. Remote Code Execution - Safari (CVE-2017-7040) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] WebKit: use-after-free in WebCore::getCachedWrapper(CVE-2017-7040), [packetstorm] WebKit WebCore::getCachedWrapper Use-After-Free, [zdt] WebKit - WebCore::getCachedWrapper Use-After-Free Exploit)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7040 was patched at 2024-05-15

84. Remote Code Execution - Safari (CVE-2017-7041) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit - WebCore::Node::getFlag Use-After-Free Exploit, [seebug] WebKit: use-after-free in WebCore::Node::getFlag(CVE-2017-7041), [packetstorm] WebKit WebCore::Node::getFlag Use-After-Free)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7041 was patched at 2024-05-15

85. Remote Code Execution - Safari (CVE-2017-7042) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit - WebCore::InputType::element Use-After-Free Exploit, [seebug] WebKit: use-after-free in WebCore::InputType::element(CVE-2017-7042), [packetstorm] WebKit WebCore::InputType::element Use-After-Free)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7042 was patched at 2024-05-15

86. Remote Code Execution - Safari (CVE-2017-7043) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WebKit WebCore::AccessibilityRenderObject::handleAriaExpandedChanged Use-After-Free, [zdt] WebKit - WebCore::AccessibilityRenderObject::handleAriaExpandedChanged Use-After-Free Exploit, [seebug] WebKit: use-after-free in WebCore::AccessibilityRenderObject::handleAriaExpandedChanged(CVE-2017-7043))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7043 was patched at 2024-05-15

87. Remote Code Execution - Safari (CVE-2017-7049) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit - WebCore::RenderSearchField::addSearchResult Heap Buffer Overflow Exploit, [seebug] WebKit: heap-buffer-overflow in WebCore::RenderSearchField::addSearchResult(CVE-2017-7049), [packetstorm] WebKit WebCore::RenderSearchField::addSearchResult Heap Buffer Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7049 was patched at 2024-05-15

88. Remote Code Execution - Safari (CVE-2017-7081) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKitGTK+ Code Execution / Cookie Handling / Memory Corruption Vulnerabilities)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7081 was patched at 2024-05-15

89. Remote Code Execution - Safari (CVE-2017-7094) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKitGTK+ Code Execution / Cookie Handling / Memory Corruption Vulnerabilities)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7094 was patched at 2024-05-15

90. Remote Code Execution - Safari (CVE-2017-7099) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKitGTK+ Code Execution / Cookie Handling / Memory Corruption Vulnerabilities)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7099 was patched at 2024-05-15

91. Remote Code Execution - Safari (CVE-2018-4089) - Critical [621]

Description: An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. Safari before 11.0.3 is affected. tvOS before 11.2.5 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit - detachWrapper Use-After-Free Exploit, [zdt] WebKitGTK+ Memory Corruption / Spoofing / Code Execution Vulnerabilities)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-4089 was patched at 2024-05-15

92. Remote Code Execution - Samba (CVE-2009-1886) - Critical [621]

Description: Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Samba格式串和安全绕过漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1886 was patched at 2024-05-15

93. Remote Code Execution - Windows Remote Desktop Protocol (CVE-2008-1802) - Critical [621]

Description: Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] rdesktoppdu-overflow.txt, [seebug] rdesktop多个缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Windows component
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1802 was patched at 2024-05-15

94. Authentication Bypass - OpenSSH (CVE-2006-5794) - Critical [617]

Description: Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed that this issue is only exploitable by leveraging vulnerabilities in the unprivileged process, which are not known to exist.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object) website
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5794 was patched at 2024-05-15

95. Remote Code Execution - Babel (CVE-2022-41793) - Critical [616]

Description: An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-41793 was patched at 2024-05-15

96. Remote Code Execution - Babel (CVE-2022-42885) - Critical [616]

Description: A use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-42885 was patched at 2024-05-15

97. Remote Code Execution - Babel (CVE-2022-43467) - Critical [616]

Description: An out-of-bounds write vulnerability exists in the PQS format coord_file functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-43467 was patched at 2024-05-15

98. Remote Code Execution - Babel (CVE-2022-44451) - Critical [616]

Description: A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-44451 was patched at 2024-05-15

99. Remote Code Execution - Babel (CVE-2022-46280) - Critical [616]

Description: A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-46280 was patched at 2024-05-15

100. Remote Code Execution - Babel (CVE-2022-46289) - Critical [616]

Description: Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.nAtoms calculation wrap-around, leading to a small buffer allocation

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-46289 was patched at 2024-05-15

101. Remote Code Execution - Babel (CVE-2022-46290) - Critical [616]

Description: Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.The loop that stores the coordinates does not check its index against nAtoms

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-46290 was patched at 2024-05-15

102. Remote Code Execution - Babel (CVE-2022-46292) - Critical [616]

Description: Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC file format, inside the Unit Cell Translation section

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-46292 was patched at 2024-05-15

103. Remote Code Execution - Babel (CVE-2022-46293) - Critical [616]

Description: Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC file format, inside the Final Point and Derivatives section

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-46293 was patched at 2024-05-15

104. Remote Code Execution - Babel (CVE-2022-46294) - Critical [616]

Description: Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC Cartesian file format

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-46294 was patched at 2024-05-15

105. Remote Code Execution - Babel (CVE-2022-46295) - Critical [616]

Description: Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the Gaussian file format

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-46295 was patched at 2024-05-15

106. Remote Code Execution - FFmpeg (CVE-2009-4633) - Critical [616]

Description: vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg多个媒体文件解析拒绝服务和代码执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4633 was patched at 2024-05-15

107. Remote Code Execution - FFmpeg (CVE-2009-4634) - Critical [616]

Description: Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg多个媒体文件解析拒绝服务和代码执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4634 was patched at 2024-05-15

108. Remote Code Execution - FFmpeg (CVE-2009-4637) - Critical [616]

Description: FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg多个媒体文件解析拒绝服务和代码执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4637 was patched at 2024-05-15

109. Remote Code Execution - FFmpeg (CVE-2016-10192) - Critical [616]

Description: Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg Heap Overflow vulnerability (CVE-2016-10190))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10192 was patched at 2024-05-15

110. Security Feature Bypass - PHP (CVE-2021-43617) - Critical [615]

Description: {'vulners_cve_data_all': 'Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43617 was patched at 2024-05-15

111. Remote Code Execution - Sudo (CVE-2012-0809) - Critical [614]

Description: Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] sudo 1.8.0 1.8.3p1 - sudo_debug glibc FORTIFY_SOURCE Bypass + Privilege Escalation, [zdt] Sudo v1.8.0-1.8.3p1 (sudo_debug) - Root Exploit, [seebug] sudo 1.8.0-1.8.3p1 (sudo_debug) - Root Exploit + glibc FORTIFY_SOURCE Bypass, [exploitdb] sudo 1.8.0 < 1.8.3p1 - 'sudo_debug' glibc FORTIFY_SOURCE Bypass + Privilege Escalation)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0809 was patched at 2024-05-15

112. Remote Code Execution - Windows LDAP (CVE-2021-42550) - Critical [614]

Description: In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.710CVSS Base Score is 6.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42550 was patched at 2024-05-15

113. Denial of Service - Unknown Product (CVE-2024-0911) - Critical [613]

Description: {'vulners_cve_data_all': 'A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-0911 was patched at 2024-05-15

114. Elevation of Privilege - Linux Kernel (CVE-2022-1043) - Critical [611]

Description: A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] io_uring Same Type Object Reuse Privilege Escalation Exploit, [metasploit] io_uring Same Type Object Reuse Priv Esc, [packetstorm] io_uring Same Type Object Reuse Privilege Escalation)
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1043 was patched at 2024-05-15

115. Remote Code Execution - APT (CVE-2007-4629) - Critical [609]

Description: Buffer overflow in the processLine function in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MapServer远程栈溢出及跨站脚本漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4629 was patched at 2024-05-15

116. Remote Code Execution - Adobe Reader (CVE-2006-3459) - Critical [609]

Description: Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Adobe Reader和Acrobat TIFF图像处理缓冲区溢出漏洞, [seebug] Libtiff图形库多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage Portable Document Format files
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3459 was patched at 2024-05-15

117. Remote Code Execution - GNU C Library (CVE-2003-0028) - Critical [609]

Description: Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: CMSD_XDRARRAY, [canvas] Immunity Canvas: TTDB_XDRARRAY)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0028 was patched at 2024-05-15

118. Remote Code Execution - Mozilla Firefox (CVE-2006-4253) - Critical [609]

Description: Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4253 was patched at 2024-05-15

119. Remote Code Execution - OpenSSH (CVE-2019-16905) - Critical [609]

Description: OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16905 was patched at 2024-05-15

120. Remote Code Execution - OpenSSL (CVE-2002-0656) - Critical [609]

Description: Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitdb] OpenSSL SSLv2 - Malformed Client Key Remote Buffer Overflow Vulnerability 2, [canvas] Immunity Canvas: OPENSSL_KEYLEN)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0656 was patched at 2024-05-15

121. Remote Code Execution - PHP (CVE-2011-4899) - Critical [609]

Description: wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static code injection and cross-site scripting (XSS) attacks via (1) an HTTP request or (2) a MySQL query. NOTE: the vendor disputes the significance of this issue; however, remote code execution makes the issue important in many realistic environments

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Elipse E3 Scada PLC Denial Of Service, [packetstorm] WordPress 3.3.1 Code Execution / Cross Site Scripting, [seebug] wordpress <= 3.3.1 - Multiple Vulnerabilities, [seebug] WordPress 3.3.1 Code Execution / Cross Site Scripting, [exploitpack] WordPress 3.3.1 - Multiple Vulnerabilities, [exploitdb] WordPress Core 3.3.1 - Multiple Vulnerabilities)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4899 was patched at 2024-05-15

122. Remote Code Execution - Safari (CVE-2018-4192) - Critical [609]

Description: An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a race condition.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] JavaScript Core - Arbitrary Code Execution Exploit, [packetstorm] JavaScript Core Arbitrary Code Execution)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-4192 was patched at 2024-05-15

123. Remote Code Execution - Safari (CVE-2020-15138) - Critical [609]

Description: Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Cross-site Scripting in Prismjs Previewers)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15138 was patched at 2024-05-15

124. Remote Code Execution - Samba (CVE-2007-0454) - Critical [609]

Description: Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Samba服务器VFS插件afsacl.so远程格式串处理漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0454 was patched at 2024-05-15

125. Authentication Bypass - Chromium (CVE-2021-30617) - Critical [605]

Description: {'vulners_cve_data_all': 'Chromium: CVE-2021-30617 Policy bypass in Blink', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object) website
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30617 was patched at 2024-05-15

126. Authentication Bypass - OpenSSL (CVE-2016-7054) - Critical [605]

Description: {'vulners_cve_data_all': 'In OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] OpenSSL 1.1.0a/1.1.0b - Denial of Service Exploit, [exploitpack] OpenSSL 1.1.0a1.1.0b - Denial of Service, [exploitdb] OpenSSL 1.1.0a/1.1.0b - Denial of Service)
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7054 was patched at 2024-05-15

127. Authentication Bypass - Samba (CVE-2022-32743) - Critical [605]

Description: {'vulners_cve_data_all': 'Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-32743 was patched at 2024-05-15

128. Code Injection - PHP (CVE-2005-2612) - Critical [604]

Description: Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WordPress cache_lastpostdate Arbitrary Code Execution, [packetstorm] WordPress cache_lastpostdate Arbitrary Code Execution)
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2612 was patched at 2024-05-15

129. Code Injection - PHP (CVE-2009-1285) - Critical [604]

Description: Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin配置文件PHP代码注入漏洞, [seebug] CVE-2009-1285: phpMyAdmin Code Injection)
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1285 was patched at 2024-05-15

130. Command Injection - OpenSSH (CVE-2020-15778) - Critical [604]

Description: scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for OS Command Injection in Openbsd Openssh, [githubexploit] Exploit for OS Command Injection in Openbsd Openssh)
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2020-15778 was patched at 2024-05-22

debian: CVE-2020-15778 was patched at 2024-05-15

oraclelinux: CVE-2020-15778 was patched at 2024-05-23

redhat: CVE-2020-15778 was patched at 2024-05-22

131. Remote Code Execution - FFmpeg (CVE-2008-3162) - Critical [604]

Description: Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3162 was patched at 2024-05-15

132. Remote Code Execution - FFmpeg (CVE-2009-0385) - Critical [604]

Description: Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg 4xm文件解析内存破坏漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0385 was patched at 2024-05-15

133. Remote Code Execution - FFmpeg (CVE-2009-4631) - Critical [604]

Description: Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg多个媒体文件解析拒绝服务和代码执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4631 was patched at 2024-05-15

134. Remote Code Execution - FFmpeg (CVE-2009-4635) - Critical [604]

Description: FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg多个媒体文件解析拒绝服务和代码执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4635 was patched at 2024-05-15

135. XXE Injection - Safari (CVE-2009-1699) - Critical [604]

Description: The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: SAFARI_FILE_STEALING2, [seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1699 was patched at 2024-05-15

136. Incorrect Calculation - FreeRDP (CVE-2024-32040) - Critical [600]

Description: {'vulners_cve_data_all': 'FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.614FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32040 was patched at 2024-05-15

ubuntu: CVE-2024-32040 was patched at 2024-04-24

137. Memory Corruption - FreeRDP (CVE-2024-32460) - Critical [600]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32460 was patched at 2024-05-15

ubuntu: CVE-2024-32460 was patched at 2024-04-24

138. Remote Code Execution - Perl (CVE-2011-2764) - Critical [600]

Description: The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dangerous file extensions, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Quake 3 Shell Injection / Code Execution)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2764 was patched at 2024-05-15

139. Remote Code Execution - Redis (CVE-2016-8339) - Critical [600]

Description: A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Redis CONFIG SET client-output-buffer-limit command Code Execution Vulnerability(CVE-2016-8339))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-8339 was patched at 2024-05-15

140. Remote Code Execution - Redis (CVE-2021-33026) - Critical [600]

Description: The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redis, etc.), they can construct a crafted payload, poison the cache, and execute Python code. NOTE: a third party indicates that exploitation is extremely unlikely unless the machine is already compromised; in other cases, the attacker would be unable to write their payload to the cache and generate the required collision

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Deserialization of Untrusted Data in Flask-Caching Project Flask-Caching)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33026 was patched at 2024-05-15

141. Remote Code Execution - Roundcube (CVE-2008-5619) - Critical [600]

Description: html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Roundcube Webmail 0.2-3 Beta - Code Execution, [exploitpack] Roundcube Webmail 0.2b - Remote Code Execution, [packetstorm] RoundCube Webmail 0.2b Remote Code Execution, [packetstorm] RoundCube Webmail 0.2-3 Beta Code Execution, [seebug] RoundCube Webmail <= 0.2-3 beta Code Execution Vulnerability, [seebug] RoundCube Webmail <= 0.2b Remote Code Execution Exploit, [seebug] RoundCube Webmail <= 0.2-3 beta Code Execution Vulnerability, [seebug] RoundCube Webmail <= 0.2b Remote Code Execution Exploit, [dsquare] Roundcube 0.2beta RCE, [canvas] Immunity Canvas: ROUNDCUBE, [exploitdb] Roundcube Webmail 0.2b - Remote Code Execution, [exploitdb] Roundcube Webmail 0.2-3 Beta - Code Execution)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5619 was patched at 2024-05-15

High (1129)

142. Remote Code Execution - GNOME desktop (CVE-2008-5987) - High [597]

Description: Untrusted search path vulnerability in the Python interface in Eye of GNOME (eog) 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] XChat PySys_SetArgv函数命令执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5987 was patched at 2024-05-15

143. Remote Code Execution - PHP (CVE-2007-1001) - High [597]

Description: Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Mac OS X 2007-007更新修复多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1001 was patched at 2024-05-15

144. Path Traversal - Windows Kernel (CVE-2009-0841) - High [596]

Description: Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MapServer mapserv程序多个远程安全漏洞)
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0841 was patched at 2024-05-15

145. Security Feature Bypass - Linux Kernel (CVE-2018-14656) - High [596]

Description: {'vulners_cve_data_all': 'A missing address check in the callers of the show_opcodes() in the Linux kernel allows an attacker to dump the kernel memory at an arbitrary kernel address into the dmesg log.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: DMESG_LEAK)
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14656 was patched at 2024-05-15

146. Authentication Bypass - OpenSSH (CVE-2023-51767) - High [594]

Description: OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51767 was patched at 2024-05-15

147. Command Injection - Python (CVE-2017-2810) - High [594]

Description: {'vulners_cve_data_all': 'An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Tablib Yaml Load Code Execution Vulnerability(CVE-2017-2810))
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2810 was patched at 2024-05-15

148. Remote Code Execution - Apache Tomcat (CVE-2007-0774) - High [592]

Description: Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([d2] DSquare Exploit Pack: D2SEC_MOD_JK, [saint] Apache Tomcat JK Web Server Connector URI worker map buffer overflow, [saint] Apache Tomcat JK Web Server Connector URI worker map buffer overflow, [saint] Apache Tomcat JK Web Server Connector URI worker map buffer overflow, [saint] Apache Tomcat JK Web Server Connector URI worker map buffer overflow, [packetstorm] apache_modjk_overflow.rb.txt)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0774 was patched at 2024-05-15

149. Remote Code Execution - Curl (CVE-2013-0249) - High [592]

Description: Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] cURL Buffer Overflow, [seebug] cURL Buffer Overflow Vulnerability, [zdt] cURL Buffer Overflow Vulnerability, [exploitpack] cURL - Buffer Overflow (PoC), [exploitdb] cURL - Buffer Overflow (PoC))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0249 was patched at 2024-05-15

150. Remote Code Execution - iOS (CVE-2012-6096) - High [592]

Description: Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Nagios3 history.cgi Host Command Execution, [packetstorm] Nagios 3.x Remote Command Execution, [seebug] Nagios 3.x Remote Command Execution(CVE-2012-6096), [seebug] Nagios history.cgi Remote Command Execution Vulnerability, [saint] Nagios 3 history.cgi Command Injection, [saint] Nagios 3 history.cgi Command Injection, [saint] Nagios 3 history.cgi Command Injection, [saint] Nagios 3 history.cgi Command Injection, [exploitpack] Nagios3 - history.cgi Remote Command Execution, [exploitpack] Nagios-history.cgi-Exec-Code, [exploitdb] Nagios3 - 'history.cgi' Remote Command Execution)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6096 was patched at 2024-05-15

151. Security Feature Bypass - BIND (CVE-2024-3044) - High [592]

Description: {'vulners_cve_data_all': 'Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3044 was patched at 2024-05-15

redos: CVE-2024-3044 was patched at 2024-05-29

ubuntu: CVE-2024-3044 was patched at 2024-05-28

152. XXE Injection - PHP (CVE-2011-4107) - High [592]

Description: The simplexml_load_string function in the XML import plug-in (libraries/import/xml.php) in phpMyAdmin 3.4.x before 3.4.7.1 and 3.3.x before 3.3.10.5 allows remote authenticated users to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] phpMyAdmin 3.3.x / 3.4.x Local File Inclusion Via XXE Injection, [exploitpack] phpMyAdmin 3.3.x3.4.x - Local File Inclusion via XML External Entity Injection (Metasploit), [seebug] phpMyAdmin 3.3.X and 3.4.X - Local File Inclusion via XXE Injection, [seebug] phpMyAdmin 3.3.x & 3.4.x - Local File Inclusion via XXE Injection, [exploitdb] phpMyAdmin 3.3.x/3.4.x - Local File Inclusion via XML External Entity Injection (Metasploit))
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4107 was patched at 2024-05-15

153. Remote Code Execution - Linux Kernel (CVE-2012-3364) - High [590]

Description: Multiple stack-based buffer overflows in the Near Field Communication Controller Interface (NCI) in the Linux kernel before 3.4.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via incoming frames with crafted length fields.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Linux Kernel NCI多个远程栈缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3364 was patched at 2024-05-15

154. Remote Code Execution - Unknown Product (CVE-2023-44452) - High [589]

Description: {'vulners_cve_data_all': 'Linux Mint Xreader CBT File Parsing Argument Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CBT files. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22132.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

redos: CVE-2023-44452 was patched at 2024-04-18

155. Remote Code Execution - DirectX (CVE-2010-3275) - High [588]

Description: libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an AMV file, related to a "dangling pointer vulnerability."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] VLC AMV Dangling Pointer Vulnerability, [seebug] VLC Media Player ".AMV"和".NSV"多个远程缓冲区溢出漏洞, [packetstorm] VLC AMV Dangling Pointer Vulnerability, [metasploit] VLC AMV Dangling Pointer Vulnerability, [exploitdb] VideoLAN VLC Media Player 1.1.4 - 'AMV' Dangling Pointer (Metasploit))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614DirectX
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3275 was patched at 2024-05-15

156. Remote Code Execution - DirectX (CVE-2010-3276) - High [588]

Description: libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows remote attackers to execute arbitrary code via a crafted width in an NSV file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] VLC Media Player ".AMV"和".NSV"多个远程缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614DirectX
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3276 was patched at 2024-05-15

157. Remote Code Execution - ImageMagick (CVE-2007-4987) - High [588]

Description: Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ImageMagick blob.c文件单字节缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4987 was patched at 2024-05-15

158. Remote Code Execution - Perl (CVE-2008-2363) - High [588]

Description: The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Pan .nzb文件解析堆溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2363 was patched at 2024-05-15

159. Remote Code Execution - Python (CVE-2009-3850) - High [588]

Description: Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Blender 2.342.35a2.42.49b - .blend Command Injection, [packetstorm] Core Security Technologies Advisory 2009.0912, [seebug] Blender 2.34 2.35a 2.4 2.49b .blend File Command Injection, [seebug] Blender 2.34, 2.35a, 2.4, 2.49b .blend File Command Injection, [seebug] Blender 2.34 2.35a 2.4 2.49b .blend File Command Injection, [exploitdb] Blender 2.34/2.35a/2.4/2.49b - '.blend' Command Injection)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3850 was patched at 2024-05-15

160. Remote Code Execution - Redis (CVE-2022-31144) - High [588]

Description: Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Out-of-bounds Write in Redis)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-31144 was patched at 2024-05-15

161. Remote Code Execution - Wireshark (CVE-2009-4376) - High [588]

Description: Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Wireshark 1.2.5版本修复多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4376 was patched at 2024-05-15

162. Remote Code Execution - Wireshark (CVE-2011-1591) - High [588]

Description: Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Wireshark 1.4.4 DECT Dissector Buffer Overflow, [packetstorm] Wireshark 1.4.4 packet-dect.c Stack Buffer Overflow, [packetstorm] Wireshark 1.4.4 Remote Stack Buffer Overflow, [packetstorm] Wireshark 1.4.4 Local Stack Buffer Overflow, [saint] Wireshark DECT Dissector PCAP File Processing Overflow, [saint] Wireshark DECT Dissector Remote Stack Buffer Overflow, [saint] Wireshark DECT Dissector Remote Stack Buffer Overflow, [saint] Wireshark DECT Dissector PCAP File Processing Overflow, [saint] Wireshark DECT Dissector Remote Stack Buffer Overflow, [saint] Wireshark DECT Dissector Remote Stack Buffer Overflow, [saint] Wireshark DECT Dissector PCAP File Processing Overflow, [saint] Wireshark DECT Dissector PCAP File Processing Overflow, [canvas] Immunity Canvas: WIRESHARK_DECT)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1591 was patched at 2024-05-15

163. Authentication Bypass - Unknown Product (CVE-2023-22602) - High [585]

Description: {'vulners_cve_data_all': 'When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass.\n\nThe authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching.\nMitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher`\n\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22602 was patched at 2024-05-15

164. Denial of Service - Linux Kernel (CVE-2011-2189) - High [584]

Description: net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does not properly handle a high rate of creation and cleanup of network namespaces, which makes it easier for remote attackers to cause a denial of service (memory consumption) via requests to a daemon that requires a separate namespace per connection, as demonstrated by vsftpd.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object) website
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2189 was patched at 2024-05-15

165. Security Feature Bypass - Linux Kernel (CVE-2021-4148) - High [584]

Description: {'vulners_cve_data_all': 'A vulnerability was found in the Linux kernel's block_invalidatepage in fs/buffer.c in the filesystem. A missing sanity check may allow a local attacker with user privilege to cause a denial of service (DOS) problem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4148 was patched at 2024-05-15

166. Code Injection - PHP (CVE-2022-23808) - High [580]

Description: An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Cross-site Scripting in Phpmyadmin)
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-23808 was patched at 2024-05-15

167. Remote Code Execution - BIND (CVE-2009-0317) - High [580]

Description: Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] XChat PySys_SetArgv函数命令执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0317 was patched at 2024-05-15

168. Remote Code Execution - FFmpeg (CVE-2010-3429) - High [580]

Description: flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an "arbitrary offset dereference vulnerability."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg libavcodec "vmd decode()"堆缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3429 was patched at 2024-05-15

169. Remote Code Execution - FFmpeg (CVE-2010-3908) - High [580]

Description: FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed WMV file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg畸形".wmv"文件解析内存破坏远程代码执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3908 was patched at 2024-05-15

170. Remote Code Execution - FFmpeg (CVE-2011-0722) - High [580]

Description: FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg Real Media文件解析内存破坏远程代码执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0722 was patched at 2024-05-15

171. Remote Code Execution - FFmpeg (CVE-2011-0723) - High [580]

Description: FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg畸形"VC1"文件解析内存破坏远程代码执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0723 was patched at 2024-05-15

172. Remote Code Execution - FFmpeg (CVE-2012-0859) - High [580]

Description: The render_line function in the vorbis codec (vorbis.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Vorbis file, related to a large multiplier. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3893.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Google Chrome 15.x MKV和Vorbis媒体处理漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0859 was patched at 2024-05-15

173. Remote Code Execution - vim (CVE-2009-0316) - High [580]

Description: Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Vim PySys_SetArgv函数本地命令执行漏洞, [seebug] XChat PySys_SetArgv函数命令执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Vim is a free and open-source, screen-based text editor program
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0316 was patched at 2024-05-15

174. Security Feature Bypass - Google Chrome (CVE-2021-30531) - High [579]

Description: Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30531 was patched at 2024-05-15

175. Security Feature Bypass - Google Chrome (CVE-2021-30534) - High [579]

Description: Insufficient policy enforcement in iFrameSandbox in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30534 was patched at 2024-05-15

176. Security Feature Bypass - Google Chrome (CVE-2021-30540) - High [579]

Description: {'vulners_cve_data_all': 'Incorrect security UI in payments in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform domain spoofing via a crafted HTML page.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30540 was patched at 2024-05-15

177. Remote Code Execution - Perl (CVE-2004-1388) - High [576]

Description: Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Berlios GPSD Format String Vulnerability, [canvas] Immunity Canvas: GPSD)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1388 was patched at 2024-05-15

178. Remote Code Execution - Perl (CVE-2008-2371) - High [576]

Description: Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] PCRE pcre_compile.c文件堆溢出漏洞, [seebug] PCRE 规则表达式堆缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2371 was patched at 2024-05-15

179. Remote Code Execution - Perl (CVE-2013-0333) - High [576]

Description: lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Ruby on Rails JSON Processor YAML Deserialization Code Execution, [packetstorm] Ruby On Rails XML Processor YAML Deserialization Code Execution, [seebug] Ruby on Rails 'convert_json_to_yaml()'方法安全漏洞, [seebug] Ruby on Rails XML Processor YAML Deserialization Code Execution, [seebug] Ruby on Rails JSON Processor YAML Deserialization Code Execution, [metasploit] Ruby on Rails XML Processor YAML Deserialization Code Execution, [metasploit] Ruby on Rails JSON Processor YAML Deserialization Scanner, [metasploit] Ruby on Rails XML Processor YAML Deserialization Scanner, [metasploit] Ruby on Rails JSON Processor YAML Deserialization Code Execution, [saint] Ruby on Rails XML Processor YAML Deserialization, [saint] Ruby on Rails XML Processor YAML Deserialization, [saint] Ruby on Rails XML Processor YAML Deserialization, [saint] Ruby on Rails XML Processor YAML Deserialization, [zdt] Ruby On Rails XML Processor YAML Deserialization Code Execution, [zdt] Action Pack Multiple Vulnerabilities, [exploitdb] Ruby on Rails - XML Processor YAML Deserialization Code Execution (Metasploit), [exploitdb] Ruby on Rails - JSON Processor YAML Deserialization Code Execution (Metasploit))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0333 was patched at 2024-05-15

180. Remote Code Execution - Perl (CVE-2013-1800) - High [576]

Description: The crack gem 0.3.1 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([metasploit] Ruby on Rails XML Processor YAML Deserialization Code Execution, [metasploit] Ruby on Rails JSON Processor YAML Deserialization Scanner, [metasploit] Ruby on Rails XML Processor YAML Deserialization Scanner, [metasploit] Ruby on Rails JSON Processor YAML Deserialization Code Execution, [packetstorm] Ruby On Rails XML Processor YAML Deserialization Code Execution, [packetstorm] Ruby on Rails JSON Processor YAML Deserialization Code Execution, [seebug] Ruby on Rails XML Processor YAML Deserialization Code Execution, [seebug] Ruby on Rails JSON Processor YAML Deserialization Code Execution, [saint] Ruby on Rails XML Processor YAML Deserialization, [saint] Ruby on Rails XML Processor YAML Deserialization, [saint] Ruby on Rails XML Processor YAML Deserialization, [saint] Ruby on Rails XML Processor YAML Deserialization, [zdt] Ruby On Rails XML Processor YAML Deserialization Code Execution, [zdt] Action Pack Multiple Vulnerabilities, [exploitdb] Ruby on Rails - XML Processor YAML Deserialization Code Execution (Metasploit), [exploitdb] Ruby on Rails - JSON Processor YAML Deserialization Code Execution (Metasploit))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1800 was patched at 2024-05-15

181. Remote Code Execution - Perl (CVE-2013-1802) - High [576]

Description: The extlib gem 0.9.15 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion, a similar vulnerability to CVE-2013-0156.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([metasploit] Ruby on Rails XML Processor YAML Deserialization Code Execution, [metasploit] Ruby on Rails JSON Processor YAML Deserialization Scanner, [metasploit] Ruby on Rails XML Processor YAML Deserialization Scanner, [metasploit] Ruby on Rails JSON Processor YAML Deserialization Code Execution, [packetstorm] Ruby On Rails XML Processor YAML Deserialization Code Execution, [packetstorm] Ruby on Rails JSON Processor YAML Deserialization Code Execution, [seebug] Ruby on Rails XML Processor YAML Deserialization Code Execution, [seebug] Ruby on Rails JSON Processor YAML Deserialization Code Execution, [saint] Ruby on Rails XML Processor YAML Deserialization, [saint] Ruby on Rails XML Processor YAML Deserialization, [saint] Ruby on Rails XML Processor YAML Deserialization, [saint] Ruby on Rails XML Processor YAML Deserialization, [zdt] Ruby On Rails XML Processor YAML Deserialization Code Execution, [zdt] Action Pack Multiple Vulnerabilities, [exploitdb] Ruby on Rails - XML Processor YAML Deserialization Code Execution (Metasploit), [exploitdb] Ruby on Rails - JSON Processor YAML Deserialization Code Execution (Metasploit))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1802 was patched at 2024-05-15

182. Remote Code Execution - Roundcube (CVE-2016-9920) - High [576]

Description: steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Roundcube 1.2.2: Command Execution via Email)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9920 was patched at 2024-05-15

183. Unknown Vulnerability Type - Jetty (CVE-2021-34429) - High [576]

Description: {'vulners_cve_data_all': 'For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Jetty is a Java based web server and servlet engine
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-34429 was patched at 2024-05-15

184. Code Injection - QEMU (CVE-2017-8284) - High [575]

Description: {'vulners_cve_data_all': 'The disas_insn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size, which allows local users to gain privileges by creating a modified basic block that injects code into a setuid program, as demonstrated by procmail. NOTE: the vendor has stated "this bug does not violate any security guarantees QEMU makes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8284 was patched at 2024-05-15

185. Security Feature Bypass - iOS (CVE-2014-2913) - High [575]

Description: {'vulners_cve_data_all': 'Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] NRPE 2.15 Remote Command Execution, [seebug] NRPE 2.15 - Remote Code Execution Vulnerability, [exploitpack] NRPE 2.15 - Remote Code Execution, [zdt] NRPE 2.15 - Remote Code Execution Vulnerability, [exploitdb] NRPE 2.15 - Remote Code Execution)
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2913 was patched at 2024-05-15

186. Remote Code Execution - Mozilla Firefox (CVE-2006-0295) - High [573]

Description: Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Firefox location.QueryInterface() Code Execution, [packetstorm] firefox_queryinterface_mac.pm.txt, [packetstorm] firefox_queryinterface.pm.txt, [saint] Mozilla Firefox QueryInterface method memory corruption, [saint] Mozilla Firefox QueryInterface method memory corruption, [saint] Mozilla Firefox QueryInterface method memory corruption, [saint] Mozilla Firefox QueryInterface method memory corruption)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0295 was patched at 2024-05-15

187. Authentication Bypass - Apache ActiveMQ (CVE-2014-3612) - High [572]

Description: The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6524 for the use of wildcard operators in usernames.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Apache ActiveMQ 5.0.0 - 5.10.0 JAAS LDAPLoginModule empty password authentication Vulnerability)
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.614Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3612 was patched at 2024-05-15

188. Authentication Bypass - Python (CVE-2013-1895) - High [572]

Description: The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Python 'py-bcrypt' 模块身份验证绕过漏洞(CVE-2013-1895))
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1895 was patched at 2024-05-15

189. Denial of Service - Linux Kernel (CVE-2017-16996) - High [572]

Description: kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Linux Kernel >= 4.9 eBPF memory corruption bugs Vulnerability)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16996 was patched at 2024-05-15

190. Denial of Service - Linux Kernel (CVE-2017-5972) - High [572]

Description: The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of service (CPU consumption) by sending many TCP SYN packets, as demonstrated by an attack against the kernel-3.10.0 package in CentOS Linux 7. NOTE: third parties have been unable to discern any relationship between the GitHub Engineering finding and the Trigemini.c attack code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Linux Kernel 3.10.0 (CentOS7) Denial Of Service Exploit, [packetstorm] CentOS7 Kernel Denial Of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5972 was patched at 2024-05-15

191. Information Disclosure - Linux Kernel (CVE-2018-7273) - High [572]

Description: {'vulners_cve_data_all': 'In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function show_floppy in drivers/block/floppy.c. An attacker can read this information from dmesg and use the addresses to find the locations of kernel code and data and bypass kernel security protections such as KASLR.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Linux Kernel show_floppy KASLR Address Leak, [zdt] Linux Kernel < 4.15.4 - show_floppy KASLR Address Leak Exploit)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7273 was patched at 2024-05-15

192. Information Disclosure - Linux Kernel (CVE-2022-4543) - High [572]

Description: {'vulners_cve_data_all': 'A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Linux Linux Kernel)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-4543 was patched at 2024-05-15

193. Remote Code Execution - Cacti (CVE-2023-39358) - High [571]

Description: Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `reports_user.php` file. In `ajax_get_branches`, the `tree_id` parameter is passed to the `reports_get_branch_select` function without any validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39358 was patched at 2024-05-15

194. Remote Code Execution - Cacti (CVE-2024-31445) - High [571]

Description: Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, a SQL injection vulnerability in `automation_get_new_graphs_sql` function of `api_automation.php` allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. In `api_automation.php` line 856, the `get_request_var('filter')` is being concatenated into the SQL statement without any sanitization. In `api_automation.php` line 717, The filter of `'filter'` is `FILTER_DEFAULT`, which means there is no filter for it. Version 1.2.27 contains a patch for the issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31445 was patched at 2024-05-15

195. Remote Code Execution - TRIE (CVE-2022-2566) - High [571]

Description: A heap out-of-bounds memory write exists in FFMPEG since version 5.1. The size calculation in `build_open_gop_key_points()` goes through all entries in the loop and adds `sc->ctts_data[i].count` to `sc->sample_offsets_count`. This can lead to an integer overflow resulting in a small allocation with `av_calloc()`. An attacker can cause remote code execution via a malicious mp4 file. We recommend upgrading past commit c953baa084607dd1d84c3bfcce3cf6a87c3e6e05

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2566 was patched at 2024-05-15

196. Code Injection - Perl (CVE-2011-2506) - High [570]

Description: setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly restrict the presence of comment closing delimiters, which allows remote attackers to conduct static code injection attacks by leveraging the ability to modify the SESSION superglobal array.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin3 (pma3) Remote Code Execution Exploit, [seebug] phpMyAdmin 3.x Swekey Remote Code Injection Exploit, [seebug] phpMyAdmin 3.x 多个安全漏洞, [seebug] phpMyAdmin 3.x Multiple Remote Code Executions, [packetstorm] phpMyAdmin 3.x Swekey Remote Code Injection, [packetstorm] phpMyAdmin3 Remote Code Execution, [packetstorm] phpMyAdmin 3.x Remote Code Execution, [exploitpack] phpMyAdmin 3.x - Swekey Remote Code Injection, [exploitpack] phpMyAdmin3 (pma3) - Remote Code Execution, [dsquare] Phpmyadmin 3.x RCE, [exploitdb] phpMyAdmin 3.x - Swekey Remote Code Injection, [exploitdb] phpMyAdmin3 (pma3) - Remote Code Execution)
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2506 was patched at 2024-05-15

197. Arbitrary File Reading - PHP (CVE-2014-2383) - High [567]

Description: dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([wpexploit] Multiple plugins - Unauthenticated Dompdf Local File Inclusion (LFI), [exploitpack] dompdf 0.6.0 - dompdf.php?read Arbitrary File Read, [zdt] dompdf 0.6.0 Arbitrary File Read Vulnerability, [packetstorm] dompdf 0.6.0 Arbitrary File Read, [seebug] dompdf 0.6.0 (dompdf.php, read param) - Arbitrary File Read, [exploitdb] dompdf 0.6.0 - 'dompdf.php?read' Arbitrary File Read)
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2383 was patched at 2024-05-15

198. Information Disclosure - Safari (CVE-2009-1718) - High [567]

Description: WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1718 was patched at 2024-05-15

199. Elevation of Privilege - BIND (CVE-2019-2025) - High [566]

Description: In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-116855682References: Upstream kernel

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Android - binder Use-After-Free via racy Initialization of ->allow_user_free Exploit)
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-2025 was patched at 2024-05-15

200. Remote Code Execution - Perl (CVE-2012-4409) - High [564]

Description: Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] mcrypt 2.5.8 Stack Based Overflow, [exploitpack] mcrypt 2.5.8 - Local Stack Overflow, [seebug] mcrypt <= 2.5.8 Stack Based Overflow, [exploitdb] mcrypt 2.5.8 - Local Stack Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4409 was patched at 2024-05-15

201. Remote Code Execution - Python (CVE-2008-5984) - High [564]

Description: Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Dia Python插件使用不安全搜索路径漏洞, [seebug] XChat PySys_SetArgv函数命令执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5984 was patched at 2024-05-15

202. Remote Code Execution - Python (CVE-2008-5985) - High [564]

Description: Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Epiphany PySys_SetArgv函数命令执行漏, [seebug] XChat PySys_SetArgv函数命令执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5985 was patched at 2024-05-15

203. Remote Code Execution - Python (CVE-2008-5986) - High [564]

Description: Untrusted search path vulnerability in the (1) "VST plugin with Python scripting" and (2) "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] XChat PySys_SetArgv函数命令执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5986 was patched at 2024-05-15

204. Remote Code Execution - Python (CVE-2009-0314) - High [564]

Description: Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] gedit PySys_SetArgv函数代码执行漏洞, [seebug] XChat PySys_SetArgv函数命令执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0314 was patched at 2024-05-15

205. Remote Code Execution - Python (CVE-2009-0315) - High [564]

Description: Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] XChat PySys_SetArgv函数命令执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0315 was patched at 2024-05-15

206. Remote Code Execution - Python (CVE-2009-0318) - High [564]

Description: Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] XChat PySys_SetArgv函数命令执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0318 was patched at 2024-05-15

207. Remote Code Execution - Python (CVE-2013-5093) - High [564]

Description: The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Graphite Web Unsafe Pickle Handling, [zdt] Graphite Web Unsafe Pickle Handling Exploit)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-5093 was patched at 2024-05-15

208. Remote Code Execution - Python (CVE-2013-5942) - High [564]

Description: Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Graphite Web Unsafe Pickle Handling, [zdt] Graphite Web Unsafe Pickle Handling Exploit)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-5942 was patched at 2024-05-15

209. Security Feature Bypass - iOS (CVE-2023-45857) - High [563]

Description: {'vulners_cve_data_all': 'An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45857 was patched at 2024-05-15

210. Information Disclosure - SQLite (CVE-2021-42523) - High [562]

Description: There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714SQLite is a database engine written in the C programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42523 was patched at 2024-05-15

211. Denial of Service - Windows Kernel (CVE-2008-4609) - High [560]

Description: The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Windows 2000 TCP/IP窗口大小拒绝服务漏洞(MS09-048))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4609 was patched at 2024-05-15

212. Remote Code Execution - Cacti (CVE-2024-31459) - High [559]

Description: Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the `lib/plugin.php` file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the `api_plugin_hook()` function in the `lib/plugin.php` file, which reads the plugin_hooks and plugin_config tables in database. The read data is directly used to concatenate the file path which is used for file inclusion. Version 1.2.27 contains a patch for the issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.810CVSS Base Score is 8.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31459 was patched at 2024-05-15

213. Remote Code Execution - GDI (CVE-2006-0106) - High [559]

Description: gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([saint] Windows WMF handling vulnerability, [saint] Windows WMF handling vulnerability, [saint] Windows WMF handling vulnerability, [saint] Windows WMF handling vulnerability, [canvas] Immunity Canvas: WMF_SETABORT, [packetstorm] Windows XP/2003/Vista Metafile Escape() SetAbortProc Code Execution)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514GDI
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0106 was patched at 2024-05-15

214. Remote Code Execution - Libarchive (CVE-2016-4301) - High [559]

Description: Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Libarchive mtree parse_device Code Execution Vulnerability(CVE-2016-4301))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Multi-format archive and compression library
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4301 was patched at 2024-05-15

215. Remote Code Execution - NetBIOS (CVE-2014-9377) - High [559]

Description: Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Ettercap 0.8.0 / 0.8.1 Denial Of Service, [exploitpack] Ettercap 0.8.0 0.8.1 - Multiple Denial of Service Vulnerabilities, [exploitdb] Ettercap 0.8.0 < 0.8.1 - Multiple Denial of Service Vulnerabilities)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514NetBIOS (Network Basic Input/Output System) is a network service that enables applications on different computers to communicate with each other across a local area network (LAN)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9377 was patched at 2024-05-15

216. Remote Code Execution - TLS (CVE-2006-6170) - High [559]

Description: Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] vd_proftpd.pm.txt, [packetstorm] ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6170 was patched at 2024-05-15

217. Remote Code Execution - TLS (CVE-2017-2784) - High [559]

Description: An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ARM Mbedtls x509 ECDSA invalid public key Remote Code Execution Vulnerability(CVE-2017-2784))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2784 was patched at 2024-05-15

218. Remote Code Execution - TLS (CVE-2021-21374) - High [559]

Description: Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-21374 was patched at 2024-05-15

219. Remote Code Execution - nginx (CVE-2009-2629) - High [559]

Description: Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via crafted HTTP requests.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] nginx HTTP请求远程缓冲区溢出漏洞, [canvas] Immunity Canvas: NGINX)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2629 was patched at 2024-05-15

220. Remote Code Execution - nginx (CVE-2014-0133) - High [559]

Description: Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Nginx SPDY缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0133 was patched at 2024-05-15

221. Security Feature Bypass - Unknown Product (CVE-2023-24023) - High [559]

Description: {'vulners_cve_data_all': 'Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-24023 was patched at 2024-05-22

debian: CVE-2023-24023 was patched at 2024-05-15

oraclelinux: CVE-2023-24023 was patched at 2024-05-02, 2024-05-23

redhat: CVE-2023-24023 was patched at 2024-05-22

ubuntu: CVE-2023-24023 was patched at 2024-04-19, 2024-04-23

222. Command Injection - Python (CVE-2024-23829) - High [558]

Description: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23829 was patched at 2024-05-15

redos: CVE-2024-23829 was patched at 2024-04-23

223. Information Disclosure - Unknown Product (CVE-2021-40402) - High [558]

Description: {'vulners_cve_data_all': 'An out-of-bounds read vulnerability exists in the RS-274X aperture macro multiple outline primitives functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.7.1 and 2.8.0. A specially-crafted Gerber file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40402 was patched at 2024-05-15

224. Security Feature Bypass - Perl (CVE-2018-6829) - High [558]

Description: {'vulners_cve_data_all': 'cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6829 was patched at 2024-05-15

225. Security Feature Bypass - Perl (CVE-2024-1135) - High [558]

Description: {'vulners_cve_data_all': 'Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-1135 was patched at 2024-05-15

redhat: CVE-2024-1135 was patched at 2024-05-22

226. XXE Injection - Perl (CVE-2013-0340) - High [558]

Description: expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0340 was patched at 2024-05-15

227. XXE Injection - Perl (CVE-2024-23525) - High [558]

Description: The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23525 was patched at 2024-05-15

ubuntu: CVE-2024-23525 was patched at 2024-05-09

228. Denial of Service - Binutils (CVE-2017-16830) - High [555]

Description: The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16830 was patched at 2024-05-15

229. Denial of Service - Binutils (CVE-2017-17126) - High [555]

Description: The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17126 was patched at 2024-05-15

230. Denial of Service - Binutils (CVE-2022-47673) - High [555]

Description: An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-47673 was patched at 2024-05-15

231. Denial of Service - Binutils (CVE-2022-47696) - High [555]

Description: An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-47696 was patched at 2024-05-15

232. Denial of Service - GNOME desktop (CVE-2018-11396) - High [555]

Description: ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Epiphany 3.28.2.1 - Denial of Service, [exploitdb] Epiphany 3.28.2.1 - Denial of Service, [packetstorm] Epiphany 3.28.2.1 Denial Of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11396 was patched at 2024-05-15

233. Denial of Service - ICMP (CVE-2016-1879) - High [555]

Description: The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service (assertion failure or NULL pointer dereference and kernel panic) via a crafted ICMPv6 packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] FreeBSD SCTP ICMPv6 - Error Processing, [packetstorm] FreeBSD SCTP ICMPv6 Denial Of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to diagnose network communication issues
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1879 was patched at 2024-05-15

234. Denial of Service - OpenSSL (CVE-2006-2937) - High [555]

Description: OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2006-007存在多个安全漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2937 was patched at 2024-05-15

235. Denial of Service - OpenSSL (CVE-2006-2940) - High [555]

Description: OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2006-007存在多个安全漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2940 was patched at 2024-05-15

236. Denial of Service - OpenSSL (CVE-2016-7052) - High [555]

Description: crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7052 was patched at 2024-05-15

237. Denial of Service - OpenSSL (CVE-2017-3730) - High [555]

Description: In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-3730 was patched at 2024-05-15

238. Denial of Service - PHP (CVE-2018-6389) - High [555]

Description: In WordPress through 4.9.2, unauthenticated attackers can cause a denial of service (resource consumption) by using the large list of registered .js files (from wp-includes/script-loader.php) to construct a series of requests to load every file many times.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WordPress Core Denial Of Service, [packetstorm] WordPress Core load-scripts.php Denial Of Service, [zdt] WordPress Core - load-scripts.php Denial of Service Exploit, [seebug] WordPress Core - 'load-scripts.php' Denial of Service(CVE-2018-6389))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6389 was patched at 2024-05-15

239. Denial of Service - Samba (CVE-2008-4314) - High [555]

Description: smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to be performed.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Samba smbd远程信息泄露漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.810CVSS Base Score is 8.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4314 was patched at 2024-05-15

240. Denial of Service - Webkit (CVE-2018-11646) - High [555]

Description: webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] WebKitGTK+ 2.21.3 - Crash (PoC), [exploitpack] WebKitGTK+ 2.21.3 - WebKitFaviconDatabase Denial of Service (Metasploit), [packetstorm] WebKitGTK+ 2.21.3 pageURL Mishandling Denial Of Service, [packetstorm] WebKitGTK+ WebKitFaviconDatabase Denial Of Service, [zdt] WebKitGTK+ < 2.21.3 - pageURL Mishandling Crash (PoC) Exploit, [zdt] WebKitGTK+ < 2.21.3 - #WebKitFaviconDatabase DoS Exploit, [metasploit] WebKitGTK+ WebKitFaviconDatabase DoS, [exploitdb] WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' Denial of Service (Metasploit), [exploitdb] WebKitGTK+ < 2.21.3 - Crash (PoC))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814WebKit is a browser engine developed by Apple and primarily used in its Safari web browser, as well as all web browsers on iOS and iPadOS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11646 was patched at 2024-05-15

241. Information Disclosure - OpenSSH (CVE-2018-15919) - High [555]

Description: {'vulners_cve_data_all': 'Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object) website
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-15919 was patched at 2024-05-15

242. Security Feature Bypass - Google Chrome (CVE-2021-30539) - High [555]

Description: Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30539 was patched at 2024-05-15

243. Denial of Service - Kerberos (CVE-2009-3295) - High [553]

Description: The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MIT Kerberos KDC跨域Referral空指针引用拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3295 was patched at 2024-05-15

244. Remote Code Execution - Perl (CVE-2008-1333) - High [552]

Description: Format string vulnerability in Asterisk Open Source 1.6.x before 1.6.0-beta6 might allow remote attackers to execute arbitrary code via logging messages that are not properly handled by (1) the ast_verbose logging API call, or (2) the astman_append function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Asterisk日志函数及管理器远程格式串处理漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1333 was patched at 2024-05-15

245. Cross Site Scripting - PHP (CVE-2017-5367) - High [550]

Description: Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample parameters could include action=login&view=postlogin[XSS] view=console[XSS] view=groups[XSS] view=events&filter[terms][1][cnj]=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=and[XSS] view=events&filter%5Bterms%5D%5B1%5D%5Bcnj%5D=[XSS]and view=events&limit=1%22%3E%3C/a%3E[XSS] (among others).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] ZoneMinder - Multiple Vulnerabilities, [packetstorm] ZoneMinder XSS / CSRF / File Disclosure / Authentication Bypass)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5367 was patched at 2024-05-15

246. Cross Site Scripting - PHP (CVE-2019-12094) - High [550]

Description: Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitdb] Horde Webmail 5.2.22 - Multiple Vulnerabilities, [packetstorm] Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution, [zdt] Horde Webmail 5.2.22 - Multiple Vulnerabilities, [zdt] Horde Webmail 5.2.22 XSS / CSRF / SQL Injection / Code Execution Exploit, [exploitpack] Horde Webmail 5.2.22 - Multiple Vulnerabilities)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12094 was patched at 2024-05-15

247. Cross Site Scripting - PHP (CVE-2019-8937) - High [550]

Description: HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] HotelDruid 2.3 - Cross-Site Scripting Vulnerability, [exploitpack] HotelDruid 2.3 - Cross-Site Scripting, [packetstorm] HotelDruid 2.3 Cross Site Scripting, [exploitdb] HotelDruid 2.3 - Cross-Site Scripting)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-8937 was patched at 2024-05-15

248. Cross Site Scripting - Safari (CVE-2017-2504) - High [550]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with WebKit Editor commands.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WebKit Editor::Command::execute Universal Cross Site Scripting, [zdt] Apple WebKit / Safari 10.0.3(12602.4.8) - Editor::Command::execute Universal Cross-Site Scripting Ex, [seebug] WebKit: UXSS via Editor::Command::execute(CVE-2017-2504))
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2504 was patched at 2024-05-15

249. Cross Site Scripting - Safari (CVE-2017-2508) - High [550]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with container nodes.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit - ContainerNode::parserInsertBefore Universal Cross-Site Scripting Exploit, [seebug] WebKit: UXSS via ContainerNode::parserInsertBefore(CVE-2017-2508))
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2508 was patched at 2024-05-15

250. Cross Site Scripting - Safari (CVE-2017-2528) - High [550]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with cached frames.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WebKit CachedFrame Universal Cross Site Scripting, [seebug] WebKit: UXSS: CachedFrame doesn't detach openers(CVE-2017-2528), [zdt] WebKit CachedFrame Universal Cross Site Scripting Vulnerability)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2528 was patched at 2024-05-15

251. Remote Code Execution - Cacti (CVE-2024-31460) - High [547]

Description: Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the SQL statement in `create_all_header_nodes()` function from `lib/api_automation.php` , finally resulting in SQL injection. Using SQL based secondary injection technology, attackers can modify the contents of the Cacti database, and based on the modified content, it may be possible to achieve further impact, such as arbitrary file reading, and even remote code execution through arbitrary file writing. Version 1.2.27 contains a patch for the issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31460 was patched at 2024-05-15

252. Remote Code Execution - nginx (CVE-2012-2089) - High [547]

Description: Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly execute arbitrary code via a crafted MP4 file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] nginx 'ngx_http_mp4_module.c'缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2089 was patched at 2024-05-15

253. Information Disclosure - Roundcube (CVE-2018-19205) - High [545]

Description: Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenPGP、S/MIME information disclosure (CVE-2017-17688,CVE-2017-17689))
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19205 was patched at 2024-05-15

254. Remote Code Execution - FFmpeg (CVE-2009-4638) - High [545]

Description: Integer overflow in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg多个媒体文件解析拒绝服务和代码执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4638 was patched at 2024-05-15

255. Remote Code Execution - FFmpeg (CVE-2009-4640) - High [545]

Description: Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg多个媒体文件解析拒绝服务和代码执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4640 was patched at 2024-05-15

256. Denial of Service - PHP (CVE-2016-6896) - High [544]

Description: Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. (dot dot) in the plugin parameter to wp-admin/admin-ajax.php, as demonstrated by /dev/random read operations that deplete the entropy pool.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([metasploit] WordPress Traversal Directory DoS, [exploitpack] WordPress 4.5.3 - Directory Traversal Denial of Service, [zdt] WordPress 4.5.3 - Directory Traversal / Denial of Service, [exploitdb] WordPress Core 4.5.3 - Directory Traversal / Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6896 was patched at 2024-05-15

257. Denial of Service - Safari (CVE-2009-1692) - High [544]

Description: WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] ECMAScript Denial Of Service, [seebug] Multiple Web Browsers Denial of Service Exploit (1 bug to rule them all), [exploitpack] Multiple Browsers - Denial of Service, [exploitdb] Multiple Browsers - Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1692 was patched at 2024-05-15

258. Denial of Service - Samba (CVE-2007-0452) - High [544]

Description: smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Samba延迟CIFS文件打开拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0452 was patched at 2024-05-15

259. Memory Corruption - APT (CVE-2009-1177) - High [544]

Description: Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have unknown impact and remote attack vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MapServer mapserv程序多个远程安全漏洞)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1177 was patched at 2024-05-15

260. Memory Corruption - Google Chrome (CVE-2019-5866) - High [544]

Description: Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5866 was patched at 2024-05-15

261. Memory Corruption - Safari (CVE-2023-32409) - High [544]

Description: {'vulners_cve_data_all': 'The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (cisa_kev object) website
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-32409 was patched at 2024-05-15

262. Path Traversal - PHP (CVE-2005-3347) - High [544]

Description: Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Hardened-PHP Project Security Advisory 2005-21.81)
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3347 was patched at 2024-05-15

263. Path Traversal - PHP (CVE-2014-8959) - High [544]

Description: Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin 4.2.12 /gis_data_editor.php 本地文件包含漏洞)
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8959 was patched at 2024-05-15

264. Security Feature Bypass - Google Chrome (CVE-2021-30532) - High [544]

Description: Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30532 was patched at 2024-05-15

265. Security Feature Bypass - Google Chrome (CVE-2021-30537) - High [544]

Description: Insufficient policy enforcement in cookies in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass cookie policy via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30537 was patched at 2024-05-15

266. Security Feature Bypass - Google Chrome (CVE-2021-30538) - High [544]

Description: Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30538 was patched at 2024-05-15

267. Security Feature Bypass - Google Chrome (CVE-2021-30596) - High [544]

Description: {'vulners_cve_data_all': 'Incorrect security UI in Navigation in Google Chrome on Android prior to 92.0.4515.131 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30596 was patched at 2024-05-15

268. Arbitrary File Reading - PHP (CVE-2008-0196) - High [543]

Description: Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the page parameter to certain PHP scripts under wp-admin/ or (2) the import parameter to wp-admin/admin.php, as demonstrated by discovering the full path via a request for the \..\..\wp-config pathname; and allow remote attackers to modify arbitrary files via a .. (dot dot) in the file parameter to wp-admin/templates.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] WordPress Core MU Plugins - admin.php Privileges Unchecked Multiple Information Disclosures, [packetstorm] Core Security Technologies Advisory 2009.0515, [seebug] WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures, [seebug] WordPress Privileges Unchecked in admin.php and Multiple Information, [exploitdb] WordPress Core / MU / Plugins - '/admin.php' Privileges Unchecked / Multiple Information Disclosures)
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0196 was patched at 2024-05-15

269. Information Disclosure - Mozilla Firefox (CVE-2019-13075) - High [543]

Description: Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a behavior of Firefox before 68.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-13075 was patched at 2024-05-15

270. Information Disclosure - OpenSSH (CVE-2016-20012) - High [543]

Description: {'vulners_cve_data_all': 'OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-20012 was patched at 2024-05-15

271. Information Disclosure - PHP (CVE-2009-2334) - High [543]

Description: wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as demonstrated by the (1) collapsing-archives/options.txt, (2) akismet/readme.txt, (3) related-ways-to-take-action/options.php, (4) wp-security-scan/securityscan.php, and (5) wp-ids/ids-admin.php files. NOTE: this can be leveraged for cross-site scripting (XSS) and denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] WordPress wp-admin/admin.php模块错误权限检查漏洞, [seebug] WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures, [seebug] WordPress Privileges Unchecked in admin.php and Multiple Information, [exploitpack] WordPress Core MU Plugins - admin.php Privileges Unchecked Multiple Information Disclosures, [packetstorm] Core Security Technologies Advisory 2009.0515, [exploitdb] WordPress Core / MU / Plugins - '/admin.php' Privileges Unchecked / Multiple Information Disclosures)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2334 was patched at 2024-05-15

272. Information Disclosure - PHP (CVE-2012-4219) - High [543]

Description: show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin 'show_config_errors.php'完整路径信息泄露漏洞)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4219 was patched at 2024-05-15

273. Cross Site Scripting - Apache HTTP Server (CVE-2006-3918) - High [542]

Description: http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] ProCheckUp Security Advisory 2007.37, [packetstorm] Oracle HTTP Server Header Cross Site Scripting, [exploitpack] Oracle HTTP Server - Cross-Site Scripting Header Injection, [seebug] Oracle HTTP Server - XSS Header Injection, [exploitdb] Oracle HTTP Server - Cross-Site Scripting Header Injection)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3918 was patched at 2024-05-15

274. Cross Site Scripting - Apache HTTP Server (CVE-2007-6203) - High [542]

Description: Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] ProCheckUp Security Advisory 2007.37, [packetstorm] Oracle HTTP Server Header Cross Site Scripting, [exploitpack] Oracle HTTP Server - Cross-Site Scripting Header Injection, [seebug] Oracle HTTP Server - XSS Header Injection, [exploitdb] Oracle HTTP Server - Cross-Site Scripting Header Injection)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6203 was patched at 2024-05-15

275. Remote Code Execution - Flatpak (CVE-2024-32462) - High [542]

Description: Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the `--command` argument of `flatpak run` expects to be given a command to run in the specified Flatpak app, optionally along with some arguments. However it is possible to instead pass `bwrap` arguments to `--command=`, such as `--bind`. It's possible to pass an arbitrary `commandline` to the portal interface `org.freedesktop.portal.Background.RequestBackground` from within a Flatpak app. When this is converted into a `--command` and arguments, it achieves the same effect of passing arguments directly to `bwrap`, and thus can be used for a sandbox escape. The solution is to pass the `--` argument to `bwrap`, which makes it stop processing options. This has been supported since bubblewrap 0.3.0. All supported versions of Flatpak require at least that version of bubblewrap. xdg-desktop-portal version 1.18.4 will mitigate this vulnerability by only allowing Flatpak apps to create .desktop files for commands that do not start with --. The vulnerability is patched in 1.15.8, 1.10.9, 1.12.9, and 1.14.6.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Flatpak is a utility for software deployment and package management for Linux
CVSS Base Score0.810CVSS Base Score is 8.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32462 was patched at 2024-04-19, 2024-05-15

redos: CVE-2024-32462 was patched at 2024-05-07

276. Remote Code Execution - GPAC (CVE-2021-32136) - High [542]

Description: Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32136 was patched at 2024-05-15

277. Remote Code Execution - GPAC (CVE-2021-32268) - High [542]

Description: Buffer overflow vulnerability in function gf_fprintf in os_file.c in gpac before 1.0.1 allows attackers to execute arbitrary code. The fixed version is 1.0.1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32268 was patched at 2024-05-15

278. Remote Code Execution - GPAC (CVE-2021-32439) - High [542]

Description: Buffer overflow in the stbl_AppendSize function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32439 was patched at 2024-05-15

279. Remote Code Execution - GPAC (CVE-2021-33362) - High [542]

Description: Stack buffer overflow in the hevc_parse_vps_extension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33362 was patched at 2024-05-15

280. Denial of Service - Kerberos (CVE-2009-0847) - High [541]

Description: The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MIT Kerberos SPNEGO和ASN.1多个拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0847 was patched at 2024-05-15

281. Security Feature Bypass - TLS (CVE-2021-29495) - High [541]

Description: {'vulners_cve_data_all': 'Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled by default. Users can upgrade to version 1.4.2 to receive a patch or, as a workaround, set "verifyMode = CVerifyPeer" as documented.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29495 was patched at 2024-05-15

282. Security Feature Bypass - TLS (CVE-2021-34825) - High [541]

Description: {'vulners_cve_data_all': 'Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-34825 was patched at 2024-05-15

283. Remote Code Execution - Perl (CVE-2005-3962) - High [540]

Description: Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Perl格式串处理整数溢出漏洞, [seebug] Apple Mac OS X 2006-007存在多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3962 was patched at 2024-05-15

284. Remote Code Execution - Perl (CVE-2011-4089) - High [540]

Description: The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] bzexe /tmp Race Condition)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4089 was patched at 2024-05-15

285. Denial of Service - BIND (CVE-2006-4095) - High [539]

Description: BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2007-005多个安全漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4095 was patched at 2024-05-15

286. Denial of Service - Curl (CVE-2023-38039) - High [539]

Description: {'vulners_cve_data_all': 'When curl retrieves an HTTP response, it stores the incoming headers so that\nthey can be accessed later via the libcurl headers API.\n\nHowever, curl did not have a limit in how many or how large headers it would\naccept in a response, allowing a malicious server to stream an endless series\nof headers and eventually cause curl to run out of heap memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38039 was patched at 2024-05-15

287. Denial of Service - Point-to-Point Tunneling Protocol (CVE-2003-0213) - High [539]

Description: ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Poptop Negative Read Overflow)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714The Point to Point Tunneling Protocol (PPTP) is a network protocol used to create VPN tunnels between public networks
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0213 was patched at 2024-05-15

288. Denial of Service - QEMU (CVE-2019-20175) - High [539]

Description: An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a "privileged guest user has many ways to cause similar DoS effect, without triggering this assert.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20175 was patched at 2024-05-15

289. Denial of Service - SQLite (CVE-2021-31239) - High [539]

Description: An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714SQLite is a database engine written in the C programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31239 was patched at 2024-05-15

290. Denial of Service - iOS (CVE-2019-10742) - High [539]

Description: Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Improper Handling of Exceptional Conditions in Axios)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10742 was patched at 2024-05-15

291. Cross Site Scripting - PHP (CVE-2021-38603) - High [538]

Description: PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38603 was patched at 2024-05-15

292. Memory Corruption - Chromium (CVE-2024-3832) - High [538]

Description: {'vulners_cve_data_all': 'Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3832 was patched at 2024-04-20, 2024-05-15

redos: CVE-2024-3832 was patched at 2024-05-07

293. Memory Corruption - Chromium (CVE-2024-3833) - High [538]

Description: {'vulners_cve_data_all': 'Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3833 was patched at 2024-04-20, 2024-05-15

redos: CVE-2024-3833 was patched at 2024-05-07

294. Memory Corruption - Chromium (CVE-2024-4331) - High [538]

Description: Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-4331 was patched at 2024-05-02, 2024-05-15

295. Memory Corruption - Chromium (CVE-2024-4368) - High [538]

Description: Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-4368 was patched at 2024-05-02, 2024-05-15

296. Memory Corruption - Mozilla Firefox (CVE-2024-3855) - High [538]

Description: In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This vulnerability affects Firefox < 125.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

ubuntu: CVE-2024-3855 was patched at 2024-04-24

297. Memory Corruption - Mozilla Firefox (CVE-2024-3856) - High [538]

Description: A use-after-free could occur during WASM execution if garbage collection ran during the creation of an array. This vulnerability affects Firefox < 125.

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

ubuntu: CVE-2024-3856 was patched at 2024-04-24

298. Denial of Service - Apache HTTP Server (CVE-2013-2765) - High [536]

Description: The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] ModSecurity Remote Null Pointer Dereference Vulnerability, [packetstorm] ModSecurity Remote Null Pointer Dereference, [seebug] ModSecurity 空指针间接引用远程拒绝服务漏洞(CVE-2013-2765))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2765 was patched at 2024-05-15

299. Denial of Service - Linux Kernel (CVE-2014-0102) - High [536]

Description: The keyring_detect_cycle_iterator function in security/keys/keyring.c in the Linux kernel through 3.13.6 does not properly determine whether keyrings are identical, which allows local users to cause a denial of service (OOPS) via crafted keyctl commands.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Linux Kernel 'keyring_detect_cycle_iterator()'函数本地拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 5.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0102 was patched at 2024-05-15

300. Denial of Service - Linux Kernel (CVE-2019-20794) - High [536]

Description: {'vulners_cve_data_all': 'An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20794 was patched at 2024-05-15

301. Information Disclosure - Linux Kernel (CVE-2014-0131) - High [536]

Description: Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Linux Kernel vhost-net分段内存泄露漏洞, [seebug] Linux kernel skb_segment函数释放后使用漏洞)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.310CVSS Base Score is 2.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0131 was patched at 2024-05-15

302. Memory Corruption - Linux Kernel (CVE-2019-19378) - High [536]

Description: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19378 was patched at 2024-05-15

303. Path Traversal - Apache HTTP Server (CVE-2007-1860) - High [536]

Description: mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 decodes request URLs within the Apache HTTP Server before passing the URL to Tomcat, which allows remote attackers to access protected pages via a crafted prefix JkMount, possibly involving double-encoded .. (dot dot) sequences and directory traversal, a related issue to CVE-2007-0450.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] SA-20070314-0.txt, [seebug] Mac OS X 2007-007更新修复多个安全漏洞)
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1860 was patched at 2024-05-15

304. Denial of Service - Unknown Product (CVE-2020-36067) - High [535]

Description: {'vulners_cve_data_all': 'GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36067 was patched at 2024-05-15

305. Cross Site Scripting - MediaWiki (CVE-2012-4378) - High [533]

Description: Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MediaWiki 1.x userlang参数跨站脚本漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4378 was patched at 2024-05-15

306. Cross Site Scripting - MediaWiki (CVE-2020-35474) - High [533]

Description: In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35474 was patched at 2024-05-15

307. Denial of Service - Binutils (CVE-2020-16591) - High [532]

Description: A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-16591 was patched at 2024-05-15

308. Denial of Service - Binutils (CVE-2020-16593) - High [532]

Description: A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-16593 was patched at 2024-05-15

309. Denial of Service - Binutils (CVE-2020-16599) - High [532]

Description: A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-16599 was patched at 2024-05-15

310. Denial of Service - GNOME desktop (CVE-2017-14108) - High [532]

Description: libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to cause a denial of service (CPU consumption) via a file that begins with many '\0' characters.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] libgedit.a 3.22.1 Denial Of Service Vulnerability, [packetstorm] libgedit.a 3.22.1 Denial Of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14108 was patched at 2024-05-15

311. Memory Corruption - Chromium (CVE-2021-30623) - High [532]

Description: Chromium: CVE-2021-30623 Use after free in Bookmarks

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Out-of-bounds Write in Google Chrome)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30623 was patched at 2024-05-15

312. Memory Corruption - Google Chrome (CVE-2021-30521) - High [532]

Description: Heap buffer overflow in Autofill in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30521 was patched at 2024-05-15

313. Memory Corruption - Google Chrome (CVE-2021-30522) - High [532]

Description: Use after free in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30522 was patched at 2024-05-15

314. Memory Corruption - Google Chrome (CVE-2021-30523) - High [532]

Description: Use after free in WebRTC in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30523 was patched at 2024-05-15

315. Memory Corruption - Google Chrome (CVE-2021-30524) - High [532]

Description: Use after free in TabStrip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30524 was patched at 2024-05-15

316. Memory Corruption - Google Chrome (CVE-2021-30525) - High [532]

Description: Use after free in TabGroups in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30525 was patched at 2024-05-15

317. Memory Corruption - Google Chrome (CVE-2021-30527) - High [532]

Description: Use after free in WebUI in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30527 was patched at 2024-05-15

318. Memory Corruption - Google Chrome (CVE-2021-30528) - High [532]

Description: Use after free in WebAuthentication in Google Chrome on Android prior to 91.0.4472.77 allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30528 was patched at 2024-05-15

319. Memory Corruption - Google Chrome (CVE-2021-30529) - High [532]

Description: Use after free in Bookmarks in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30529 was patched at 2024-05-15

320. Memory Corruption - Google Chrome (CVE-2021-30530) - High [532]

Description: Out of bounds memory access in WebAudio in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30530 was patched at 2024-05-15

321. Memory Corruption - Google Chrome (CVE-2021-30544) - High [532]

Description: Use after free in BFCache in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30544 was patched at 2024-05-15

322. Memory Corruption - Google Chrome (CVE-2021-30545) - High [532]

Description: Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30545 was patched at 2024-05-15

323. Memory Corruption - Google Chrome (CVE-2021-30546) - High [532]

Description: Use after free in Autofill in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30546 was patched at 2024-05-15

324. Memory Corruption - Google Chrome (CVE-2021-30548) - High [532]

Description: Use after free in Loader in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30548 was patched at 2024-05-15

325. Memory Corruption - Google Chrome (CVE-2021-30550) - High [532]

Description: Use after free in Accessibility in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30550 was patched at 2024-05-15

326. Memory Corruption - Google Chrome (CVE-2021-30552) - High [532]

Description: Use after free in Extensions in Google Chrome prior to 91.0.4472.101 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30552 was patched at 2024-05-15

327. Memory Corruption - Google Chrome (CVE-2021-30553) - High [532]

Description: Use after free in Network service in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30553 was patched at 2024-05-15

328. Memory Corruption - Google Chrome (CVE-2021-30561) - High [532]

Description: Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Chrome JS WasmJs::InstallConditionalFeatures Object Corruption)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30561 was patched at 2024-05-15

329. Memory Corruption - Google Chrome (CVE-2021-30573) - High [532]

Description: Use after free in GPU in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Use After Free in Google Chrome, [githubexploit] Exploit for Use After Free in Google Chrome, [githubexploit] Exploit for Use After Free in Google Chrome)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30573 was patched at 2024-05-15

330. Memory Corruption - Google Chrome (CVE-2021-30602) - High [532]

Description: Use after free in WebRTC in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30602 was patched at 2024-05-15

331. Memory Corruption - Safari (CVE-2018-4382) - High [532]

Description: Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit JSC JIT - ByteCodeParser::handleIntrinsicCall Type Confusion Exploit, [packetstorm] WebKit JIT ByteCodeParser::handleIntrinsicCall Type Confusion)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-4382 was patched at 2024-05-15

332. Memory Corruption - Safari (CVE-2018-4416) - High [532]

Description: Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit JSC JIT - JSPropertyNameEnumerator Type Confusion Exploit, [packetstorm] WebKit JSC JIT JSPropertyNameEnumerator Type Confusion)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-4416 was patched at 2024-05-15

333. Memory Corruption - Safari (CVE-2018-4438) - High [532]

Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WebKit JIT Proxy Object Issue, [zdt] WebKit JIT - Int32/Double Arrays can have Proxy Objects in the Prototype Chains Exploit)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-4438 was patched at 2024-05-15

334. Memory Corruption - Safari (CVE-2018-4441) - High [532]

Description: A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WebKit JSC JSArray::shiftCountWithArrayStorage Out-Of-Band Read / Write, [zdt] WebKit JSC JSArray::shiftCountWithArrayStorage Out-Of-Band Read / Write Exploit, [zdt] SonyPlaystation 4 (PS4) < 6.20 - WebKit Code Execution Exploit, [exploitpack] Sony Playstation 4 (PS4) 6.20 - WebKit Code Execution (PoC), [exploitdb] Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC))
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-4441 was patched at 2024-05-15

335. Memory Corruption - Safari (CVE-2018-4442) - High [532]

Description: A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free Exploit, [packetstorm] WebKit JSC JIT Use-After-Free)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-4442 was patched at 2024-05-15

336. Memory Corruption - Safari (CVE-2018-4443) - High [532]

Description: A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] WebKit JSC AbstractValue::set Use-After-Free Exploit, [packetstorm] WebKit JSC AbstractValue::set Use-After-Free)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-4443 was patched at 2024-05-15

337. Path Traversal - PHP (CVE-2011-2508) - High [532]

Description: Directory traversal vulnerability in libraries/display_tbl.lib.php in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1, when a certain MIME transformation feature is enabled, allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in a GLOBALS[mime_map][$meta->name][transformation] parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin 3.x 多个安全漏洞, [seebug] phpMyAdmin 3.x Multiple Remote Code Executions, [packetstorm] phpMyAdmin 3.x Remote Code Execution)
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2508 was patched at 2024-05-15

338. Arbitrary File Reading - PHP (CVE-2003-0536) - High [531]

Description: Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Hardened-PHP Project Security Advisory 2005-21.81)
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0536 was patched at 2024-05-15

339. Information Disclosure - OpenSSL (CVE-2016-0701) - High [531]

Description: {'vulners_cve_data_all': 'The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-0701 was patched at 2024-05-15

340. Information Disclosure - PHP (CVE-2012-1902) - High [531]

Description: show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a configuration file does not exist, allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message about this missing file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin 3.x 'show_config_errors.php'完整路径信息泄露漏洞)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1902 was patched at 2024-05-15

341. Cross Site Scripting - Apache HTTP Server (CVE-2009-0796) - High [530]

Description: Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apache mod_perl 'Apache::Status'和'Apache2::Status'跨站脚本漏洞, [packetstorm] Mod-Perl Perl-Status Cross Site Scripting)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0796 was patched at 2024-05-15

342. Information Disclosure - nginx (CVE-2013-0337) - High [529]

Description: The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Nginx 'access.log'不安全文件权限漏洞)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0337 was patched at 2024-05-15

343. Denial of Service - BIND (CVE-2011-0414) - High [527]

Description: ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Bind 9 竞争条件远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0414 was patched at 2024-05-15

344. Elevation of Privilege - Git (CVE-2022-38065) - High [527]

Description: A privilege escalation vulnerability exists in the oslo.privsep functionality of OpenStack git master 05194e7618 and prior. Overly permissive functionality within tools leveraging this library within a container can lead increased privileges.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.414Git
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-38065 was patched at 2024-05-15

345. Cross Site Scripting - APT (CVE-2007-4542) - High [526]

Description: Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MapServer远程栈溢出及跨站脚本漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4542 was patched at 2024-05-15

346. Cross Site Scripting - APT (CVE-2014-2538) - High [526]

Description: Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Ruby rack-ssl Gem错误页面跨站脚本漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2538 was patched at 2024-05-15

347. Cross Site Scripting - PHP (CVE-2006-0806) - High [526]

Description: Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] ADOdb 4.71 - Cross Site Scripting, [exploitdb] ADOdb < 4.71 - Cross Site Scripting)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0806 was patched at 2024-05-15

348. Cross Site Scripting - PHP (CVE-2008-1502) - High [526]

Description: The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([dsquare] Moodle <= 1.8.4 RCE, [d2] DSquare Exploit Pack: D2SEC_MOODLE_REXEC)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1502 was patched at 2024-05-15

349. Cross Site Scripting - PHP (CVE-2009-2284) - High [526]

Description: Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin SQL书签HTML注入漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2284 was patched at 2024-05-15

350. Cross Site Scripting - PHP (CVE-2009-3696) - High [526]

Description: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin SQL注入和跨站脚本漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3696 was patched at 2024-05-15

351. Cross Site Scripting - PHP (CVE-2010-3263) - High [526]

Description: Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin 3.x setup脚本远程跨站脚本漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3263 was patched at 2024-05-15

352. Cross Site Scripting - PHP (CVE-2010-4329) - High [526]

Description: Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton function in libraries/common.lib.php in the database (db) search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin数据库搜索跨站脚本执行漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4329 was patched at 2024-05-15

353. Cross Site Scripting - PHP (CVE-2011-3181) - High [526]

Description: Multiple cross-site scripting (XSS) vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a (1) table name, (2) column name, or (3) index name.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin跟踪功能多个跨站脚本漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3181 was patched at 2024-05-15

354. Cross Site Scripting - PHP (CVE-2011-4064) - High [526]

Description: Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin Setup接口跨站脚本漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4064 was patched at 2024-05-15

355. Cross Site Scripting - PHP (CVE-2011-4634) - High [526]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin 3.4.8之前版本多个跨站脚本执行漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4634 was patched at 2024-05-15

356. Cross Site Scripting - PHP (CVE-2011-4780) - High [526]

Description: Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin 3.4.9之前版本多个跨站脚本执行漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4780 was patched at 2024-05-15

357. Cross Site Scripting - PHP (CVE-2011-4782) - High [526]

Description: Cross-site scripting (XSS) vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin '$host'变量HTML注入漏洞, [packetstorm] phpMyAdmin 3.4.8 Cross Site Scripting)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4782 was patched at 2024-05-15

358. Cross Site Scripting - PHP (CVE-2012-0782) - High [526]

Description: Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] wordpress <= 3.3.1 - Multiple Vulnerabilities, [seebug] WordPress 3.3.1 Code Execution / Cross Site Scripting, [packetstorm] WordPress 3.3.1 Code Execution / Cross Site Scripting, [exploitpack] WordPress 3.3.1 - Multiple Vulnerabilities, [exploitdb] WordPress Core 3.3.1 - Multiple Vulnerabilities)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0782 was patched at 2024-05-15

359. Cross Site Scripting - PHP (CVE-2012-1190) - High [526]

Description: Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin 3.x 数据库名称跨站脚本执行漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1190 was patched at 2024-05-15

360. Cross Site Scripting - PHP (CVE-2014-2570) - High [526]

Description: Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] php-font-lib 'name'参数跨站脚本漏洞, [packetstorm] php-font-lib 0.3 Cross Site Scripting)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2570 was patched at 2024-05-15

361. Cross Site Scripting - PHP (CVE-2014-6070) - High [526]

Description: Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in (1) index.php or (2) detail.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting (Python), [packetstorm] LogAnalyzer 3.6.5 Cross Site Scripting, [zdt] LogAnalyzer 3.6.5 Cross Site Scripting Vulnerability, [exploitdb] Syslog LogAnalyzer 3.6.5 - Persistent Cross-Site Scripting )
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-6070 was patched at 2024-05-15

362. Cross Site Scripting - PHP (CVE-2015-6584) - High [526]

Description: Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] DataTables 1.10.8 Cross Site Scripting)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-6584 was patched at 2024-05-15

363. Cross Site Scripting - Safari (CVE-2009-1684) - High [526]

Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1684 was patched at 2024-05-15

364. Cross Site Scripting - Safari (CVE-2009-1685) - High [526]

Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1685 was patched at 2024-05-15

365. Cross Site Scripting - Safari (CVE-2009-1688) - High [526]

Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is not the "HTML 5 standard method."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1688 was patched at 2024-05-15

366. Cross Site Scripting - Safari (CVE-2009-1689) - High [526]

Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank URL, leading to security-context replacement.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1689 was patched at 2024-05-15

367. Cross Site Scripting - Safari (CVE-2009-1691) - High [526]

Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for standard JavaScript prototypes in other domains.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1691 was patched at 2024-05-15

368. Cross Site Scripting - Safari (CVE-2009-1695) - High [526]

Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1695 was patched at 2024-05-15

369. Cross Site Scripting - Safari (CVE-2009-1697) - High [526]

Description: CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1697 was patched at 2024-05-15

370. Cross Site Scripting - Safari (CVE-2009-1702) - High [526]

Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1702 was patched at 2024-05-15

371. Cross Site Scripting - Safari (CVE-2009-1714) - High [526]

Description: Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1714 was patched at 2024-05-15

372. Cross Site Scripting - Safari (CVE-2009-1715) - High [526]

Description: Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1715 was patched at 2024-05-15

373. Cross Site Scripting - Webkit (CVE-2014-8600) - High [526]

Description: Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] IO Slaves KDE Insufficient Input Validation)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814WebKit is a browser engine developed by Apple and primarily used in its Safari web browser, as well as all web browsers on iOS and iPadOS
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8600 was patched at 2024-05-15

374. Command Injection - Git (CVE-2021-43809) - High [525]

Description: `Bundler` is a package for managing application dependencies in Ruby. In `bundler` versions before 2.2.33, when working with untrusted and apparently harmless `Gemfile`'s, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the `Gemfile` itself. However, if the `Gemfile` includes `gem` entries that use the `git` option with invalid, but seemingly harmless, values with a leading dash, this can be false. To handle dependencies that come from a Git repository instead of a registry, Bundler uses various commands, such as `git clone`. These commands are being constructed using user input (e.g. the repository URL). When building the commands, Bundler versions before 2.2.33 correctly avoid Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. Since this value comes from the `Gemfile` file, it can contain any character, including a leading dash. To exploit this vulnerability, an attacker has to craft a directory containing a `Gemfile` file that declares a dependency that is located in a Git repository. This dependency has to have a Git URL in the form of `-u./payload`. This URL will be used to construct a Git clone command but will be interpreted as the upload-pack argument. Then this directory needs to be shared with the victim, who then needs to run a command that evaluates the Gemfile, such as `bundle lock`, inside. This vulnerability can lead to Arbitrary Code Execution, which could potentially lead to the takeover of the system. However, the exploitability is very low, because it requires a lot of user interaction. Bundler 2.2.33 has patched this problem by inserting `--` as an argument before any positional arguments to those Git commands that were affected by this issue. Regardless of whether users can upgrade or not, they should review any untrustred `Gemfile`'s before running any `bundler` commands that may read them, since they can contain arbitrary ruby code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.414Git
CVSS Base Score0.710CVSS Base Score is 7.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43809 was patched at 2024-05-15

375. Denial of Service - Linux Kernel (CVE-2013-5634) - High [525]

Description: arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service (NULL pointer dereference, OOPS, and host OS crash) or possibly have unspecified other impact by omitting vCPU initialization before a KVM_GET_REG_LIST ioctl call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Linux Kernel空指针引用本地拒绝服务漏洞(CVE-2013-5634))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-5634 was patched at 2024-05-15

376. Security Feature Bypass - Git (CVE-2021-29499) - High [525]

Description: {'vulners_cve_data_all': 'SIF is an open source implementation of the Singularity Container Image Format. The `siftool new` command and func siftool.New() produce predictable UUID identifiers due to insecure randomness in the version of the `github.com/satori/go.uuid` module used as a dependency. A patch is available in version >= v1.2.3 of the module. Users are encouraged to upgrade. As a workaround, users passing CreateInfo struct should ensure the `ID` field is generated using a version of `github.com/satori/go.uuid` that is not vulnerable to this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29499 was patched at 2024-05-15

377. Information Disclosure - Linux Kernel (CVE-2014-1444) - High [524]

Description: The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Linux Kernel 'farsync.c'本地信息泄露漏洞)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.210CVSS Base Score is 1.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1444 was patched at 2024-05-15

378. Information Disclosure - Linux Kernel (CVE-2014-1445) - High [524]

Description: The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Linux Kernel 'wanxl.c'本地信息泄露漏洞)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1445 was patched at 2024-05-15

379. Information Disclosure - Linux Kernel (CVE-2014-1446) - High [524]

Description: The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Linux Kernel 'hamradio/yam.c'本地信息泄露漏洞)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1446 was patched at 2024-05-15

380. Denial of Service - Unknown Product (CVE-2022-34503) - High [523]

Description: {'vulners_cve_data_all': 'QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-34503 was patched at 2024-05-15

381. Unknown Vulnerability Type - Unknown Product (CVE-2004-2687) - High [523]

Description: {'vulners_cve_data_all': 'distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object) website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitdb] DistCC Daemon Command Execution, [packetstorm] DistCC Daemon Command Execution)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2687 was patched at 2024-05-15

382. Denial of Service - ImageMagick (CVE-2012-1610) - High [522]

Description: Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ImageMagick 拒绝服务漏洞(CVE-2012-0259))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1610 was patched at 2024-05-15

383. Denial of Service - Perl (CVE-2013-7488) - High [522]

Description: {'vulners_cve_data_all': 'perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2013-7488 was patched at 2024-05-22

debian: CVE-2013-7488 was patched at 2024-05-15

oraclelinux: CVE-2013-7488 was patched at 2024-05-23

redhat: CVE-2013-7488 was patched at 2024-05-22

384. Denial of Service - Wireshark (CVE-2009-3241) - High [522]

Description: Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Wireshark: Multiple vulnerabilities)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3241 was patched at 2024-05-15

385. Information Disclosure - Perl (CVE-2013-2256) - High [522]

Description: OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenStack Nova安全绕过漏洞)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2256 was patched at 2024-05-15

386. Path Traversal - Python (CVE-2024-23334) - High [522]

Description: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23334 was patched at 2024-05-15

redos: CVE-2024-23334 was patched at 2024-04-23

387. Security Feature Bypass - Perl (CVE-2011-4613) - High [522]

Description: The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Xorg 1.4 to 1.11.2 File Permission Change PoC, [exploitpack] X.Org xorg 1.4 1.11.2 - File Permission Change, [exploitdb] X.Org xorg 1.4 < 1.11.2 - File Permission Change)
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4613 was patched at 2024-05-15

388. Authentication Bypass - Cacti (CVE-2022-48538) - High [520]

Description: In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48538 was patched at 2024-05-15

389. Denial of Service - GNU C Library (CVE-2009-4880) - High [520]

Description: Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] 多个BSD平台'strfmon()'函数整数溢出漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4880 was patched at 2024-05-15

390. Denial of Service - GNU C Library (CVE-2009-4881) - High [520]

Description: Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] 多个BSD平台'strfmon()'函数整数溢出漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4881 was patched at 2024-05-15

391. Denial of Service - GNU C Library (CVE-2010-4051) - High [520]

Description: The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4051 was patched at 2024-05-15

392. Denial of Service - GNU C Library (CVE-2010-4052) - High [520]

Description: Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] GNU libc/regcomp(3) Multiple Vulnerabilities, [seebug] FreeBSD 9.1 ftpd Remote Denial of Service, [exploitpack] GNU libcregcomp(3) - Multiple Vulnerabilities, [exploitpack] GNU glibc - regcomp() Stack Exhaustion Denial of Service, [exploitpack] FreeBSD 9.1 - ftpd Remote Denial of Service, [exploitdb] GNU glibc - 'regcomp()' Stack Exhaustion Denial of Service, [exploitdb] GNU libc/regcomp(3) - Multiple Vulnerabilities, [exploitdb] FreeBSD 9.1 - 'ftpd' Remote Denial of Service, [packetstorm] BSD libc/regcomp(3) Memory Management / Recursion, [packetstorm] OS X / Safari / Firefox REGEX Denial Of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4052 was patched at 2024-05-15

393. Denial of Service - Google Chrome (CVE-2011-3893) - High [520]

Description: Google Chrome before 15.0.874.120 does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Google Chrome 15.x MKV和Vorbis媒体处理漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3893 was patched at 2024-05-15

394. Denial of Service - Node.js (CVE-2021-32640) - High [520]

Description: {'vulners_cve_data_all': 'ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32640 was patched at 2024-05-15

395. Denial of Service - OpenSSL (CVE-2002-0659) - High [520]

Description: The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] opensslrv.txt)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0659 was patched at 2024-05-15

396. Denial of Service - OpenSSL (CVE-2010-0740) - High [520]

Description: The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenSSL - Remote DoS, [seebug] OpenSSL TLS连接记录处理拒绝服务漏洞, [exploitpack] OpenSSL - Remote Denial of Service, [exploitdb] OpenSSL - Remote Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0740 was patched at 2024-05-15

397. Denial of Service - PHP (CVE-2012-0937) - High [520]

Description: wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via the dbhost parameter, a different vulnerability than CVE-2011-4898. NOTE: the vendor disputes the significance of this issue because an incomplete WordPress installation might be present on the network for only a short time

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] WordPress 3.3.1 - Multiple Vulnerabilities, [seebug] wordpress <= 3.3.1 - Multiple Vulnerabilities, [seebug] WordPress 3.3.1 Code Execution / Cross Site Scripting, [packetstorm] WordPress 3.3.1 Code Execution / Cross Site Scripting, [exploitdb] WordPress Core 3.3.1 - Multiple Vulnerabilities)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0937 was patched at 2024-05-15

398. Denial of Service - Samba (CVE-2006-3403) - High [520]

Description: The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2006-007存在多个安全漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3403 was patched at 2024-05-15

399. Incorrect Calculation - GNOME desktop (CVE-2020-35457) - High [520]

Description: GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35457 was patched at 2024-05-15

400. Memory Corruption - Binutils (CVE-2021-20294) - High [520]

Description: A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-20294 was patched at 2024-05-15

401. Memory Corruption - Google Chrome (CVE-2021-30536) - High [520]

Description: Out of bounds read in V8 in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30536 was patched at 2024-05-15

402. Memory Corruption - Google Chrome (CVE-2021-30593) - High [520]

Description: Out of bounds read in Tab Strip in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30593 was patched at 2024-05-15

403. Arbitrary File Writing - Perl (CVE-2012-2451) - High [519]

Description: The Config::IniFiles module before 2.71 for Perl creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. NOTE: some of these details are obtained from third party information. NOTE: it has been reported that this might only be exploitable by writing in the same directory as the .ini file. If this is the case, then this issue might not cross privilege boundaries.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Perl Config::IniFiles Module不安全临时文件创建漏洞)
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2451 was patched at 2024-05-15

404. Remote Code Execution - GPAC (CVE-2021-32137) - High [519]

Description: Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32137 was patched at 2024-05-15

405. Code Injection - Cacti (CVE-2024-31458) - High [518]

Description: {'vulners_cve_data_all': 'Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `form_save()` function in `graph_template_inputs.php` is not thoroughly checked and is used to concatenate the SQL statement in `draw_nontemplated_fields_graph_item()` function from `lib/html_form_templates.php` , finally resulting in SQL injection. Version 1.2.27 contains a patch for the issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31458 was patched at 2024-05-15

406. Information Disclosure - HID (CVE-2021-32747) - High [517]

Description: {'vulners_cve_data_all': 'Icinga Web 2 is an open source monitoring web interface, framework, and command-line interface. A vulnerability in which custom variables are exposed to unauthorized users exists between versions 2.0.0 and 2.8.2. Custom variables are user-defined keys and values on configuration objects in Icinga 2. These are commonly used to reference secrets in other configurations such as check commands to be able to authenticate with a service being checked. Icinga Web 2 displays these custom variables to logged in users with access to said hosts or services. In order to protect the secrets from being visible to anyone, it's possible to setup protection rules and blacklists in a user's role. Protection rules result in `***` being shown instead of the original value, the key will remain. Backlists will hide a custom variable entirely from the user. Besides using the UI, custom variables can also be accessed differently by using an undocumented URL parameter. By adding a parameter to the affected routes, Icinga Web 2 will show these columns additionally in the respective list. This parameter is also respected when exporting to JSON or CSV. Protection rules and blacklists however have no effect in this case. Custom variables are shown as-is in the result. The issue has been fixed in the 2.9.0, 2.8.3, and 2.7.5 releases. As a workaround, one may set up a restriction to hide hosts and services with the custom variable in question.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514HID
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32747 was patched at 2024-05-15

407. Security Feature Bypass - Docker (CVE-2021-41091) - High [517]

Description: {'vulners_cve_data_all': 'Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Improper Preservation of Permissions in Mobyproject Moby, [githubexploit] Exploit for Improper Preservation of Permissions in Mobyproject Moby)
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514Docker
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41091 was patched at 2024-05-15

408. Cross Site Scripting - Internet Explorer (CVE-2022-25869) - High [516]

Description: All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25869 was patched at 2024-05-15

409. Cross Site Scripting - Perl (CVE-2020-10688) - High [516]

Description: A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10688 was patched at 2024-05-15

410. Denial of Service - FFmpeg (CVE-2009-4632) - High [515]

Description: oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg多个媒体文件解析拒绝服务和代码执行漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4632 was patched at 2024-05-15

411. Denial of Service - iOS (CVE-2018-13441) - High [515]

Description: qh_help in Nagios Core version 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attacker to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Nagios Core 4.4.1 - Denial of Service Vulnerability, [packetstorm] Nagios Core 4.4.1 Local Denial Of Service, [exploitpack] Nagios Core 4.4.1 - Denial of Service, [exploitdb] Nagios Core 4.4.1 - Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-13441 was patched at 2024-05-15

412. Denial of Service - iOS (CVE-2018-13457) - High [515]

Description: qh_echo in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Nagios Core 4.4.1 - Denial of Service Vulnerability, [packetstorm] Nagios Core 4.4.1 Local Denial Of Service, [exploitpack] Nagios Core 4.4.1 - Denial of Service, [exploitdb] Nagios Core 4.4.1 - Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-13457 was patched at 2024-05-15

413. Denial of Service - iOS (CVE-2018-13458) - High [515]

Description: qh_core in Nagios Core 4.4.1 and earlier is prone to a NULL pointer dereference vulnerability, which allows attackers to cause a local denial-of-service condition by sending a crafted payload to the listening UNIX socket.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Nagios Core 4.4.1 - Denial of Service Vulnerability, [packetstorm] Nagios Core 4.4.1 Local Denial Of Service, [exploitpack] Nagios Core 4.4.1 - Denial of Service, [exploitdb] Nagios Core 4.4.1 - Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-13458 was patched at 2024-05-15

414. Denial of Service - vim (CVE-2021-3236) - High [515]

Description: vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714Vim is a free and open-source, screen-based text editor program
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3236 was patched at 2024-05-15

415. Cross Site Scripting - Mozilla Firefox (CVE-2012-4600) - High [514]

Description: Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] OTRS Open Technology Real Services 3.1.8 / 3.1.9 XSS)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4600 was patched at 2024-05-15

416. Cross Site Scripting - PHP (CVE-2007-5977) - High [514]

Description: Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin DB_Create.PHP多个输入验证漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5977 was patched at 2024-05-15

417. Cross Site Scripting - PHP (CVE-2007-6100) - High [514]

Description: Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin登录页面跨站脚本漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6100 was patched at 2024-05-15

418. Cross Site Scripting - PHP (CVE-2008-2960) - High [514]

Description: Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, when register_globals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin远程跨站脚本漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2960 was patched at 2024-05-15

419. Cross Site Scripting - PHP (CVE-2008-3457) - High [514]

Description: Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin setup.php文件跨站脚本执行漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3457 was patched at 2024-05-15

420. Cross Site Scripting - PHP (CVE-2008-4775) - High [514]

Description: Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and CVE-2007-5977.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin DB_Create.PHP多个输入验证漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4775 was patched at 2024-05-15

421. Cross Site Scripting - PHP (CVE-2012-4345) - High [514]

Description: Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin 3.4.x 多个HTML注入漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4345 was patched at 2024-05-15

422. Cross Site Scripting - PHP (CVE-2012-4579) - High [514]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin 3.4.x 多个HTML注入漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4579 was patched at 2024-05-15

423. Memory Corruption - Linux Kernel (CVE-2019-19815) - High [513]

Description: {'vulners_cve_data_all': 'In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fs_recover_fsync_data in fs/f2fs/recovery.c. This is related to F2FS_P_SB in fs/f2fs/f2fs.h.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19815 was patched at 2024-05-15

424. Memory Corruption - Linux Kernel (CVE-2019-19927) - High [513]

Description: In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19927 was patched at 2024-05-15

425. Memory Corruption - Linux Kernel (CVE-2020-27194) - High [513]

Description: {'vulners_cve_data_all': 'An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Incorrect Conversion between Numeric Types in Linux Linux Kernel, [githubexploit] Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux Linux Kernel)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27194 was patched at 2024-05-15

426. Memory Corruption - Linux Kernel (CVE-2022-3113) - High [513]

Description: {'vulners_cve_data_all': 'An issue was discovered in the Linux kernel through 5.16-rc6. mtk_vcodec_fw_vpu_init in drivers/media/platform/mtk-vcodec/mtk_vcodec_fw_vpu.c lacks check of the return value of devm_kzalloc() and will cause the null pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([metasploit] Roxy-WI Prior to 6.1.1.0 Unauthenticated Command Injection RCE, [packetstorm] Roxy-WI Remote Command Execution, [zdt] Roxy-WI Remote Command Execution Exploit)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3113 was patched at 2024-05-15

427. Memory Corruption - Linux Kernel (CVE-2023-31081) - High [513]

Description: {'vulners_cve_data_all': 'An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. There is a NULL pointer dereference in vidtv_mux_stop_thread. In vidtv_stop_streaming, after dvb->mux=NULL occurs, it executes vidtv_mux_stop_thread(dvb->mux).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31081 was patched at 2024-05-15

428. Memory Corruption - Linux Kernel (CVE-2023-31082) - High [513]

Description: {'vulners_cve_data_all': 'An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. Note: This has been disputed by 3rd parties as not a valid vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31082 was patched at 2024-05-15

429. Memory Corruption - Linux Kernel (CVE-2023-37454) - High [513]

Description: An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c. NOTE: the suse.com reference has a different perspective about this.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-37454 was patched at 2024-05-15

430. Information Disclosure - Git (CVE-2022-24975) - High [512]

Description: {'vulners_cve_data_all': 'The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24975 was patched at 2024-05-15

431. Arbitrary File Reading - Exim (CVE-2009-2944) - High [510]

Description: Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ikiwiki teximg插件不安全TeX命令信息泄露漏洞)
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.614Exim is a mail transfer agent (MTA) used on Unix-like operating systems
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2944 was patched at 2024-05-15

432. Denial of Service - Perl (CVE-2009-1391) - High [510]

Description: Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] 'Compress::Raw::Zlib' Perl模块远程代码执行漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1391 was patched at 2024-05-15

433. Denial of Service - Perl (CVE-2014-2241) - High [510]

Description: The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FreeType 'src/cff/cf2ft.c'远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2241 was patched at 2024-05-15

434. Denial of Service - Perl (CVE-2017-11552) - High [510]

Description: mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decoder_run function in decoder.c in libmad) via a crafted MP3 file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] libmad 0.15.1b - mp3 Memory Corruption Exploit, [exploitpack] libmad 0.15.1b - mp3 Memory Corruption, [exploitdb] libmad 0.15.1b - 'mp3' Memory Corruption)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11552 was patched at 2024-05-15

435. Denial of Service - Python (CVE-2010-1666) - High [510]

Description: Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Python-cjson Unicode字符编码缓冲区溢出漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1666 was patched at 2024-05-15

436. Denial of Service - Python (CVE-2023-36807) - High [510]

Description: {'vulners_cve_data_all': 'pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such a malformed PDF. Versions prior to 2.10.5 throw an error, but do not hang forever. This issue was fixed with https://github.com/py-pdf/pypdf/pull/1331 which has been included in release 2.10.6. Users are advised to upgrade. Users unable to upgrade should modify `PyPDF2/generic/_data_structures.py::read_object` to an an error throwing case. See GHSA-hm9v-vj3r-r55m for details. ', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-36807 was patched at 2024-05-15

437. Denial of Service - Python (CVE-2024-28102) - High [510]

Description: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-28102 was patched at 2024-04-30

debian: CVE-2024-28102 was patched at 2024-05-15

oraclelinux: CVE-2024-28102 was patched at 2024-05-07, 2024-05-29

redhat: CVE-2024-28102 was patched at 2024-04-30, 2024-05-22

438. Incorrect Calculation - FreeRDP (CVE-2024-22211) - High [510]

Description: FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.614FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22211 was patched at 2024-05-15

ubuntu: CVE-2024-22211 was patched at 2024-04-24

439. Information Disclosure - Perl (CVE-2017-5487) - High [510]

Description: wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote attackers to obtain sensitive information via a wp-json/wp/v2/users request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Wordpress 4.7.1 - Username Enumeration Exploit, [wpexploit] WordPress 4.7 - User Information Disclosure via REST API, [packetstorm] WordPress Username Enumeration, [seebug] Wordpress < 4.7.1 - Username Enumeration (CVE-2017-5487))
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5487 was patched at 2024-05-15

440. Security Feature Bypass - Perl (CVE-2007-5965) - High [510]

Description: QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into accepting an invalid client certificate for a user.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Trolltech Qt QSslSocket类证书验证绕过安全限制漏洞)
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5965 was patched at 2024-05-15

441. Cross Site Scripting - MediaWiki (CVE-2014-2242) - High [509]

Description: includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MediaWiki 'includes/upload/UploadBase.php'跨站脚本漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2242 was patched at 2024-05-15

442. Denial of Service - GNOME desktop (CVE-2012-2738) - High [508]

Description: The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2738 was patched at 2024-05-15

443. Denial of Service - GNU C Library (CVE-2010-4756) - High [508]

Description: The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT Memory Exhaustion, [packetstorm] Multiple Vendors libc/glob(3) Resource Exhaustion, [packetstorm] Vsftpd 2.3.2 Denial Of Service, [exploitpack] libcglob(3) - Resource Exhaustion Remote ftpd-anonymous (Denial of Service), [exploitpack] FreeBSD 9.1 - ftpd Remote Denial of Service, [seebug] Multiple Vendors libc/glob(3) Resource Exhaustion (+0day remote ftpd-anon), [seebug] FreeBSD 9.1 ftpd Remote Denial of Service, [exploitdb] libc/glob(3) - Resource Exhaustion / Remote ftpd-anonymous (Denial of Service), [exploitdb] FreeBSD 9.1 - 'ftpd' Remote Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4756 was patched at 2024-05-15

444. Denial of Service - OpenSSL (CVE-2006-4343) - High [508]

Description: The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] openssl-dos.txt, [seebug] OpenSSL < 0.9.7l / 0.9.8d SSLv2 Client Crash Exploit, [seebug] OpenSSL SSLv2 - Null Pointer Dereference Client Denial of Service Vulnerability, [seebug] OpenSSL < 0.9.7l / 0.9.8d - SSLv2 Client Crash Exploit, [seebug] Apple Mac OS X 2006-007存在多个安全漏洞, [exploitpack] OpenSSL 0.9.7l0.9.8d - SSLv2 Client Crash, [exploitpack] OpenSSL SSLv2 - Null Pointer Dereference Client Denial of Service, [exploitdb] OpenSSL < 0.9.7l/0.9.8d - SSLv2 Client Crash, [exploitdb] OpenSSL SSLv2 - Null Pointer Dereference Client Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4343 was patched at 2024-05-15

445. Denial of Service - OpenSSL (CVE-2008-0891) - High [508]

Description: Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from third party information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenSSL多个拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0891 was patched at 2024-05-15

446. Denial of Service - OpenSSL (CVE-2008-1672) - High [508]

Description: OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenSSL多个拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1672 was patched at 2024-05-15

447. Denial of Service - PHP (CVE-2009-3622) - High [508]

Description: Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in conjunction with a charset parameter composed of many comma-separated "UTF-8" substrings, related to the mb_convert_encoding function in PHP.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] WordPress Trackback脚本拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3622 was patched at 2024-05-15

448. Denial of Service - RPC (CVE-2007-6599) - High [508]

Description: Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenAFS文件服务器远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6599 was patched at 2024-05-15

449. Memory Corruption - Google Chrome (CVE-2021-30597) - High [508]

Description: Use after free in Browser UI in Google Chrome on Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30597 was patched at 2024-05-15

450. Cross Site Scripting - Git (CVE-2022-39285) - High [507]

Description: ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability (XSS) by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the specific log on the "view=log" page. This vulnerability allows an attacker to store code within the logs that will be executed when loaded by a legitimate user. These actions will be performed with the permission of the victim. This could lead to data loss and/or further exploitation including account takeover. This issue has been addressed in versions `1.36.27` and `1.37.24`. Users are advised to upgrade. Users unable to upgrade should disable database logging.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Zoneminder Log Injection / XSS / Cross Site Request Forgery, [zdt] Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass Exploit, [exploitdb] Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-39285 was patched at 2024-05-15

451. Denial of Service - Cacti (CVE-2007-3112) - High [505]

Description: graph_image.php in Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_start or (2) graph_end parameter, different vectors than CVE-2007-3113.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] New cacti packages fix insufficient input sanitising)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3112 was patched at 2024-05-15

452. Denial of Service - TLS (CVE-2012-1663) - High [505]

Description: Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted certificate list.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] GnuTLS libgnutls Double-free Certificate List Parsing Remote DoS, [exploitpack] GnuTLS libgnutls - Double-Free Certificate List Parsing Remote Denial of Service, [seebug] GnuTLS libgnutls Double-free Certificate List Parsing Remote DoS, [exploitdb] GnuTLS libgnutls - Double-Free Certificate List Parsing Remote Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1663 was patched at 2024-05-15

453. Memory Corruption - Unknown Product (CVE-2024-29131) - High [505]

Description: {'vulners_cve_data_all': 'Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.\n\nUsers are recommended to upgrade to version 2.10.1, which fixes the issue.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29131 was patched at 2024-05-15

454. Cross Site Scripting - Roundcube (CVE-2020-18670) - High [504]

Description: Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18670 was patched at 2024-05-15

455. Cross Site Scripting - Roundcube (CVE-2020-18671) - High [504]

Description: Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18671 was patched at 2024-05-15

456. Denial of Service - Apache Traffic Server (CVE-2012-0256) - High [503]

Description: Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apache Traffic Server HTTP主机标头处理缓冲区溢出漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0256 was patched at 2024-05-15

457. Denial of Service - BIND (CVE-2006-4096) - High [503]

Description: BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2007-005多个安全漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4096 was patched at 2024-05-15

458. Denial of Service - BIND (CVE-2011-1907) - High [503]

Description: ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ISC BIND 9 RRSIG Query类型远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1907 was patched at 2024-05-15

459. Memory Corruption - vim (CVE-2021-3968) - High [503]

Description: vim is vulnerable to Heap-based Buffer Overflow

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Vim is a free and open-source, screen-based text editor program
CVSS Base Score0.810CVSS Base Score is 8.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3968 was patched at 2024-05-15

460. Memory Corruption - vim (CVE-2021-4136) - High [503]

Description: vim is vulnerable to Heap-based Buffer Overflow

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Vim is a free and open-source, screen-based text editor program
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4136 was patched at 2024-05-15

461. Memory Corruption - vim (CVE-2021-4173) - High [503]

Description: vim is vulnerable to Use After Free

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Vim is a free and open-source, screen-based text editor program
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4173 was patched at 2024-05-15

debian: CVE-2021-41736 was patched at 2024-05-15

debian: CVE-2021-41737 was patched at 2024-05-15

462. Information Disclosure - Apache Tomcat (CVE-2008-5519) - High [502]

Description: The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apache Tomcat mod_jk Content-Length头信息泄露漏洞)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5519 was patched at 2024-05-15

463. Security Feature Bypass - Git (CVE-2023-42503) - High [501]

Description: {'vulners_cve_data_all': 'Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress:\xa0from 1.22 before 1.24.0.\n\nUsers are recommended to upgrade to version 1.24.0, which fixes the issue.\n\nA third party can create a malformed TAR file by manipulating file modification times headers, which when parsed with Apache Commons Compress, will cause a denial of service issue via CPU consumption.\n\nIn version 1.22 of Apache Commons Compress, support was added for file modification times with higher precision (issue # COMPRESS-612 [1]). The format for the PAX extended headers carrying this data consists of two numbers separated by a period [2], indicating seconds and subsecond precision (for example “1647221103.5998539”). The impacted fields are “atime”, “ctime”, “mtime” and “LIBARCHIVE.creationtime”. No input validation is performed prior to the parsing of header values.\n\nParsing of these numbers uses the BigDecimal [3] class from the JDK which has a publicly known algorithmic complexity issue when doing operations on large numbers, causing denial of service (see issue # JDK-6560193 [4]). A third party can manipulate file time headers in a TAR file by placing a number with a very long fraction (300,000 digits) or a number with exponent notation (such as “9e9999999”) within a file modification time header, and the parsing of files with these headers will take hours instead of seconds, leading to a denial of service via exhaustion of CPU resources. This issue is similar to CVE-2012-2098 [5].\n\n[1]: https://issues.apache.org/jira/browse/COMPRESS-612 \n[2]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_05 \n[3]: https://docs.oracle.com/javase/8/docs/api/java/math/BigDecimal.html \n[4]: https://bugs.openjdk.org/browse/JDK-6560193 \n[5]: https://vulners.com/cve/CVE-2012-2098 \n\nOnly applications using CompressorStreamFactory class (with auto-detection of file types), TarArchiveInputStream and TarFile classes to parse TAR files are impacted. Since this code was introduced in v1.22, only that version and later versions are impacted.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apache Commons Compress和Apache Ant拒绝服务漏洞)
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-42503 was patched at 2024-05-15

464. Cross Site Scripting - Cacti (CVE-2022-41444) - High [500]

Description: Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-41444 was patched at 2024-05-15

465. Cross Site Scripting - Cacti (CVE-2022-48547) - High [500]

Description: A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48547 was patched at 2024-05-15

466. Cross Site Scripting - Cacti (CVE-2023-39511) - High [500]

Description: Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `reports_admin.php` displays reporting information about graphs, devices, data sources etc. _CENSUS_ found that an adversary that is able to configure a malicious device name, related to a graph attached to a report, can deploy a stored XSS attack against any super user who has privileges of viewing the `reports_admin.php` page, such as administrative accounts. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/reports_admin.php` when the a graph with the maliciously altered device name is linked to the report. This issue has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to upgrade should manually filter HTML output.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39511 was patched at 2024-05-15

467. Cross Site Scripting - Cacti (CVE-2023-50250) - High [500]

Description: Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50250 was patched at 2024-05-15

468. Denial of Service - Unknown Product (CVE-2017-16137) - High [500]

Description: {'vulners_cve_data_all': 'The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16137 was patched at 2024-05-15

469. Remote Code Execution - Unknown Product (CVE-2004-0541) - High [500]

Description: {'vulners_cve_data_all': 'Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Squid NTLM Authenticate Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0541 was patched at 2024-05-15

470. Remote Code Execution - Unknown Product (CVE-2004-0557) - High [500]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] SoX - .wav Local Buffer Overflow, [seebug] SoX - (.wav) Local Buffer Overflow Exploiter, [seebug] SoX Local Buffer Overflow Exploiter (Via Crafted WAV File), [packetstorm] evil_song.py, [exploitdb] SoX - '.wav' Local Buffer Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0557 was patched at 2024-05-15

471. Remote Code Execution - Unknown Product (CVE-2005-1099) - High [500]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] GLD (Greylisting Daemon) Postfix Buffer Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1099 was patched at 2024-05-15

472. Remote Code Execution - Unknown Product (CVE-2006-5815) - High [500]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] vd_proftpd.pm.txt, [packetstorm] ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5815 was patched at 2024-05-15

473. Remote Code Execution - Unknown Product (CVE-2008-1100) - High [500]

Description: {'vulners_cve_data_all': 'Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ClamAV libclamav/pe.c UPACK文件处理堆溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1100 was patched at 2024-05-15

474. Remote Code Execution - Unknown Product (CVE-2008-1558) - High [500]

Description: {'vulners_cve_data_all': 'Uncontrolled array index in the sdpplin_parse function in stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers to overwrite memory and execute arbitrary code via a large streamid SDP parameter. NOTE: this issue has been referred to as an integer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MPlayer sdpplin_parse()函数RTSP整数溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1558 was patched at 2024-05-15

475. Remote Code Execution - Unknown Product (CVE-2008-2469) - High [500]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] libspf2 DNS TXT记录处理堆溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2469 was patched at 2024-05-15

476. Remote Code Execution - Unknown Product (CVE-2008-5030) - High [500]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the cddb_read_disc_data function in cddb.c in libcdaudio 0.99.12p2 allows remote CDDB servers to execute arbitrary code via long CDDB data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] libcdaudio cddb.c远程堆溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5030 was patched at 2024-05-15

477. Remote Code Execution - Unknown Product (CVE-2009-0544) - High [500]

Description: {'vulners_cve_data_all': 'Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] PyCrypto ARC2模块缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0544 was patched at 2024-05-15

478. Remote Code Execution - Unknown Product (CVE-2009-0839) - High [500]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when the server has a map with a long IMAGEPATH or NAME attribute, allows remote attackers to execute arbitrary code via a crafted id parameter in a query action.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MapServer mapserv程序多个远程安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0839 was patched at 2024-05-15

479. Remote Code Execution - Unknown Product (CVE-2009-1372) - High [500]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ClamAV UPack拒绝服务和cli_url_canon()栈溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1372 was patched at 2024-05-15

480. Remote Code Execution - Unknown Product (CVE-2009-2281) - High [500]

Description: {'vulners_cve_data_all': 'Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-0840.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MapServer mapserv程序多个远程安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2281 was patched at 2024-05-15

481. Remote Code Execution - Unknown Product (CVE-2009-2415) - High [500]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Memcached多个基于堆的缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2415 was patched at 2024-05-15

482. Remote Code Execution - Unknown Product (CVE-2009-2694) - High [500]

Description: {'vulners_cve_data_all': 'The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Pidgin MSN 2.5.8 - Remote Code Execution, [seebug] Pidgin MSN <= 2.5.8 - Remote Code Execution Exploit, [seebug] Pidgin Libpurple库msn_slplink_process_msg()函数内存破坏漏洞, [seebug] Pidgin MSN <= 2.5.8 Remote Code Execution Exploit, [seebug] Pidgin多个缓冲区溢出漏洞, [packetstorm] Pidgin MSN 2.5.8 Code Execution, [exploitdb] Pidgin MSN 2.5.8 - Remote Code Execution)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2694 was patched at 2024-05-15

483. Remote Code Execution - Unknown Product (CVE-2010-4221) - High [500]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([saint] ProFTPD Telnet IAC buffer overflow, [saint] ProFTPD Telnet IAC buffer overflow, [saint] ProFTPD Telnet IAC buffer overflow, [saint] ProFTPD Telnet IAC buffer overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4221 was patched at 2024-05-15

484. Remote Code Execution - Unknown Product (CVE-2011-3012) - High [500]

Description: {'vulners_cve_data_all': 'The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file, a different vulnerability than CVE-2011-2764.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Quake 3 Shell Injection / Code Execution)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3012 was patched at 2024-05-15

485. Remote Code Execution - Unknown Product (CVE-2013-0277) - High [500]

Description: {'vulners_cve_data_all': 'ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 allows remote attackers to cause a denial of service or execute arbitrary code via crafted serialized attributes that cause the +serialize+ helper to deserialize arbitrary YAML.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Ruby on Rails 远程代码执行漏洞(CVE-2013-0277))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0277 was patched at 2024-05-15

486. Remote Code Execution - Unknown Product (CVE-2014-0011) - High [500]

Description: {'vulners_cve_data_all': 'Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] TigerVNC "ZRLE_DECODE()"缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0011 was patched at 2024-05-15

487. Remote Code Execution - Unknown Product (CVE-2014-8322) - High [500]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Aireplay-ng 1.2 beta3 - tcp_test Length Stack Overflow, [seebug] Aireplay-ng 1.2 beta3 - "tcp_test" Length Parameter Stack Overflow, [exploitdb] Aireplay-ng 1.2 beta3 - 'tcp_test' Length Stack Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8322 was patched at 2024-05-15

488. Remote Code Execution - Unknown Product (CVE-2015-0855) - High [500]

Description: {'vulners_cve_data_all': 'The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0855 was patched at 2024-05-15

489. Remote Code Execution - Unknown Product (CVE-2015-8396) - High [500]

Description: {'vulners_cve_data_all': 'Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbitrary code via crafted header dimensions in a DICOM image file, which triggers a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Grassroots DICOM (GDCM) 2.6.0 and 2.6.1 - ImageRegionReader::ReadIntoBuffer Buffer Overflow, [zdt] Grassroots DICOM (GDCM) 2.6.0 and 2.6.1 - ImageRegionReader::ReadIntoBuffer Buffer Overflow, [exploitdb] Grassroots DICOM (GDCM) 2.6.0 and 2.6.1 - ImageRegionReader::ReadIntoBuffer Buffer Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8396 was patched at 2024-05-15

490. Remote Code Execution - Unknown Product (CVE-2016-1000027) - High [500]

Description: {'vulners_cve_data_all': 'Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1000027 was patched at 2024-05-15

491. Remote Code Execution - Unknown Product (CVE-2016-2563) - High [500]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Putty pscp 0.66 - Stack Buffer Overwrite, [zdt] Putty pscp 0.66 - Stack Buffer Overwrite, [seebug] PuTTY pscp 客户端栈缓冲区覆盖(CVE-2016-2563), [exploitdb] Putty pscp 0.66 - Stack Buffer Overwrite)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2563 was patched at 2024-05-15

492. Remote Code Execution - Unknown Product (CVE-2016-6809) - High [500]

Description: {'vulners_cve_data_all': 'Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apache Tika remote code execution vulnerability(CVE-2016-6809), [zdt] Apache Tika 1.13 Code Execution Vulnerability)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6809 was patched at 2024-05-15

493. Remote Code Execution - Unknown Product (CVE-2017-2800) - High [500]

Description: {'vulners_cve_data_all': 'A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] wolfSSL 3.10.2 - x509 Certificate Text Parsing Off-by-One, [seebug] WolfSSL library X509 Certificate Text Parsing Code Execution Vulnerability(CVE-2017-2800), [exploitpack] wolfSSL 3.10.2 - x509 Certificate Text Parsing Off-by-One, [exploitdb] wolfSSL 3.10.2 - x509 Certificate Text Parsing Off-by-One)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2800 was patched at 2024-05-15

494. Remote Code Execution - Unknown Product (CVE-2017-2891) - High [500]

Description: {'vulners_cve_data_all': 'An exploitable use-after-free vulnerability exists in the HTTP server implementation of Cesanta Mongoose 6.8. An ordinary HTTP POST request with a CGI target can cause a reuse of previously freed pointer potentially resulting in remote code execution. An attacker needs to send this HTTP request over the network to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Cesanta Mongoose HTTP Server CGI Remote Code Execcution Vulnerability(CVE-2017-2891))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2891 was patched at 2024-05-15

495. Remote Code Execution - Unknown Product (CVE-2017-2892) - High [500]

Description: {'vulners_cve_data_all': 'An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT packet can cause an arbitrary out-of-bounds memory read and write potentially resulting in information disclosure, denial of service and remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Cesanta Mongoose MQTT Payload Length Remote Code Execution(CVE-2017-2892))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2892 was patched at 2024-05-15

496. Remote Code Execution - Unknown Product (CVE-2017-2894) - High [500]

Description: {'vulners_cve_data_all': 'An exploitable stack buffer overflow vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause a stack buffer overflow resulting in remote code execution. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Cesanta Mongoose MQTT SUBSCRIBE Multiple Topics Remote Code Execution(CVE-2017-2894))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2894 was patched at 2024-05-15

497. Remote Code Execution - Unknown Product (CVE-2017-2921) - High [500]

Description: {'vulners_cve_data_all': 'An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of service and potential remote code execution. An attacker needs to send a specially crafted websocket packet over network to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Cesanta Mongoose Websocket Protocol Packet Length Code Execution Vulnerability(CVE-2017-2921))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2921 was patched at 2024-05-15

498. Remote Code Execution - Unknown Product (CVE-2017-2922) - High [500]

Description: {'vulners_cve_data_all': 'An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause a buffer to be allocated while leaving stale pointers which leads to a use-after-free vulnerability which can be exploited to achieve remote code execution. An attacker needs to send a specially crafted websocket packet over the network to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Cesanta Mongoose Websocket Protocol Fragmented Packet Code Execution Vulnerability(CVE-2017-2922))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2922 was patched at 2024-05-15

499. Remote Code Execution - Unknown Product (CVE-2019-5420) - High [500]

Description: {'vulners_cve_data_all': 'A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Use of Insufficiently Random Values in Rubyonrails Rails, [githubexploit] Exploit for Use of Insufficiently Random Values in Rubyonrails Rails, [githubexploit] Exploit for Use of Insufficiently Random Values in Rubyonrails Rails, [githubexploit] Exploit for Use of Insufficiently Random Values in Rubyonrails Rails, [githubexploit] Exploit for Vulnerability in Rubyonrails Rails, [packetstorm] Ruby On Rails DoubleTap Development Mode secret_key_base Remote Code Execution, [metasploit] Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability, [zdt] Ruby On Rails DoubleTap Development Mode secret_key_base Remote Code Execution Exploit, [exploitdb] Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit), [canvas] Immunity Canvas: RAILS_ACTIVESTORAGE_RCE)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5420 was patched at 2024-05-15

500. Remote Code Execution - Unknown Product (CVE-2020-13576) - High [500]

Description: {'vulners_cve_data_all': 'A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13576 was patched at 2024-05-15

501. Remote Code Execution - Unknown Product (CVE-2020-20703) - High [500]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-20703 was patched at 2024-05-15

502. Remote Code Execution - Unknown Product (CVE-2021-20308) - High [500]

Description: {'vulners_cve_data_all': 'Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-20308 was patched at 2024-05-15

503. Remote Code Execution - Unknown Product (CVE-2021-21783) - High [500]

Description: {'vulners_cve_data_all': 'A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-21783 was patched at 2024-05-15

504. Remote Code Execution - Unknown Product (CVE-2021-31800) - High [500]

Description: {'vulners_cve_data_all': 'Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31800 was patched at 2024-05-15

505. Remote Code Execution - Unknown Product (CVE-2021-32798) - High [500]

Description: {'vulners_cve_data_all': 'The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim opens a malicious ipynb document in Jupyter Notebook. The XSS allows an attacker to execute arbitrary code on the victim computer using Jupyter APIs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32798 was patched at 2024-05-15

506. Remote Code Execution - Unknown Product (CVE-2021-43523) - High [500]

Description: {'vulners_cve_data_all': 'In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or injection into applications (leading to remote code execution, XSS, applications crashes, etc.). In other words, a validation step, which is expected in any stub resolver, does not occur.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43523 was patched at 2024-05-15

507. Remote Code Execution - Unknown Product (CVE-2022-29622) - High [500]

Description: {'vulners_cve_data_all': 'An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the desired behavior. Also, there are configuration options in all versions that can change the default behavior of how files are handled. Strapi does not consider this to be a valid vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29622 was patched at 2024-05-15

508. Remote Code Execution - Unknown Product (CVE-2023-26035) - High [500]

Description: {'vulners_cve_data_all': 'ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] ZoneMinder Snapshots < 1.37.33 - Unauthenticated Remote Code Execution Exploit, [zdt] ZoneMinder Snapshots Command Injection Exploit, [packetstorm] ZoneMinder Snapshots Command Injection, [packetstorm] ZoneMinder Snapshots Remote Code Execution, [githubexploit] Exploit for Missing Authorization in Zoneminder, [githubexploit] Exploit for Missing Authorization in Zoneminder, [githubexploit] Exploit for Missing Authorization in Zoneminder, [githubexploit] Exploit for Missing Authorization in Zoneminder, [exploitdb] ZoneMinder Snapshots < 1.37.33 - Unauthenticated RCE)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26035 was patched at 2024-05-15

509. Remote Code Execution - Unknown Product (CVE-2023-36109) - High [500]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Classic Buffer Overflow in Jerryscript)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-36109 was patched at 2024-05-15

510. Remote Code Execution - Unknown Product (CVE-2023-49093) - High [500]

Description: {'vulners_cve_data_all': 'HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. This vulnerability has been patched in version 3.9.0', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49093 was patched at 2024-05-15

511. Remote Code Execution - Unknown Product (CVE-2023-49606) - High [500]

Description: {'vulners_cve_data_all': 'A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution. An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for CVE-2023-49606, [githubexploit] Exploit for CVE-2023-49606)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49606 was patched at 2024-05-15, 2024-06-05

512. Denial of Service - Python (CVE-2023-36464) - High [498]

Description: {'vulners_cve_data_all': 'pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b"\\r", b"\\n")` in `pypdf/generic/_data_structures.py` to `while peek not in (b"\\r", b"\\n", b"")`.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-36464 was patched at 2024-05-15

513. Denial of Service - Wireshark (CVE-2015-8735) - High [498]

Description: The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (invalid write operation and application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Wireshark - memcpy (get_value / dissect_btatt) SIGSEGV)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8735 was patched at 2024-05-15

514. Denial of Service - Wireshark (CVE-2015-8736) - High [498]

Description: The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Wireshark - file_read (wtap_read_bytes_or_eof/mp2t_find_next_pcr) Stack Based Buffer Overflow)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8736 was patched at 2024-05-15

515. Denial of Service - Wireshark (CVE-2015-8739) - High [498]

Description: The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Wireshark - wmem_alloc Assertion Failure)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8739 was patched at 2024-05-15

516. Denial of Service - Wireshark (CVE-2016-6512) - High [498]

Description: epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Wireshark 2.0.0 < 2.0.4 - MMSE / WAP / WBXML / WSP Dissectors Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6512 was patched at 2024-05-15

517. Elevation of Privilege - Linux Kernel (CVE-2019-18675) - High [498]

Description: The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-18675 was patched at 2024-05-15

518. Memory Corruption - tiffcrop (CVE-2023-25434) - High [498]

Description: {'vulners_cve_data_all': 'libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Tiffcrop processes one or more files created according to the Tag Image File Format, Revision 6.0, specification into one or more TIFF file(s)
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-25434 was patched at 2024-05-15

519. Authentication Bypass - Unknown Product (CVE-2021-42949) - High [496]

Description: {'vulners_cve_data_all': 'The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for CVE-2021-42949)
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42949 was patched at 2024-05-15

520. Authentication Bypass - Unknown Product (CVE-2022-32532) - High [496]

Description: {'vulners_cve_data_all': 'Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Incorrect Authorization in Apache Shiro)
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-32532 was patched at 2024-05-15

521. Denial of Service - RPC (CVE-2013-4261) - High [496]

Description: OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using Apache Qpid for the RPC backend, does not properly handle errors that occur during messaging, which allows remote attackers to cause a denial of service (connection pool consumption), as demonstrated using multiple requests that send long strings to an instance console and retrieving the console log.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenStack Nova拒绝服务漏洞(CVE-2013-4261))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4261 was patched at 2024-05-15

522. Memory Corruption - Binutils (CVE-2020-16590) - High [496]

Description: {'vulners_cve_data_all': 'A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-16590 was patched at 2024-05-15

523. Memory Corruption - Binutils (CVE-2020-35493) - High [496]

Description: A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35493 was patched at 2024-05-15

524. Memory Corruption - Binutils (CVE-2020-35495) - High [496]

Description: {'vulners_cve_data_all': 'There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35495 was patched at 2024-05-15

525. Memory Corruption - Binutils (CVE-2020-35496) - High [496]

Description: {'vulners_cve_data_all': 'There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35496 was patched at 2024-05-15

526. Memory Corruption - Binutils (CVE-2020-35507) - High [496]

Description: {'vulners_cve_data_all': 'There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35507 was patched at 2024-05-15

527. Security Feature Bypass - FreeIPA (CVE-2024-1481) - High [496]

Description: {'vulners_cve_data_all': 'A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814FreeIPA is a free and open source identity management system
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-1481 was patched at 2024-04-30

debian: CVE-2024-1481 was patched at 2024-05-15

oraclelinux: CVE-2024-1481 was patched at 2024-05-03, 2024-05-24

redhat: CVE-2024-1481 was patched at 2024-04-30, 2024-05-22

528. Remote Code Execution - Git (CVE-2005-4268) - High [495]

Description: Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] VMware ESX Service Console多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Git
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4268 was patched at 2024-05-15

529. Code Injection - Unknown Product (CVE-2016-7954) - High [494]

Description: {'vulners_cve_data_all': 'Bundler 1.x might allow remote attackers to inject arbitrary Ruby code into an application by leveraging a gem name collision on a secondary source. NOTE: this might overlap CVE-2013-0334.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7954 was patched at 2024-05-15

530. Code Injection - Unknown Product (CVE-2021-23383) - High [494]

Description: {'vulners_cve_data_all': 'The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-23383 was patched at 2024-05-15

531. Command Injection - Unknown Product (CVE-2019-8341) - High [494]

Description: {'vulners_cve_data_all': 'An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-8341 was patched at 2024-05-15

532. Command Injection - Unknown Product (CVE-2021-27905) - High [494]

Description: {'vulners_cve_data_all': 'The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the "shards" parameter. Prior to this bug getting fixed, it did not. This problem affects essentially all Solr versions prior to it getting fixed in 8.8.2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Server-Side Request Forgery in Apache Solr, [githubexploit] Exploit for Server-Side Request Forgery in Apache Solr, [githubexploit] Exploit for Server-Side Request Forgery in Apache Solr, [githubexploit] Exploit for Server-Side Request Forgery in Apache Solr, [seebug] Apache Solr SSRF漏洞 (CVE-2021-27905))
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-27905 was patched at 2024-05-15

533. Command Injection - Unknown Product (CVE-2022-35583) - High [494]

Description: {'vulners_cve_data_all': 'wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] wkhtmltopdf 0.12.6 - Server Side Request Forgery Vulnerability, [packetstorm] wkhtmltopdf 0.12.6 Server-Side Request Forgery)
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35583 was patched at 2024-05-15

534. Command Injection - Unknown Product (CVE-2022-40083) - High [494]

Description: {'vulners_cve_data_all': 'Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-40083 was patched at 2024-05-15

535. Command Injection - Unknown Product (CVE-2023-38336) - High [494]

Description: {'vulners_cve_data_all': 'netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Avaya CMS / IR Solaris scp命令行shell命令注入漏洞, [githubexploit] Exploit for OS Command Injection in Openbsd Openssh, [githubexploit] Exploit for OS Command Injection in Openbsd Openssh)
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38336 was patched at 2024-05-15

536. Denial of Service - Cacti (CVE-2007-3113) - High [494]

Description: Cacti 0.8.6i, and possibly other versions, allows remote authenticated users to cause a denial of service (CPU consumption) via a large value of the (1) graph_height or (2) graph_width parameter, different vectors than CVE-2007-3112.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] New cacti packages fix insufficient input sanitising)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3113 was patched at 2024-05-15

537. Denial of Service - nginx (CVE-2011-4315) - High [494]

Description: Heap-based buffer overflow in compression-pointer processing in core/ngx_resolver.c in nginx before 1.0.10 allows remote resolvers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long response.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] nginx DNS解析器远程堆缓冲区溢出漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4315 was patched at 2024-05-15

538. Security Feature Bypass - Cacti (CVE-2023-30534) - High [494]

Description: {'vulners_cve_data_all': 'Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory (phpseclib), the necessary gadgets are not included, making them inaccessible and the insecure deserializations not exploitable. Each instance of insecure deserialization is due to using the unserialize function without sanitizing the user input. Cacti has a “safe” deserialization that attempts to sanitize the content and check for specific values before calling unserialize, but it isn’t used in these instances. The vulnerable code lies in graphs_new.php, specifically within the host_new_graphs_save function. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-30534 was patched at 2024-05-15

539. Security Feature Bypass - Unknown Product (CVE-2020-7610) - High [494]

Description: {'vulners_cve_data_all': 'All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package will ignore an unknown value for an object's _bsotype, leading to cases where an object is serialized as a document rather than the intended BSON type.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7610 was patched at 2024-05-15

540. Information Disclosure - nginx (CVE-2012-1180) - High [493]

Description: Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before 1.1.17 allows remote HTTP servers to obtain sensitive information from process memory via a crafted backend response, in conjunction with a client request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] nginx 'ngx_cpystrn()'信息泄露漏洞(CVE-2012-1180))
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1180 was patched at 2024-05-15

541. Cross Site Scripting - Perl (CVE-2008-5080) - High [492]

Description: awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] AWStats awstats.pl跨站脚本漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5080 was patched at 2024-05-15

542. Cross Site Scripting - Perl (CVE-2010-2087) - High [492]

Description: Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Oracle Mojarra ViewState远程跨站脚本漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2087 was patched at 2024-05-15

543. Cross Site Scripting - Perl (CVE-2012-2751) - High [492]

Description: ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ModSecurity引号解析安全限制绕过漏洞(CVE-2012-2751), [packetstorm] Parodia 6.8 SQL Injection)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2751 was patched at 2024-05-15

544. Cross Site Scripting - Perl (CVE-2012-4230) - High [492]

Description: The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors, as demonstrated using a textarea element.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] TinyMCE 3.5.8 Cross Site Scripting)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4230 was patched at 2024-05-15

545. Cross Site Scripting - Perl (CVE-2013-1855) - High [492]

Description: The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Ruby on Rails 'sanitize_css()'方法跨站脚本漏洞(CVE-2013-1855))
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1855 was patched at 2024-05-15

546. Cross Site Scripting - Roundcube (CVE-2009-0413) - High [492]

Description: Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Roundcube Webmail邮件消息HTML注入漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0413 was patched at 2024-05-15

547. Cross Site Scripting - Roundcube (CVE-2013-5645) - High [492]

Description: Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote authenticated users to inject arbitrary web script or HTML via an HTML signature, related to save_identity.inc.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Roundcube Webmail 0.9.2 Cross Site Scripting)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-5645 was patched at 2024-05-15

548. Arbitrary File Writing - Unknown Product (CVE-2009-4013) - High [491]

Description: {'vulners_cve_data_all': 'Multiple directory traversal vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to overwrite arbitrary files or obtain sensitive information via vectors involving (1) control field names, (2) control field values, and (3) control files of patch systems.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Debian Lintian多个本地安全漏洞)
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4013 was patched at 2024-05-15

549. Arbitrary File Writing - Unknown Product (CVE-2019-3681) - High [491]

Description: {'vulners_cve_data_all': 'A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP4; openSUSE Leap 15.1, openSUSE Factory allowed remote attackers that can change downloaded packages to overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12-SP5 osc versions prior to 0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1-lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-3681 was patched at 2024-05-15

550. Denial of Service - BIND (CVE-2021-32823) - High [491]

Description: In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with <user_input>.constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32823 was patched at 2024-05-15

551. Denial of Service - Curl (CVE-2011-0418) - High [491]

Description: The glob implementation in Pure-FTPd before 1.0.32, and in libc in NetBSD 5.1, does not properly expand expressions containing curly brackets, which allows remote authenticated users to cause a denial of service (memory consumption) via a crafted FTP STAT command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] FreeBSD 9.1 - ftpd Remote Denial of Service, [seebug] FreeBSD 9.1 ftpd Remote Denial of Service, [exploitdb] FreeBSD 9.1 - 'ftpd' Remote Denial of Service, [packetstorm] Multiple Vendors libc/glob(3) GLOB_BRACE|GLOB_LIMIT Memory Exhaustion)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0418 was patched at 2024-05-15

552. Denial of Service - FFmpeg (CVE-2009-4636) - High [491]

Description: FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg多个媒体文件解析拒绝服务和代码执行漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4636 was patched at 2024-05-15

553. Denial of Service - FFmpeg (CVE-2009-4639) - High [491]

Description: The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg多个媒体文件解析拒绝服务和代码执行漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4639 was patched at 2024-05-15

554. Memory Corruption - FFmpeg (CVE-2020-35964) - High [491]

Description: track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35964 was patched at 2024-05-15

555. Memory Corruption - macOS (CVE-2021-31321) - High [491]

Description: {'vulners_cve_data_all': 'Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Stack Based Overflow in the gray_split_cubic function of their custom fork of the rlottie library. A remote attacker might be able to overwrite Telegram's stack memory out-of-bounds on a victim device via a malicious animated sticker.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714macOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31321 was patched at 2024-05-15

556. Denial of Service - Apache HTTP Server (CVE-2011-4415) - High [489]

Description: The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow Vulnerability, [seebug] Apache HTTP Server 'ap_pregsub()'函数本地拒绝服务漏洞(CVE-2011-4415), [seebug] Apache HTTP Server "ap_pregsub()"函数本地权限提升漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4415 was patched at 2024-05-15

557. Path Traversal - Git (CVE-2021-40978) - High [489]

Description: The mkdocs 1.2.2 built-in dev-server allows directory traversal using the port 8000, enabling remote exploitation to obtain :sensitive information. NOTE: the vendor has disputed this as described in https://github.com/mkdocs/mkdocs/issues/2601.] and https://github.com/nisdn/CVE-2021-40978/issues/1

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Path Traversal in Mkdocs)
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40978 was patched at 2024-05-15

558. Cross Site Scripting - Cacti (CVE-2023-39366) - High [488]

Description: Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The `data_sources.php` script displays the data source management information (e.g. data source path, polling configuration etc.) for different data visualizations of the _cacti_ app. CENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39366 was patched at 2024-05-15

559. Cross Site Scripting - Cacti (CVE-2023-39510) - High [488]

Description: Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The`reports_admin.php` script displays reporting information about graphs, devices, data sources etc. CENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/reports_admin.php` when the a graph with the maliciously altered device name is linked to the report. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39510 was patched at 2024-05-15

560. Cross Site Scripting - Cacti (CVE-2023-39512) - High [488]

Description: Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_sources.php` displays the data source management information (e.g. data source path, polling configuration, device name related to the datasource etc.) for different data visualizations of the _cacti_ app. _CENSUS_ found that an adversary that is able to configure a malicious device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39512 was patched at 2024-05-15

561. Cross Site Scripting - Cacti (CVE-2023-39514) - High [488]

Description: Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `graphs.php` displays graph details such as data-source paths, data template information and graph related fields. _CENSUS_ found that an adversary that is able to configure either a data-source template with malicious code appended in the data-source name or a device with a malicious payload injected in the device name, may deploy a stored XSS attack against any user with _General Administration>Graphs_ privileges. A user that possesses the _Template Editor>Data Templates_ permissions can configure the data-source name in _cacti_. Please note that this may be a _low privileged_ user. This configuration occurs through `http://<HOST>/cacti/data_templates.php` by editing an existing or adding a new data template. If a template is linked to a graph then the formatted template name will be rendered in the graph's management page. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device name in _cacti_. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to upgrade should add manual HTML escaping.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39514 was patched at 2024-05-15

562. Information Disclosure - Git (CVE-2024-31497) - High [488]

Description: {'vulners_cve_data_all': 'In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Putty)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31497 was patched at 2024-05-15

redos: CVE-2024-31497 was patched at 2024-05-03

563. Remote Code Execution - Unknown Product (CVE-2007-1536) - High [488]

Description: {'vulners_cve_data_all': 'Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2007-005多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1536 was patched at 2024-05-15

564. Remote Code Execution - Unknown Product (CVE-2007-3762) - High [488]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to execute arbitrary code by sending a long (1) voice or (2) video RTP frame.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Asterisk IAX2隧道驱动IAX2_Write函数远程栈溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3762 was patched at 2024-05-15

565. Remote Code Execution - Unknown Product (CVE-2007-5849) - High [488]

Description: {'vulners_cve_data_all': 'Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] CUPS SNMP后端asn1_get_string()函数远程栈溢出漏洞, [seebug] Apple Mac OS X v10.5.1 2007-009 Multiple Security Vulnerabilities)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5849 was patched at 2024-05-15

566. Remote Code Execution - Unknown Product (CVE-2008-0888) - High [488]

Description: {'vulners_cve_data_all': 'The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Info-ZIP UnZip inflate_dynamic()函数堆破坏漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0888 was patched at 2024-05-15

567. Remote Code Execution - Unknown Product (CVE-2008-0984) - High [488]

Description: {'vulners_cve_data_all': 'The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] VideoLAN VLC媒体播放器MP4 Demuxer远程代码执行漏洞, [packetstorm] Core Security Technologies Advisory 2008.0130)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0984 was patched at 2024-05-15

568. Remote Code Execution - Unknown Product (CVE-2008-1670) - High [488]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] KDE KHTML PNGLoader堆溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1670 was patched at 2024-05-15

569. Remote Code Execution - Unknown Product (CVE-2008-2426) - High [488]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] imlib2库多个栈溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2426 was patched at 2024-05-15

570. Remote Code Execution - Unknown Product (CVE-2008-3632) - High [488]

Description: {'vulners_cve_data_all': 'Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple iPod Touch 2.1版本之前多个远程漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3632 was patched at 2024-05-15

571. Remote Code Execution - Unknown Product (CVE-2008-3732) - High [488]

Description: {'vulners_cve_data_all': 'Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3732 was patched at 2024-05-15

572. Remote Code Execution - Unknown Product (CVE-2008-4654) - High [488]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([saint] VLC media player TY file parse_master buffer overflow, [saint] VLC media player TY file parse_master buffer overflow, [saint] VLC media player TY file parse_master buffer overflow, [saint] VLC media player TY file parse_master buffer overflow, [packetstorm] VideoLAN VLC TiVo Buffer Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4654 was patched at 2024-05-15

573. Remote Code Execution - Unknown Product (CVE-2008-4686) - High [488]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([saint] VLC media player TY file parse_master buffer overflow, [saint] VLC media player TY file parse_master buffer overflow, [saint] VLC media player TY file parse_master buffer overflow, [saint] VLC media player TY file parse_master buffer overflow, [packetstorm] VideoLAN VLC TiVo Buffer Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4686 was patched at 2024-05-15

574. Remote Code Execution - Unknown Product (CVE-2008-4829) - High [488]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow remote attackers to execute arbitrary code via (1) a long "Zwitterion v" HTTP header, related to the http_parse_sc_header function; (2) a crafted pls playlist with a long entry, related to the http_get_pls function; or (3) a crafted m3u playlist with a long File entry, related to the http_get_m3u function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Streamripper lib/http.c文件多个缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4829 was patched at 2024-05-15

575. Remote Code Execution - Unknown Product (CVE-2008-5032) - High [488]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originally included an issue related to RealText, but that issue has been assigned a separate identifier, CVE-2008-5036.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([saint] VLC media player RealText subtitle file ParseRealText buffer overflow, [saint] VLC media player RealText subtitle file ParseRealText buffer overflow, [saint] VLC media player RealText subtitle file ParseRealText buffer overflow, [saint] VLC media player RealText subtitle file ParseRealText buffer overflow, [packetstorm] VLC Media Player RealText Subtitle Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5032 was patched at 2024-05-15

576. Remote Code Execution - Unknown Product (CVE-2008-5036) - High [488]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the ParseRealText function in modules/demux/subtitle.c. NOTE: this issue was SPLIT from CVE-2008-5032 on 20081110.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([saint] VLC media player RealText subtitle file ParseRealText buffer overflow, [saint] VLC media player RealText subtitle file ParseRealText buffer overflow, [saint] VLC media player RealText subtitle file ParseRealText buffer overflow, [saint] VLC media player RealText subtitle file ParseRealText buffer overflow, [packetstorm] VLC Media Player RealText Subtitle Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5036 was patched at 2024-05-15

577. Remote Code Execution - Unknown Product (CVE-2008-5101) - High [488]

Description: {'vulners_cve_data_all': 'Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows user-assisted attackers to execute arbitrary code via a crafted BMP image, related to an "array overflow."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OptiPNG BMP阅读器缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5101 was patched at 2024-05-15

578. Remote Code Execution - Unknown Product (CVE-2008-5276) - High [488]

Description: {'vulners_cve_data_all': 'Integer overflow in the ReadRealIndex function in real.c in the Real demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows remote attackers to execute arbitrary code via a malformed RealMedia (.rm) file that triggers a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5276 was patched at 2024-05-15

579. Remote Code Execution - Unknown Product (CVE-2009-0186) - High [488]

Description: {'vulners_cve_data_all': 'Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] libsndfile CAF文件处理堆溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0186 was patched at 2024-05-15

580. Remote Code Execution - Unknown Product (CVE-2009-1376) - High [488]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Pidgin多个缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1376 was patched at 2024-05-15

581. Remote Code Execution - Unknown Product (CVE-2009-3607) - High [488]

Description: {'vulners_cve_data_all': 'Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Poppler 'create_surface_from_thumbnail_data()'整数溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3607 was patched at 2024-05-15

582. Remote Code Execution - Unknown Product (CVE-2009-4270) - High [488]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Ghostscript errprintf()函数PDF文件处理栈溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4270 was patched at 2024-05-15

583. Remote Code Execution - Unknown Product (CVE-2010-2546) - High [488]

Description: {'vulners_cve_data_all': 'Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Winamp模块解码器插件多个缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2546 was patched at 2024-05-15

584. Remote Code Execution - Unknown Product (CVE-2011-4130) - High [488]

Description: {'vulners_cve_data_all': 'Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ProFTPD Prior To 1.3.3g Use-After-Free 远程代码执行漏洞, [seebug] ProFTPD响应池释放后重用代码执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4130 was patched at 2024-05-15

585. Remote Code Execution - Unknown Product (CVE-2012-1775) - High [488]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 allows remote attackers to execute arbitrary code via a crafted MMS:// stream.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] VLC Media Player MMS流栈缓冲区溢出漏洞, [saint] VideoLAN VLC Media Player MMS URI Stack Overflow, [saint] VideoLAN VLC Media Player MMS URI Stack Overflow, [saint] VideoLAN VLC Media Player MMS URI Stack Overflow, [saint] VideoLAN VLC Media Player MMS URI Stack Overflow, [packetstorm] VLC MMS Stream Handling Buffer Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1775 was patched at 2024-05-15

586. Remote Code Execution - Unknown Product (CVE-2015-7505) - High [488]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW stream in a GIF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Libnsgif 0.1.2 Stack Overflow / Out-Of-Bounds Read Exploit)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7505 was patched at 2024-05-15

587. Remote Code Execution - Unknown Product (CVE-2015-7508) - High [488]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the last row of RLE data in a crafted BMP file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Libnsbmp 0.1.2 Heap Overflow / Out-Of-Bounds Read Exploit)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7508 was patched at 2024-05-15

588. Remote Code Execution - Unknown Product (CVE-2017-2814) - High [488]

Description: {'vulners_cve_data_all': 'An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Poppler PDF Image Display DCTStream::readScan() Code Execution Vulnerability(CVE-2017-2814))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2814 was patched at 2024-05-15

589. Remote Code Execution - Unknown Product (CVE-2018-15537) - High [488]

Description: {'vulners_cve_data_all': 'Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] OCS Inventory NG ocsreports Shell Upload, [zdt] OCS Inventory NG ocsreports Shell Upload Vulnerability)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-15537 was patched at 2024-05-15

590. Remote Code Execution - Unknown Product (CVE-2019-5064) - High [488]

Description: {'vulners_cve_data_all': 'An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4.2.0. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5064 was patched at 2024-05-15

591. Remote Code Execution - Unknown Product (CVE-2020-24020) - High [488]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24020 was patched at 2024-05-15

592. Remote Code Execution - Unknown Product (CVE-2020-28589) - High [488]

Description: {'vulners_cve_data_all': 'An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloader v2.0-rc1 and tinyobjloader development commit 79d4421. A specially crafted file could lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28589 was patched at 2024-05-15

593. Remote Code Execution - Unknown Product (CVE-2021-23169) - High [488]

Description: {'vulners_cve_data_all': 'A heap-buffer overflow was found in the copyIntoFrameBuffer function of OpenEXR in versions before 3.0.1. An attacker could use this flaw to execute arbitrary code with the permissions of the user running the application compiled against OpenEXR.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-23169 was patched at 2024-05-15

594. Remote Code Execution - Unknown Product (CVE-2022-22909) - High [488]

Description: {'vulners_cve_data_all': 'HotelDruid v3.0.3 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Hotel Druid 3.0.3 Remote Code Execution, [githubexploit] Exploit for Code Injection in Digitaldruid Hoteldruid, [githubexploit] Exploit for Code Injection in Digitaldruid Hoteldruid, [zdt] Hotel Druid 3.0.3 - Remote Code Execution Exploit, [exploitdb] Hotel Druid 3.0.3 - Remote Code Execution (RCE))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-22909 was patched at 2024-05-15

595. Remote Code Execution - Unknown Product (CVE-2022-24715) - High [488]

Description: {'vulners_cve_data_all': 'Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Path Traversal in Icinga Icinga Web 2, [githubexploit] Exploit for Path Traversal in Icinga Icinga Web 2, [githubexploit] Exploit for Path Traversal in Icinga Icinga Web 2, [zdt] Icinga Web 2.10 - Authenticated Remote Code Execution Exploit, [packetstorm] Icinga Web 2.10 Remote Code Execution, [exploitdb] Icinga Web 2.10 - Authenticated Remote Code Execution)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24715 was patched at 2024-05-15

596. Denial of Service - Perl (CVE-2007-3763) - High [486]

Description: The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted (1) LAGRQ or (2) LAGRP frame that contains information elements of IAX frames, which results in a NULL pointer dereference when Asterisk does not properly set an associated variable.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] asa-2007-015.rb.txt, [seebug] Asterisk多个远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3763 was patched at 2024-05-15

597. Denial of Service - Perl (CVE-2009-1375) - High [486]

Description: The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Pidgin多个缓冲区溢出漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1375 was patched at 2024-05-15

598. Denial of Service - Perl (CVE-2009-3626) - High [486]

Description: Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Perl UTF-8规则表达式处理远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3626 was patched at 2024-05-15

599. Denial of Service - Perl (CVE-2011-0761) - High [486]

Description: Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0761 was patched at 2024-05-15

600. Denial of Service - Perl (CVE-2012-6084) - High [486]

Description: modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis before 3.4.2 does not properly support capability negotiation during server handshakes, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Ratbox IRCd Denial Of Service, [zdt] Ratbox IRCd Denial Of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6084 was patched at 2024-05-15

601. Denial of Service - Perl (CVE-2013-0238) - High [486]

Description: The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before 8.0.6 does not properly validate masks, which allows remote attackers to cause a denial of service (crash) via a mask that causes a negative number to be parsed.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ircd-hybrid 8.0.5 - Denial of Service, [zdt] ircd-hybrid 8.0.5 Denial Of Service, [packetstorm] ircd-hybrid 8.0.5 Denial Of Service, [exploitpack] ircd-hybrid 8.0.5 - Denial of Service, [exploitdb] ircd-hybrid 8.0.5 - Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0238 was patched at 2024-05-15

602. Denial of Service - Python (CVE-2012-2921) - High [486]

Description: Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] feedparser 拒绝服务漏洞(CVE-2012-2921))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2921 was patched at 2024-05-15

603. Denial of Service - Wireshark (CVE-2009-3242) - High [486]

Description: Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Wireshark: Multiple vulnerabilities)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3242 was patched at 2024-05-15

604. Denial of Service - Wireshark (CVE-2009-3549) - High [486]

Description: packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Wireshark 1.2.2和1.0.9版本修复多个拒绝服务漏洞, [seebug] Wireshark: Multiple vulnerabilities)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3549 was patched at 2024-05-15

605. Denial of Service - Wireshark (CVE-2009-3551) - High [486]

Description: Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace. NOTE: some of these details are obtained from third party information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Wireshark 1.2.2和1.0.9版本修复多个拒绝服务漏洞, [seebug] Wireshark: Multiple vulnerabilities)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3551 was patched at 2024-05-15

606. Denial of Service - Wireshark (CVE-2015-8740) - High [486]

Description: The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Wireshark - dissect_diameter_base_framed_ipv6_prefix Stack Based Buffer Overflow)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8740 was patched at 2024-05-15

607. Authentication Bypass - Unknown Product (CVE-2022-46146) - High [484]

Description: {'vulners_cve_data_all': 'Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-46146 was patched at 2024-05-15

608. Code Injection - Unknown Product (CVE-2007-4575) - High [482]

Description: {'vulners_cve_data_all': 'HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenOffice HSQLDB Database Engine Unspecified Java Code Execution Vulnerability, [seebug] OpenOffice HSQLDB数据库引擎Java代码执行漏洞, [canvas] Immunity Canvas: OOO_230)
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4575 was patched at 2024-05-15

609. Command Injection - Unknown Product (CVE-2021-32714) - High [482]

Description: {'vulners_cve_data_all': 'hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper's HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes larger than hyper does, can result in "request smuggling" or "desync attacks." The vulnerability is patched in version 0.14.10. Two possible workarounds exist. One may reject requests manually that contain a `Transfer-Encoding` header or ensure any upstream proxy rejects `Transfer-Encoding` chunk sizes greater than what fits in 64-bit unsigned integers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32714 was patched at 2024-05-15

610. Denial of Service - TLS (CVE-2022-38153) - High [482]

Description: An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a "free(): invalid pointer" message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] wolfSSL 5.3.0 Denial Of Service Vulnerability)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TLS
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-38153 was patched at 2024-05-15

611. Memory Corruption - TLS (CVE-2022-42905) - High [482]

Description: {'vulners_cve_data_all': 'In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] wolfSSL 5.5.2 WOLFSSL_CALLBACKS Heap Buffer Over-Read Vulnerability, [packetstorm] wolfSSL WOLFSSL_CALLBACKS Heap Buffer Over-Read)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514TLS
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-42905 was patched at 2024-05-15

612. Remote Code Execution - TLS (CVE-2023-26463) - High [482]

Description: strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514TLS
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26463 was patched at 2024-05-15

613. Security Feature Bypass - Unknown Product (CVE-2019-10173) - High [482]

Description: {'vulners_cve_data_all': 'It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] OpenMRS Reporting Module 0.9.7 Remote Code Execution, [exploitpack] OpenMRS Reporting Module 0.9.7 - Remote Code Execution, [zdt] OpenMRS Reporting Module 0.9.7 - Remote Code Execution, [exploitdb] OpenMRS Reporting Module 0.9.7 - Remote Code Execution)
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10173 was patched at 2024-05-15

614. Arbitrary File Writing - Unknown Product (CVE-2010-0012) - High [479]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Transmission任意文件覆盖漏洞)
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0012 was patched at 2024-05-15

615. Denial of Service - BIND (CVE-2010-0213) - High [479]

Description: BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ISC BIND 9 RRSIG记录类型远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0213 was patched at 2024-05-15

616. Denial of Service - BIND (CVE-2011-2465) - High [479]

Description: Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ISC BIND 9 RPZ配置远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2465 was patched at 2024-05-15

617. Memory Corruption - macOS (CVE-2021-31317) - High [479]

Description: Telegram Android <7.1.0 (2090), Telegram iOS <7.1, and Telegram macOS <7.1 are affected by a Type Confusion in the VDasher constructor of their custom fork of the rlottie library. A remote attacker might be able to access Telegram's heap memory out-of-bounds on a victim device via a malicious animated sticker.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714macOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31317 was patched at 2024-05-15

618. Spoofing - PHP (CVE-2008-3456) - High [478]

Description: phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from using frames that point to pages in other domains, which makes it easier for remote attackers to conduct spoofing or phishing activities via a cross-site framing attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin setup.php文件跨站脚本执行漏洞)
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3456 was patched at 2024-05-15

619. Denial of Service - GPAC (CVE-2020-23267) - High [477]

Description: An issue was discovered in gpac 0.8.0. The gf_hinter_track_process function in isom_hinter_track_process.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23267 was patched at 2024-05-15

620. Path Traversal - Git (CVE-2024-32465) - High [477]

Description: {'vulners_cve_data_all': 'Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the context of cloning local repositories owned by other users, this vulnerability has been covered in CVE-2024-32004. But there are circumstances where the fixes for CVE-2024-32004 are not enough: For example, when obtaining a `.zip` file containing a full copy of a Git repository, it should not be trusted by default to be safe, as e.g. hooks could be configured to run within the context of that repository. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround, avoid using Git in repositories that have been obtained via archives from untrusted sources.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for CVE-2024-32004)
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.414Git
CVSS Base Score0.710CVSS Base Score is 7.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32465 was patched at 2024-05-15

redos: CVE-2024-32465 was patched at 2024-05-27

ubuntu: CVE-2024-32465 was patched at 2024-05-28

621. Cross Site Scripting - Cacti (CVE-2009-4032) - High [476]

Description: Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Cacti 0.8.7e: Multiple Security Issues, [seebug] New cacti packages fix insufficient input sanitising, [exploitpack] Cacti 0.8.7e - Multiple Vulnerabilities, [packetstorm] Cacti 0.8.7e Cross Site Scripting, [exploitdb] Cacti 0.8.7e - Multiple Vulnerabilities)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4032 was patched at 2024-05-15

622. Cross Site Scripting - Cacti (CVE-2010-2543) - High [476]

Description: Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Cacti 0.8.7e: Multiple Security Issues, [seebug] New cacti packages fix insufficient input sanitising, [exploitpack] Cacti 0.8.7e - Multiple Vulnerabilities, [packetstorm] Cacti 0.8.7e Cross Site Scripting, [exploitdb] Cacti 0.8.7e - Multiple Vulnerabilities)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2543 was patched at 2024-05-15

623. Cross Site Scripting - HID (CVE-2005-0870) - High [476]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Hardened-PHP Project Security Advisory 2005-21.81)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514HID
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0870 was patched at 2024-05-15

624. Cross Site Scripting - ntopng (CVE-2014-4329) - High [476]

Description: Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ntopng 1.1 allows remote attackers to inject arbitrary web script or HTML via the host parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Ntop-NG 1.1 Cross Site Scripting)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514ntopng is an open-source computer software for monitoring traffic on a computer network
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4329 was patched at 2024-05-15

625. Cross Site Scripting - ntopng (CVE-2014-5464) - High [476]

Description: Cross-site scripting (XSS) vulnerability in the nDPI traffic classification library in ntopng (aka ntop) before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] ntopng 1.2.0 Cross Site Scripting)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514ntopng is an open-source computer software for monitoring traffic on a computer network
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5464 was patched at 2024-05-15

626. Remote Code Execution - Unknown Product (CVE-2002-0392) - High [476]

Description: {'vulners_cve_data_all': 'Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: APACHECHUNK_WIN32, [saint] Apache chunked encoding buffer overflow, [saint] Apache chunked encoding buffer overflow, [saint] Apache chunked encoding buffer overflow, [saint] Apache chunked encoding buffer overflow, [packetstorm] Apache Win32 Chunked Encoding)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0392 was patched at 2024-05-15

627. Remote Code Execution - Unknown Product (CVE-2003-0015) - High [476]

Description: {'vulners_cve_data_all': 'Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([d2] DSquare Exploit Pack: D2SEC_PSERVERD)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0015 was patched at 2024-05-15

628. Remote Code Execution - Unknown Product (CVE-2003-0705) - High [476]

Description: {'vulners_cve_data_all': 'Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Mah-Jong 1.4 Client/Server Remote sscanf() Buffer Overflow Vulnerability, [exploitpack] Mah-Jong 1.4 - ClientServer Remote sscanf() Buffer Overflow, [exploitdb] Mah-Jong 1.4 - Client/Server Remote sscanf() Buffer Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0705 was patched at 2024-05-15

629. Remote Code Execution - Unknown Product (CVE-2003-0962) - High [476]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: RSYNC)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0962 was patched at 2024-05-15

630. Remote Code Execution - Unknown Product (CVE-2004-0396) - High [476]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: PSERVERD)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0396 was patched at 2024-05-15

631. Remote Code Execution - Unknown Product (CVE-2004-0397) - High [476]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: SVNDATE, [packetstorm] Subversion Date Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0397 was patched at 2024-05-15

632. Remote Code Execution - Unknown Product (CVE-2004-0782) - High [476]

Description: {'vulners_cve_data_all': 'Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Solaris 10 dtprintinfo / libXm / libXpm Security Issues, [zdt] Solaris 10 dtprintinfo / libXm / libXpm Security Issues Vulnerability)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0782 was patched at 2024-05-15

633. Remote Code Execution - Unknown Product (CVE-2004-1561) - High [476]

Description: {'vulners_cve_data_all': 'Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: ICECAST, [packetstorm] Icecast 2.0.1 Header Overwrite)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1561 was patched at 2024-05-15

634. Remote Code Execution - Unknown Product (CVE-2005-3627) - High [476]

Description: {'vulners_cve_data_all': 'Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability(CVE-2017-2818))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3627 was patched at 2024-05-15

635. Remote Code Execution - Unknown Product (CVE-2006-0460) - High [476]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote attackers to execute arbitrary code via long error messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] BomberClone 0.11.6.2 - Error Messages Remote Buffer Overflow, [seebug] BomberClone < 0.11.6.2 - (Error Messages) Remote Buffer Overflow Exploit, [seebug] BomberClone < 0.11.6.2 (Error Messages) Remote Buffer Overflow Exploit, [packetstorm] Bomberclone 0.11.6 Buffer Overflow, [exploitdb] BomberClone < 0.11.6.2 - Error Messages Remote Buffer Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0460 was patched at 2024-05-15

636. Remote Code Execution - Unknown Product (CVE-2006-1236) - High [476]

Description: {'vulners_cve_data_all': 'Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Crossfire Server 1.0 Buffer Overflow, [zdt] crossfire-server 1.9.0 - SetUp() Remote Buffer Overflow Exploit, [exploitdb] crossfire-server 1.9.0 - 'SetUp()' Remote Buffer Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1236 was patched at 2024-05-15

637. Remote Code Execution - Unknown Product (CVE-2006-3242) - High [476]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Mutt BROWSE_GET_NAMESPACE IMAP名称空间处理远程溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3242 was patched at 2024-05-15

638. Remote Code Execution - Unknown Product (CVE-2006-3460) - High [476]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Libtiff图形库多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3460 was patched at 2024-05-15

639. Remote Code Execution - Unknown Product (CVE-2006-3461) - High [476]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Libtiff图形库多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3461 was patched at 2024-05-15

640. Remote Code Execution - Unknown Product (CVE-2006-3462) - High [476]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Libtiff图形库多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3462 was patched at 2024-05-15

641. Remote Code Execution - Unknown Product (CVE-2006-3465) - High [476]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Libtiff图形库多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3465 was patched at 2024-05-15

642. Remote Code Execution - Unknown Product (CVE-2006-4182) - High [476]

Description: {'vulners_cve_data_all': 'Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2006-007存在多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4182 was patched at 2024-05-15

643. Remote Code Execution - Unknown Product (CVE-2006-4335) - High [476]

Description: {'vulners_cve_data_all': 'Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2006-007存在多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4335 was patched at 2024-05-15

644. Remote Code Execution - Unknown Product (CVE-2006-4336) - High [476]

Description: {'vulners_cve_data_all': 'Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2006-007存在多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4336 was patched at 2024-05-15

645. Remote Code Execution - Unknown Product (CVE-2006-4337) - High [476]

Description: {'vulners_cve_data_all': 'Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2006-007存在多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4337 was patched at 2024-05-15

646. Remote Code Execution - Unknown Product (CVE-2007-5197) - High [476]

Description: {'vulners_cve_data_all': 'Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Mono System.Math BigInteger整数溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5197 was patched at 2024-05-15

647. Remote Code Execution - Unknown Product (CVE-2007-6335) - High [476]

Description: {'vulners_cve_data_all': 'Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ClamAV 0.91.2 libclamav MEW PE Buffer Overflow Exploit, [exploitpack] ClamAV 0.91.2 - libclamav MEW PE Buffer Overflow, [exploitdb] ClamAV 0.91.2 - libclamav MEW PE Buffer Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6335 was patched at 2024-05-15

648. Remote Code Execution - Unknown Product (CVE-2007-6681) - High [476]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] VideoLAN VLC Media Player 0.8.6d SSA Parsing Double Sh311 - Universal, [seebug] VLC 0.8.6d SSA Parsing Double Sh311 Universal Exploit, [packetstorm] vlc-doubleshell.txt, [exploitdb] VideoLAN VLC Media Player 0.8.6d SSA Parsing Double Sh311 - Universal)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6681 was patched at 2024-05-15

649. Remote Code Execution - Unknown Product (CVE-2007-6682) - High [476]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] vlc-format.txt, [exploitpack] VideoLAN VLC Media Player 0.8.6d - httpd_FileCallBack Remote Format String, [seebug] VLC 0.8.6d httpd_FileCallBack Remote Format String Exploit, [seebug] VLC 0.8.6d - httpd_FileCallBack Remote Format String Exploit, [exploitdb] VideoLAN VLC Media Player 0.8.6d - 'httpd_FileCallBack' Remote Format String)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6682 was patched at 2024-05-15

650. Remote Code Execution - Unknown Product (CVE-2008-0314) - High [476]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ClamAV libclamav库PeSpin堆溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0314 was patched at 2024-05-15

651. Remote Code Execution - Unknown Product (CVE-2008-0486) - High [476]

Description: {'vulners_cve_data_all': 'Array index vulnerability in libmpdemux/demux_audio.c in MPlayer 1.0rc2 and SVN before r25917, and possibly earlier versions, as used in Xine-lib 1.1.10, might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MPlayer demux_audio.c远程栈溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0486 was patched at 2024-05-15

652. Remote Code Execution - Unknown Product (CVE-2008-0674) - High [476]

Description: {'vulners_cve_data_all': 'Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] PCRE字符类缓冲区溢出漏洞, [seebug] Apple Mac OS X 2009-003修补多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0674 was patched at 2024-05-15

653. Remote Code Execution - Unknown Product (CVE-2008-1391) - High [476]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] 多个BSD平台'strfmon()'函数整数溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1391 was patched at 2024-05-15

654. Remote Code Execution - Unknown Product (CVE-2008-1688) - High [476]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] GNU m4格式串及文件名引用漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1688 was patched at 2024-05-15

655. Remote Code Execution - Unknown Product (CVE-2008-1720) - High [476]

Description: {'vulners_cve_data_all': 'Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Rsync xattr支持整数溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1720 was patched at 2024-05-15

656. Remote Code Execution - Unknown Product (CVE-2008-2149) - High [476]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option. NOTE: this issue probably does not cross privilege boundaries except in cases in which Wordnet is used as a back end.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] WordNet多个栈溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2149 was patched at 2024-05-15

657. Remote Code Execution - Unknown Product (CVE-2008-2950) - High [476]

Description: {'vulners_cve_data_all': 'The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] poppler-poc.txt, [seebug] Poppler PDF渲染库页类远程代码执行漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2950 was patched at 2024-05-15

658. Remote Code Execution - Unknown Product (CVE-2008-5187) - High [476]

Description: {'vulners_cve_data_all': 'The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] imlib2库多个栈溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5187 was patched at 2024-05-15

659. Remote Code Execution - Unknown Product (CVE-2008-5262) - High [476]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in the iGetHdrHeader function in src-IL/src/il_hdr.c in DevIL 1.7.4 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] DevIL RGBE文件解析栈溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5262 was patched at 2024-05-15

660. Remote Code Execution - Unknown Product (CVE-2009-0364) - High [476]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the mini_calendar component in Citadel.org WebCit 7.22, and other versions before 7.39, allows remote attackers to execute arbitrary code via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] WebCit Mini_Calendar组件格式串漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0364 was patched at 2024-05-15

661. Remote Code Execution - Unknown Product (CVE-2009-1720) - High [476]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer overflows, related to (1) the Imf::PreviewImage::PreviewImage function and (2) compressor constructors. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2009-003修补多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1720 was patched at 2024-05-15

662. Remote Code Execution - Unknown Product (CVE-2009-2265) - High [476]

Description: {'vulners_cve_data_all': 'Multiple directory traversal vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to create executable files in arbitrary directories via directory traversal sequences in the input to unspecified connector modules, as exploited in the wild for remote code execution in July 2009, related to the file browser and the editor/filemanager/connectors/ directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Adobe ColdFusion 8 Remote Command Execution, [packetstorm] ColdFusion 8.0.1 Arbitrary File Upload And Execute, [zdt] Adobe ColdFusion 8 - Remote Command Execution Exploit, [canvas] Immunity Canvas: FCKEDITOR, [exploitdb] Adobe ColdFusion 8 - Remote Command Execution (RCE), [seebug] FCKeditor connectors模块多个跨站脚本及目录遍历漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2265 was patched at 2024-05-15

663. Remote Code Execution - Unknown Product (CVE-2009-2294) - High [476]

Description: {'vulners_cve_data_all': 'Integer overflow in the Png_datainfo_callback function in Dillo 2.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG image with crafted (1) width or (2) height values.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Dillo Png_datainfo_callback()函数整数溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2294 was patched at 2024-05-15

664. Remote Code Execution - Unknown Product (CVE-2009-2936) - High [476]

Description: {'vulners_cve_data_all': 'The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Varnish Cache CLI Interface Remote Code Execution, [zdt] Varnish Cache CLI Interface Remote Code Execution Exploit)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2936 was patched at 2024-05-15

665. Remote Code Execution - Unknown Product (CVE-2009-3296) - High [476]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] CamlImages JPEG处理远程缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3296 was patched at 2024-05-15

666. Remote Code Execution - Unknown Product (CVE-2009-3617) - High [476]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] aria2 AbstractCommand::onAbort()函数格式串漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3617 was patched at 2024-05-15

667. Remote Code Execution - Unknown Product (CVE-2010-2891) - High [476]

Description: {'vulners_cve_data_all': 'Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by . (dot) characters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] LibSMI smiGetNode - Buffer Overflow When Long OID Is Given In Numerical Form, [exploitdb] LibSMI smiGetNode - Buffer Overflow When Long OID Is Given In Numerical Form)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2891 was patched at 2024-05-15

668. Remote Code Execution - Unknown Product (CVE-2011-1087) - High [476]

Description: {'vulners_cve_data_all': 'Buffer overflow in VideoLAN VLC media player 1.0.5 allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .mp3 file that is played during bookmark creation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zeroscience] VLC media player 1.0.5 Goldeneye (bookmarks) Remote Buffer Overflow PoC)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1087 was patched at 2024-05-15

669. Remote Code Execution - Unknown Product (CVE-2012-0270) - High [476]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file to the getnum function in util/pv_import.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Csound hetro File Handling Stack Buffer Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0270 was patched at 2024-05-15

670. Remote Code Execution - Unknown Product (CVE-2012-1162) - High [476]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a zip archive with the number of directories set to 0, related to an "incorrect loop construct."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] libzip 0.1 "_zip_readcdir()" 函数缓冲器溢出漏洞(CVE-2012-1162))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1162 was patched at 2024-05-15

671. Remote Code Execution - Unknown Product (CVE-2012-1502) - High [476]

Description: {'vulners_cve_data_all': 'Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] PyPAM 0.4.2 Double-Free Corruption, [seebug] PyPAM - Python bindings for PAM - Double Free Corruption, [exploitpack] PyPAM Python bindings for PAM - Double-Free Corruption, [exploitdb] PyPAM Python bindings for PAM - Double-Free Corruption)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1502 was patched at 2024-05-15

672. Remote Code Execution - Unknown Product (CVE-2012-2763) - High [476]

Description: {'vulners_cve_data_all': 'Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] GIMP 2.6 script-fu < 2.8.0 Buffer Overflow Vulnerability, [seebug] GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow Vulnerability, [saint] GIMP Script-Fu Server Buffer Overflow, [saint] GIMP Script-Fu Server Buffer Overflow, [saint] GIMP Script-Fu Server Buffer Overflow, [saint] GIMP Script-Fu Server Buffer Overflow, [packetstorm] GIMP script-fu Server Buffer Overflow, [exploitpack] GIMP 2.6 script-fu 2.8.0 - Buffer Overflow (PoC), [exploitdb] GIMP 2.6 script-fu < 2.8.0 - Buffer Overflow (PoC))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2763 was patched at 2024-05-15

673. Remote Code Execution - Unknown Product (CVE-2014-1909) - High [476]

Description: {'vulners_cve_data_all': 'Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Android SDK平台工具符号错误栈缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1909 was patched at 2024-05-15

674. Remote Code Execution - Unknown Product (CVE-2014-2240) - High [476]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of stem hints in a font file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FreeType 'src/cff/cf2hints.c'远程栈缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2240 was patched at 2024-05-15

675. Remote Code Execution - Unknown Product (CVE-2014-6395) - High [476]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the password.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Ettercap 0.8.0 / 0.8.1 Denial Of Service Exploit, [exploitpack] Ettercap 0.8.0 0.8.1 - Multiple Denial of Service Vulnerabilities, [packetstorm] Ettercap 0.8.0 / 0.8.1 Denial Of Service, [exploitdb] Ettercap 0.8.0 < 0.8.1 - Multiple Denial of Service Vulnerabilities)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-6395 was patched at 2024-05-15

676. Remote Code Execution - Unknown Product (CVE-2014-9376) - High [476]

Description: {'vulners_cve_data_all': 'Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value to the dissector_gg function in dissectors/ec_gg.c, or (3) string length to the get_decode_len function in ec_utils.c or a request without a (4) username or (5) password to the dissector_TN3270 function in dissectors/ec_TN3270.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Ettercap 0.8.0 / 0.8.1 Denial Of Service, [exploitpack] Ettercap 0.8.0 0.8.1 - Multiple Denial of Service Vulnerabilities, [exploitdb] Ettercap 0.8.0 < 0.8.1 - Multiple Denial of Service Vulnerabilities)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9376 was patched at 2024-05-15

677. Remote Code Execution - Unknown Product (CVE-2014-9378) - High [476]

Description: {'vulners_cve_data_all': 'Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line function in mdns_spoof/mdns_spoof.c or (2) base64 encoded password to the dissector_imap function in dissectors/ec_imap.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Ettercap 0.8.0 / 0.8.1 Denial Of Service, [exploitpack] Ettercap 0.8.0 0.8.1 - Multiple Denial of Service Vulnerabilities, [exploitdb] Ettercap 0.8.0 < 0.8.1 - Multiple Denial of Service Vulnerabilities)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9378 was patched at 2024-05-15

678. Remote Code Execution - Unknown Product (CVE-2014-9379) - High [476]

Description: {'vulners_cve_data_all': 'The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 0.8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Ettercap 0.8.0 / 0.8.1 Denial Of Service, [exploitpack] Ettercap 0.8.0 0.8.1 - Multiple Denial of Service Vulnerabilities, [exploitdb] Ettercap 0.8.0 < 0.8.1 - Multiple Denial of Service Vulnerabilities)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9379 was patched at 2024-05-15

679. Remote Code Execution - Unknown Product (CVE-2015-0973) - High [476]

Description: {'vulners_cve_data_all': 'Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] libpng 1.6.15 Heap Overflow Exploit)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0973 was patched at 2024-05-15

680. Remote Code Execution - Unknown Product (CVE-2016-2334) - High [476]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability, [seebug] 7zip HFS+ NArchive::NHfs::CHandler::ExtractZlibFile Code Execution Vulnerability(CVE-2016-2334))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2334 was patched at 2024-05-15

681. Remote Code Execution - Unknown Product (CVE-2016-3861) - High [476]

Description: {'vulners_cve_data_all': 'LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Android - libutils UTF16 to UTF8 Conversion Heap Buffer Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3861 was patched at 2024-05-15

682. Remote Code Execution - Unknown Product (CVE-2017-1085) - High [476]

Description: {'vulners_cve_data_all': 'In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() to increase RLIMIT_STACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute arbitrary code in the user context.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] FreeBSD - setrlimit Stack Clash (PoC), [zdt] FreeBSD - setrlimit Stack Clash (PoC) Exploit, [exploitdb] FreeBSD - 'setrlimit' Stack Clash (PoC))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1085 was patched at 2024-05-15

683. Remote Code Execution - Unknown Product (CVE-2017-13216) - High [476]

Description: {'vulners_cve_data_all': 'In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Android - Inter-Process munmap due to Race Condition in ashmem Exploit)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-13216 was patched at 2024-05-15

684. Remote Code Execution - Unknown Product (CVE-2017-2807) - High [476]

Description: {'vulners_cve_data_all': 'An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Ledger CLI Tags Parsing Code Execution Vulnerability(CVE-2017-2807))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2807 was patched at 2024-05-15

685. Remote Code Execution - Unknown Product (CVE-2017-2808) - High [476]

Description: {'vulners_cve_data_all': 'An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Ledger CLI Account Directive Use-After-Free Vulnerability(CVE-2017-2808))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2808 was patched at 2024-05-15

686. Remote Code Execution - Unknown Product (CVE-2017-9806) - High [476]

Description: {'vulners_cve_data_all': 'A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apache OpenOffice DOC WW8Fonts Constructor Code Execution Vulnerability(CVE-2017-9806))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9806 was patched at 2024-05-15

687. Remote Code Execution - Unknown Product (CVE-2020-18897) - High [476]

Description: {'vulners_cve_data_all': 'An use-after-free vulnerability in the libpff_item_tree_create_node function of libyal Libpff before 20180623 allows attackers to cause a denial of service (DOS) or execute arbitrary code via a crafted pff file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18897 was patched at 2024-05-15

688. Remote Code Execution - Unknown Product (CVE-2020-28600) - High [476]

Description: {'vulners_cve_data_all': 'An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28600 was patched at 2024-05-15

689. Remote Code Execution - Unknown Product (CVE-2020-6105) - High [476]

Description: {'vulners_cve_data_all': 'An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-6105 was patched at 2024-05-15

690. Remote Code Execution - Unknown Product (CVE-2021-30500) - High [476]

Description: {'vulners_cve_data_all': 'Null pointer dereference was found in upx PackLinuxElf::canUnpack() in p_lx_elf.cpp,in version UPX 4.0.0. That allow attackers to execute arbitrary code and cause a denial of service via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30500 was patched at 2024-05-15

691. Remote Code Execution - Unknown Product (CVE-2021-32751) - High [476]

Description: {'vulners_cve_data_all': 'Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. This may impact those who use `gradlew` on Unix-like systems or use the scripts generated by Gradle in thieir application on Unix-like systems. For this vulnerability to be exploitable, an attacker needs to be able to set the value of particular environment variables and have those environment variables be seen by the vulnerable scripts. This issue has been patched in Gradle 7.2 by removing the use of `eval` and requiring the use of the `bash` shell. There are a few workarounds available. For CI/CD systems using the Gradle build tool, one may ensure that untrusted users are unable to change environment variables for the user that executes `gradlew`. If one is unable to upgrade to Gradle 7.2, one may generate a new `gradlew` script with Gradle 7.2 and use it for older versions of Gradle. Fpplications using start scripts generated by Gradle, one may ensure that untrusted users are unable to change environment variables for the user that executes the start script. A vulnerable start script could be manually patched to remove the use of `eval` or the use of environment variables that affect the application's command-line. If the application is simple enough, one may be able to avoid the use of the start scripts by running the application directly with Java command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32751 was patched at 2024-05-15

692. Remote Code Execution - Unknown Product (CVE-2021-35196) - High [476]

Description: {'vulners_cve_data_all': 'Manuskript through 0.12.0 allows remote attackers to execute arbitrary code via a crafted settings.pickle file in a project file, because there is insecure deserialization via the pickle.load() function in settings.py. NOTE: the vendor's position is that the product is not intended for opening an untrusted project file', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-35196 was patched at 2024-05-15

693. Remote Code Execution - Unknown Product (CVE-2021-35331) - High [476]

Description: {'vulners_cve_data_all': 'In Tcl 8.6.11, a format string vulnerability in nmakehlp.c might allow code execution via a crafted file. NOTE: multiple third parties dispute the significance of this finding', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-35331 was patched at 2024-05-15

694. Denial of Service - Perl (CVE-2009-1884) - High [475]

Description: Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Perl Compress::Raw::Bzip2模块单字节溢出漏洞, [seebug] 'Compress::Raw::Zlib' Perl模块远程代码执行漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1884 was patched at 2024-05-15

695. Denial of Service - Perl (CVE-2010-0420) - High [475]

Description: libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat (MUC) room is used, does not properly parse nicknames containing <br> sequences, which allows remote attackers to cause a denial of service (application crash) via a crafted nickname.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Pidgin多个拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0420 was patched at 2024-05-15

696. Denial of Service - Perl (CVE-2011-0421) - High [475]

Description: The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0421 was patched at 2024-05-15

697. Denial of Service - Perl (CVE-2011-2728) - High [475]

Description: The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Perl "decode_xs()"和"File::Glob::bsd_glob()"远程代码执行漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2728 was patched at 2024-05-15

698. Denial of Service - Perl (CVE-2011-2943) - High [475]

Description: The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Pidgin拒绝服务和安全绕过漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2943 was patched at 2024-05-15

699. Denial of Service - Python (CVE-2013-7040) - High [475]

Description: Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Python哈希冲突拒绝服务漏洞(CVE-2012-1150))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7040 was patched at 2024-05-15

700. Denial of Service - Wireshark (CVE-2014-2282) - High [475]

Description: The dissect_protocol_data_parameter function in epan/dissectors/packet-m3ua.c in the M3UA dissector in Wireshark 1.10.x before 1.10.6 does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) via a crafted SS7 MTP3 packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Wireshark M3UA Dissector拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2282 was patched at 2024-05-15

701. Information Disclosure - Perl (CVE-2013-4183) - High [474]

Description: The clear_volume function in LVMVolumeDriver driver in OpenStack Cinder 2013.1.1 through 2013.1.2 does not properly clear data when deleting a snapshot, which allows local users to obtain sensitive information via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenStack Cinder 信息泄漏漏洞(CVE-2013-4183))
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4183 was patched at 2024-05-15

702. Information Disclosure - Python (CVE-2013-2013) - High [474]

Description: The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenStack Keystone 密码信息泄露漏洞(CVE-2013-2013))
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2013 was patched at 2024-05-15

703. Authentication Bypass - Unknown Product (CVE-2006-2369) - High [472]

Description: {'vulners_cve_data_all': 'RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] RealVNC Authentication Bypass, [seebug] RealVNC 4.1 Authentication Bypass, [exploitpack] RealVNC 4.1.04.1.1 - Authentication Bypass, [packetstorm] RealVNC Authentication Bypass, [canvas] Immunity Canvas: REALVNC_NOAUTH, [exploitdb] RealVNC - Authentication Bypass (Metasploit), [exploitdb] RealVNC 4.1.0/4.1.1 - Authentication Bypass)
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2369 was patched at 2024-05-15

704. Authentication Bypass - Unknown Product (CVE-2006-2450) - High [472]

Description: {'vulners_cve_data_all': 'auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue than CVE-2006-2369.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] RealVNC Authentication Bypass, [seebug] RealVNC 4.1 Authentication Bypass, [exploitpack] RealVNC 4.1.04.1.1 - Authentication Bypass, [canvas] Immunity Canvas: REALVNC_NOAUTH, [packetstorm] RealVNC Authentication Bypass, [exploitdb] RealVNC - Authentication Bypass (Metasploit), [exploitdb] RealVNC 4.1.0/4.1.1 - Authentication Bypass)
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2450 was patched at 2024-05-15

705. Authentication Bypass - Unknown Product (CVE-2021-45098) - High [472]

Description: {'vulners_cve_data_all': 'An issue was discovered in Suricata before 6.0.4. It is possible to bypass/evade any HTTP-based signature by faking an RST TCP packet with random TCP options of the md5header from the client side. After the three-way handshake, it's possible to inject an RST ACK with a random TCP md5header option. Then, the client can send an HTTP GET request with a forbidden URL. The server will ignore the RST ACK and send the response HTTP packet for the client's request. These packets will not trigger a Suricata reject action.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45098 was patched at 2024-05-15

706. Denial of Service - Linux Kernel (CVE-2019-16413) - High [471]

Description: An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16413 was patched at 2024-05-15

707. Command Injection - Unknown Product (CVE-2018-1335) - High [470]

Description: {'vulners_cve_data_all': 'From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. The mitigation is to upgrade to Tika 1.18.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Apache Tika 1.15 - 1.17 - Header Command Injection Exploit, [zdt] Apache Tika-server < 1.18 - Command Injection Exploit, [exploitpack] Apache Tika-server 1.18 - Command Injection, [packetstorm] Apache Tika 1.17 Header Command Injection, [packetstorm] Apache Tika Server Command Injection, [metasploit] Apache Tika Header Command Injection, [exploitdb] Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit), [exploitdb] Apache Tika-server < 1.18 - Command Injection)
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1335 was patched at 2024-05-15

708. Command Injection - Unknown Product (CVE-2018-16744) - High [470]

Description: {'vulners_cve_data_all': 'An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] mgetty 1.2.0 Buffer Overflow / Privilege Escalation Vulnerabilities)
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16744 was patched at 2024-05-15

709. Command Injection - Unknown Product (CVE-2019-0227) - High [470]

Description: {'vulners_cve_data_all': 'A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-0227 was patched at 2024-05-15

710. Command Injection - Unknown Product (CVE-2022-23935) - High [470]

Description: {'vulners_cve_data_all': 'lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\\|$/ check, leading to command injection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for OS Command Injection in Exiftool Project Exiftool, [githubexploit] Exploit for OS Command Injection in Exiftool Project Exiftool)
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-23935 was patched at 2024-05-15

711. Command Injection - Unknown Product (CVE-2022-45059) - High [470]

Description: {'vulners_cve_data_all': 'An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for HTTP Request Smuggling in Varnish Cache Project Varnish Cache, [githubexploit] Exploit for HTTP Request Smuggling in Varnish Cache Project Varnish Cache)
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-45059 was patched at 2024-05-15

712. Command Injection - Unknown Product (CVE-2024-22243) - High [470]

Description: {'vulners_cve_data_all': 'Applications that use UriComponentsBuilder\xa0to parse an externally provided URL (e.g. through a query parameter) AND\xa0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \xa0attack or to a SSRF attack if the URL is used after passing validation checks.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for CVE-2024-22243)
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22243 was patched at 2024-05-15

713. Command Injection - Unknown Product (CVE-2024-22259) - High [470]

Description: {'vulners_cve_data_all': 'Applications that use UriComponentsBuilder in Spring Framework\xa0to parse an externally provided URL (e.g. through a query parameter) AND\xa0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \xa0attack or to a SSRF attack if the URL is used after passing validation checks.\n\nThis is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for CVE-2024-22243)
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22259 was patched at 2024-05-15

714. Command Injection - Unknown Product (CVE-2024-22262) - High [470]

Description: {'vulners_cve_data_all': 'Applications that use UriComponentsBuilder\xa0to parse an externally provided URL (e.g. through a query parameter) AND\xa0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \xa0attack or to a SSRF attack if the URL is used after passing validation checks.\n\nThis is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 \xa0and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for CVE-2024-22243)
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22262 was patched at 2024-05-15

715. Denial of Service - nginx (CVE-2009-3896) - High [470]

Description: src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] nginx ngx_http_process_request_headers()函数空指针引用拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3896 was patched at 2024-05-15

716. Memory Corruption - TLS (CVE-2022-39173) - High [470]

Description: In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. Both Client Hellos are required to contain a list of duplicate cipher suites to trigger the buffer overflow. In total, two Client Hellos have to be sent: one in the resumed session, and a second one as a response to a Hello Retry Request message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] wolfSSL Buffer Overflow)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-39173 was patched at 2024-05-15

717. Security Feature Bypass - Unknown Product (CVE-2017-5123) - High [470]

Description: {'vulners_cve_data_all': 'Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5123 was patched at 2024-05-15

718. Security Feature Bypass - Unknown Product (CVE-2019-5597) - High [470]

Description: {'vulners_cve_data_all': 'In FreeBSD 11.3-PRERELEASE and 12.0-STABLE before r347591, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in the pf IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of the first packet allowing maliciously crafted IPv6 packets to cause a crash or potentially bypass the packet filter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5597 was patched at 2024-05-15

719. Security Feature Bypass - Unknown Product (CVE-2021-41945) - High [470]

Description: {'vulners_cve_data_all': 'Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41945 was patched at 2024-05-15

720. Security Feature Bypass - Unknown Product (CVE-2023-50386) - High [470]

Description: {'vulners_cve_data_all': 'Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.\n\nIn the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API.\nWhen backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups).\nIf the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted.\n\nWhen Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries.\nUsers are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.\nIn these versions, the following protections have been added:\n\n * Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader.\n * The Backup API restricts saving backups to directories that are used in the ClassLoader.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Apache Solr Backup/Restore API Remote Code Execution Exploit, [packetstorm] Apache Solr Backup/Restore API Remote Code Execution, [githubexploit] Exploit for Improper Control of Dynamically-Managed Code Resources in Apache Solr, [metasploit] Apache Solr Backup/Restore APIs RCE)
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50386 was patched at 2024-05-15

721. XXE Injection - Unknown Product (CVE-2013-1915) - High [470]

Description: {'vulners_cve_data_all': 'ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ModSecurity XML外部实体信息泄露漏洞(CVE-2013-1915))
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1915 was patched at 2024-05-15

722. Arbitrary File Reading - Unknown Product (CVE-2010-2445) - High [469]

Description: {'vulners_cve_data_all': 'freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Android 2.0 FreeCIV Arbitrary Code Execution)
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2445 was patched at 2024-05-15

723. Denial of Service - GPAC (CVE-2020-19481) - High [465]

Description: An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid memory read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-19481 was patched at 2024-05-15

724. Denial of Service - GPAC (CVE-2020-22352) - High [465]

Description: The gf_dash_segmenter_probe_input function in GPAC v0.8 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-22352 was patched at 2024-05-15

725. Denial of Service - GPAC (CVE-2020-23266) - High [465]

Description: An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function in odf_code.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23266 was patched at 2024-05-15

726. Denial of Service - GPAC (CVE-2020-23269) - High [465]

Description: An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function in isomedia/stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted media file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23269 was patched at 2024-05-15

727. Denial of Service - GPAC (CVE-2020-24829) - High [465]

Description: An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24829 was patched at 2024-05-15

728. Denial of Service - GPAC (CVE-2021-32132) - High [465]

Description: The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32132 was patched at 2024-05-15

729. Denial of Service - GPAC (CVE-2021-32134) - High [465]

Description: The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32134 was patched at 2024-05-15

730. Denial of Service - GPAC (CVE-2021-32135) - High [465]

Description: The trak_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32135 was patched at 2024-05-15

731. Denial of Service - GPAC (CVE-2021-32138) - High [465]

Description: The DumpTrackInfo function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32138 was patched at 2024-05-15

732. Denial of Service - GPAC (CVE-2021-32139) - High [465]

Description: The gf_isom_vp_config_get function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32139 was patched at 2024-05-15

733. Denial of Service - GPAC (CVE-2021-32269) - High [465]

Description: An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32269 was patched at 2024-05-15

734. Denial of Service - GPAC (CVE-2021-32270) - High [465]

Description: An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32270 was patched at 2024-05-15

735. Denial of Service - GPAC (CVE-2021-32437) - High [465]

Description: The gf_hinter_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32437 was patched at 2024-05-15

736. Denial of Service - GPAC (CVE-2021-32438) - High [465]

Description: The gf_media_export_filters function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32438 was patched at 2024-05-15

737. Denial of Service - GPAC (CVE-2021-32440) - High [465]

Description: The Media_RewriteODFrame function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32440 was patched at 2024-05-15

738. Memory Corruption - GPAC (CVE-2020-19751) - High [465]

Description: {'vulners_cve_data_all': 'An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-19751 was patched at 2024-05-15

739. Cross Site Scripting - Unknown Product (CVE-2012-2399) - High [464]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML via the buttonText parameter, a different vulnerability than CVE-2012-3414.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WordPress E-Commerce 3.8.9.5 File Upload / XSS / CSRF / Code Execution, [packetstorm] WordPress 3.3.1 swfupload.swf Cross Site Scripting, [packetstorm] SWF Upload Cross Site Scripting, [packetstorm] Dotclear 2.4.4 Cross Site Scripting / Content Spoofing, [zdt] Wordpress Plugin (wp-e-commerce v3.8.9.5) Multiple Vulnerabilities, [zdt] Dotclear XSS Vulnerabilities, [seebug] Turbomail邮件系统XSS-1)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2399 was patched at 2024-05-15

740. Remote Code Execution - Kerberos (CVE-2002-1235) - High [464]

Description: The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1235 was patched at 2024-05-15

741. Remote Code Execution - Kerberos (CVE-2004-0434) - High [464]

Description: k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0434 was patched at 2024-05-15

742. Remote Code Execution - Kerberos (CVE-2004-0523) - High [464]

Description: Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0523 was patched at 2024-05-15

743. Remote Code Execution - Kerberos (CVE-2004-0772) - High [464]

Description: Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0772 was patched at 2024-05-15

744. Remote Code Execution - Kerberos (CVE-2005-1689) - High [464]

Description: Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1689 was patched at 2024-05-15

745. Remote Code Execution - Kerberos (CVE-2017-15088) - High [464]

Description: plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15088 was patched at 2024-05-15

746. Remote Code Execution - Unknown Product (CVE-2006-0745) - High [464]

Description: {'vulners_cve_data_all': 'X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] xorg-x11-server modulepath Local Privilege Escalation, [exploitpack] xorg-x11-server 1.20.3 - modulepath Local Privilege Escalation, [exploitdb] xorg-x11-server < 1.20.3 - 'modulepath' Local Privilege Escalation)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0745 was patched at 2024-05-15

747. Remote Code Execution - Unknown Product (CVE-2007-0017) - High [464]

Description: {'vulners_cve_data_all': 'Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] VLCMediaSlayer-x86.pl.txt, [packetstorm] VLCMediaSlayer-ppc.pl.txt)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0017 was patched at 2024-05-15

748. Remote Code Execution - Unknown Product (CVE-2007-0104) - High [464]

Description: {'vulners_cve_data_all': 'The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Microsoft Publisher文件解析多个内存破坏漏洞(MS08-012))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0104 was patched at 2024-05-15

749. Remote Code Execution - Unknown Product (CVE-2007-2807) - High [464]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Eggdrop/Windrop 1.6.19 Denial Of Service, [seebug] Eggdrop/Windrop 1.6.19 ctcpbuf Remote Crash Vulnerability, [exploitpack] EggdropWindrop 1.6.19 - ctcpbuf Remote Crash, [exploitdb] Eggdrop/Windrop 1.6.19 - ctcpbuf Remote Crash)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2807 was patched at 2024-05-15

750. Remote Code Execution - Unknown Product (CVE-2007-2958) - High [464]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Sylpheed和Sylpheed-Claws POP3远程格式串处理漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2958 was patched at 2024-05-15

751. Remote Code Execution - Unknown Product (CVE-2007-4727) - High [464]

Description: {'vulners_cve_data_all': 'Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a long content length, as demonstrated by overwriting the SCRIPT_FILENAME variable, aka a "header overflow."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([d2] DSquare Exploit Pack: D2SEC_LIGHTTPD3)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4727 was patched at 2024-05-15

752. Remote Code Execution - Unknown Product (CVE-2007-5301) - High [464]

Description: {'vulners_cve_data_all': 'Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Alsaplayer < 0.99.80-rc3 Vorbis Input Local Buffer Overflow Exploit, [seebug] Alsaplayer < 0.99.80-rc3 - Vorbis Input Local Buffer Overflow Exploit, [exploitpack] AlsaPlayer 0.99.80-rc3 - Vorbis Input Local Buffer Overflow, [packetstorm] alsaplayer-overflow.txt, [exploitdb] AlsaPlayer < 0.99.80-rc3 - Vorbis Input Local Buffer Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5301 was patched at 2024-05-15

753. Remote Code Execution - Unknown Product (CVE-2007-5848) - High [464]

Description: {'vulners_cve_data_all': 'Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X v10.5.1 2007-009 Multiple Security Vulnerabilities)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5848 was patched at 2024-05-15

754. Remote Code Execution - Unknown Product (CVE-2008-0073) - High [464]

Description: {'vulners_cve_data_all': 'Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] mplayer-overflowpoc.txt, [exploitpack] MPlayer 1.0 rc2 - sdpplin_parse() Array Indexing Buffer Overflow (PoC), [seebug] MPlayer sdpplin_parse() Array Indexing Buffer Overflow Exploit PoC, [seebug] xine-lib sdpplin_parse()函数远程溢出漏洞, [exploitdb] MPlayer 1.0 rc2 - 'sdpplin_parse()' Array Indexing Buffer Overflow (PoC))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0073 was patched at 2024-05-15

755. Remote Code Execution - Unknown Product (CVE-2008-1102) - High [464]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the imb_loadhdr function in Blender 2.45 allows user-assisted remote attackers to execute arbitrary code via a .blend file that contains a crafted Radiance RGBE image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Blender radiance_hdr.c文件远程栈溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1102 was patched at 2024-05-15

756. Remote Code Execution - Unknown Product (CVE-2008-1489) - High [464]

Description: {'vulners_cve_data_all': 'Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] VLC媒体播放器MP4_ReadBox_rdrf()函数堆溢出漏洞, [seebug] VideoLAN VLC媒体播放器MP4 Demuxer远程代码执行漏洞, [packetstorm] Core Security Technologies Advisory 2008.0130)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1489 was patched at 2024-05-15

757. Remote Code Execution - Unknown Product (CVE-2008-1881) - High [464]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the ParseSSA function (modules/demux/subtitle.c) in VLC 0.8.6e allows remote attackers to execute arbitrary code via a long subtitle in an SSA file. NOTE: this issue is due to an incomplete fix for CVE-2007-6681.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1881 was patched at 2024-05-15

758. Remote Code Execution - Unknown Product (CVE-2008-2310) - High [464]

Description: {'vulners_cve_data_all': 'Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2008-004更新修复多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2310 was patched at 2024-05-15

759. Remote Code Execution - Unknown Product (CVE-2008-3794) - High [464]

Description: {'vulners_cve_data_all': 'Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3794 was patched at 2024-05-15

760. Remote Code Execution - Unknown Product (CVE-2008-5824) - High [464]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5824 was patched at 2024-05-15

761. Remote Code Execution - Unknown Product (CVE-2009-1373) - High [464]

Description: {'vulners_cve_data_all': 'Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Pidgin多个缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1373 was patched at 2024-05-15

762. Remote Code Execution - Unknown Product (CVE-2009-1721) - High [464]

Description: {'vulners_cve_data_all': 'The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2009-003修补多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1721 was patched at 2024-05-15

763. Remote Code Execution - Unknown Product (CVE-2009-1722) - High [464]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the compression implementation in OpenEXR 1.2.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2009-003修补多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1722 was patched at 2024-05-15

764. Remote Code Execution - Unknown Product (CVE-2009-2624) - High [464]

Description: {'vulners_cve_data_all': 'The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2006-007存在多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2624 was patched at 2024-05-15

765. Remote Code Execution - Unknown Product (CVE-2009-2830) - High [464]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2009-006更新修复多个安全漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2830 was patched at 2024-05-15

766. Remote Code Execution - Unknown Product (CVE-2009-3605) - High [464]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] CUPS pdftops过滤器多个整数溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3605 was patched at 2024-05-15

767. Remote Code Execution - Unknown Product (CVE-2011-0522) - High [464]

Description: {'vulners_cve_data_all': 'The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows remote attackers to execute arbitrary code via a subtitle with an opening "<" without a closing ">" in an MKV file, which triggers heap memory corruption, as demonstrated using refined-australia-blu720p-sample.mkv.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] VLC Media Player Memory Corruption)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0522 was patched at 2024-05-15

768. Remote Code Execution - Unknown Product (CVE-2011-1574) - High [464]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in libmodplug before 0.8.8.2 allows remote attackers to execute arbitrary code via a crafted S3M file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([saint] VLC Media Player Libmodplug CSoundFile::ReadS3M() Function S3M File Handling Overflow, [saint] VLC Media Player Libmodplug CSoundFile::ReadS3M() Function S3M File Handling Overflow, [saint] VLC Media Player Libmodplug CSoundFile::ReadS3M() Function S3M File Handling Overflow, [saint] VLC Media Player Libmodplug CSoundFile::ReadS3M() Function S3M File Handling Overflow, [packetstorm] VideoLAN VLC ModPlug ReadS3M Stack Buffer Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1574 was patched at 2024-05-15

769. Remote Code Execution - Unknown Product (CVE-2011-2587) - High [464]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the DemuxAudioSipr function in real.c in the RealMedia demuxer in VideoLAN VLC media player 1.1.x before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real Media file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] VLC Media Player ".RM"和".AVI"文件多个远程堆缓冲区溢出漏洞(CVE-2011-2587))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2587 was patched at 2024-05-15

770. Remote Code Execution - Unknown Product (CVE-2012-3377) - High [464]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG demuxer (modules/demux/ogg.c) in VideoLAN VLC media player before 2.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted OGG file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] VLC Media Player 'OGG'文件远程堆缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3377 was patched at 2024-05-15

771. Remote Code Execution - Unknown Product (CVE-2013-1428) - High [464]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or possibly execute arbitrary code via a large TCP packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Tincd Post-Authentication Remote TCP Stack Buffer Overflow Exploit, [packetstorm] Tincd Post-Authentication Remote TCP Stack Buffer Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1428 was patched at 2024-05-15

772. Remote Code Execution - Unknown Product (CVE-2013-3245) - High [464]

Description: {'vulners_cve_data_all': 'plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media Player 2.0.7, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MKV file, possibly involving an integer overflow and out-of-bounds read or heap-based buffer overflow, or an uncaught exception. NOTE: the vendor disputes the severity and claimed vulnerability type of this issue, stating "This PoC crashes VLC, indeed, but does nothing more... this is not an integer overflow error, but an uncaught exception and I doubt that it is exploitable. This uncaught exception makes VLC abort, not execute random code, on my Linux 64bits machine." A PoC posted by the original researcher shows signs of an attacker-controlled out-of-bounds read, but the affected instruction does not involve a register that directly influences control flow', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] VLC Media Player远程整数溢出漏洞(CVE-2013-3245))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-3245 was patched at 2024-05-15

773. Remote Code Execution - Unknown Product (CVE-2018-7567) - High [464]

Description: {'vulners_cve_data_all': 'In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating "the behaviour is as designed and needed for different packages to be installed", "there is a security warning if the package is not verified by OTRS Group", and "there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] OTRS Authenticated Command Injection Exploit, [packetstorm] OTRS Command Injection)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7567 was patched at 2024-05-15

774. Denial of Service - Perl (CVE-2012-2214) - High [463]

Description: proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle canceled SOCKS5 connection attempts, which allows user-assisted remote authenticated users to cause a denial of service (application crash) via a sequence of XMPP file-transfer requests.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Pidgin <2.10.4 XMPP协议文件传输请求处理远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2214 was patched at 2024-05-15

775. Memory Corruption - Wireshark (CVE-2019-5721) - High [463]

Description: In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5721 was patched at 2024-05-15

776. Memory Corruption - tiffcrop (CVE-2023-25435) - High [463]

Description: {'vulners_cve_data_all': 'libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Tiffcrop processes one or more files created according to the Tag Image File Format, Revision 6.0, specification into one or more TIFF file(s)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-25435 was patched at 2024-05-15

777. Cross Site Scripting - MediaWiki (CVE-2024-34507) - High [461]

Description: An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges#%1b0000000.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-34507 was patched at 2024-05-15

redos: CVE-2024-34507 was patched at 2024-05-14

778. Authentication Bypass - Kerberos (CVE-2023-3326) - High [460]

Description: {'vulners_cve_data_all': 'pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-3326 was patched at 2024-05-15

779. Authentication Bypass - Unknown Product (CVE-2008-0169) - High [460]

Description: {'vulners_cve_data_all': 'Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ikiwiki空口令绕过认证漏洞)
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0169 was patched at 2024-05-15

780. Authentication Bypass - Unknown Product (CVE-2021-31924) - High [460]

Description: {'vulners_cve_data_all': 'Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence (touch) or cryptographic signature verification to be bypassed, so an attacker would still need to physically possess and interact with the YubiKey or another enrolled authenticator. If pam-u2f is configured to require PIN authentication, and the application using pam-u2f allows the user to submit NULL as the PIN, pam-u2f will attempt to perform a FIDO2 authentication without PIN. If this authentication is successful, the PIN requirement is bypassed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31924 was patched at 2024-05-15

781. Authentication Bypass - wpa_supplicant (CVE-2023-52160) - High [459]

Description: The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.614wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation) and Haiku
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-52160 was patched at 2024-04-30

debian: CVE-2023-52160 was patched at 2024-05-15

oraclelinux: CVE-2023-52160 was patched at 2024-05-02

redhat: CVE-2023-52160 was patched at 2024-04-30

782. Unknown Vulnerability Type - Windows Encrypting File System (CVE-2017-5473) - High [459]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user_prefs.lua, admin/delete_user.lua, and admin/password_reset.lua.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] ntopng Web Interface 2.4.160627 Cross Site Request Forgery, [zdt] ntopng Web Interface 2.4.160627 Cross Site Request Forgery Vulnerability, [exploitpack] NTOPNG 2.4 Web Interface - Cross-Site Request Forgery, [exploitdb] NTOPNG 2.4 Web Interface - Cross-Site Request Forgery)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5473 was patched at 2024-05-15

783. Unknown Vulnerability Type - Windows LDAP (CVE-2018-8764) - High [459]

Description: {'vulners_cve_data_all': 'Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 places a CSRF token in the sec_token parameter of a URI, which makes it easier for remote attackers to defeat a CSRF protection mechanism by leveraging logging.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] LDAP Account Manager 6.2 Cross Site Scripting)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-8764 was patched at 2024-05-15

784. Memory Corruption - Kerberos (CVE-2024-26458) - High [458]

Description: Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26458 was patched at 2024-05-22

debian: CVE-2024-26458 was patched at 2024-05-15

oraclelinux: CVE-2024-26458 was patched at 2024-05-29

redhat: CVE-2024-26458 was patched at 2024-05-22

redos: CVE-2024-26458 was patched at 2024-04-23

785. Memory Corruption - Kerberos (CVE-2024-26461) - High [458]

Description: Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26461 was patched at 2024-05-22

debian: CVE-2024-26461 was patched at 2024-05-15

oraclelinux: CVE-2024-26461 was patched at 2024-05-29

redhat: CVE-2024-26461 was patched at 2024-05-22

redos: CVE-2024-26461 was patched at 2024-04-23

786. Memory Corruption - Kerberos (CVE-2024-26462) - High [458]

Description: Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26462 was patched at 2024-05-15

redos: CVE-2024-26462 was patched at 2024-04-23

787. Security Feature Bypass - Unknown Product (CVE-2012-2663) - High [458]

Description: {'vulners_cve_data_all': 'extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP SYN+FIN packets in --syn rules, which might allow remote attackers to bypass intended firewall restrictions via crafted packets. NOTE: the CVE-2012-6638 fix makes this issue less relevant.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Linux kernel 2.6.x iptables '--syn'规则安全绕过漏洞, [seebug] Linux Kernel 'tcp_rcv_state_process()'函数拒绝服务漏洞)
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2663 was patched at 2024-05-15

788. Security Feature Bypass - Unknown Product (CVE-2019-20149) - High [458]

Description: {'vulners_cve_data_all': 'ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Exposure of Resource to Wrong Sphere in Kind-Of Project Kind-Of)
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20149 was patched at 2024-05-15

789. Information Disclosure - Unknown Product (CVE-2019-15058) - High [457]

Description: {'vulners_cve_data_all': 'stb_image.h (aka the stb image loader) 2.23 has a heap-based buffer over-read in stbi__tga_load, leading to Information Disclosure or Denial of Service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15058 was patched at 2024-05-15

790. Information Disclosure - Unknown Product (CVE-2021-3402) - High [457]

Description: {'vulners_cve_data_all': 'An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3402 was patched at 2024-05-15

791. Arbitrary File Writing - Unknown Product (CVE-2008-5377) - High [455]

Description: {'vulners_cve_data_all': 'pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] CUPS Privilege Escalation Exploit, [seebug] CUPS < 1.3.8-4 - (pstopdf filter) Privilege Escalation Exploit, [seebug] CUPS < 1.3.8-4 (pstopdf filter) Privilege Escalation Exploit, [exploitpack] CUPS 1.3.8-4 - Local Privilege Escalation, [exploitdb] CUPS < 1.3.8-4 - Local Privilege Escalation)
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5377 was patched at 2024-05-15

792. Arbitrary File Writing - Unknown Product (CVE-2008-5394) - High [455]

Description: {'vulners_cve_data_all': '/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Debian Linux /bin/login软件包本地权限提升漏洞)
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5394 was patched at 2024-05-15

793. Arbitrary File Writing - Unknown Product (CVE-2009-2939) - High [455]

Description: {'vulners_cve_data_all': 'The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix 2.5.5 package grants the postfix user write access to /var/spool/postfix/pid, which might allow local users to conduct symlink attacks that overwrite arbitrary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Debian和Ubuntu Postfix不安全临时文件建立漏洞)
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2939 was patched at 2024-05-15

794. Unknown Vulnerability Type - Node.js (CVE-2022-29078) - High [454]

Description: {'vulners_cve_data_all': 'The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29078 was patched at 2024-05-15

795. Unknown Vulnerability Type - OpenSSL (CVE-2006-3738) - High [454]

Description: {'vulners_cve_data_all': 'Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2006-007存在多个安全漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3738 was patched at 2024-05-15

796. Unknown Vulnerability Type - PHP (CVE-2008-4796) - High [454]

Description: {'vulners_cve_data_all': 'The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitrary commands via shell metacharacters in https URLs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Feed2JS File Disclosure, [packetstorm] Nagios Core Curl Command Injection / Code Execution, [seebug] Nagios Core < 4.2.2 Curl Command Injection/Code Execution (CVE-2016-9565))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4796 was patched at 2024-05-15

797. Unknown Vulnerability Type - PHP (CVE-2008-7251) - High [454]

Description: {'vulners_cve_data_all': 'libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin创建不安全文件和目录漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7251 was patched at 2024-05-15

798. Unknown Vulnerability Type - PHP (CVE-2008-7252) - High [454]

Description: {'vulners_cve_data_all': 'libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin创建不安全文件和目录漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7252 was patched at 2024-05-15

799. Unknown Vulnerability Type - PHP (CVE-2009-2853) - High [454]

Description: {'vulners_cve_data_all': 'Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7) edit-page-form.php, and (8) edit-tag-form.php in wp-admin/.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([dsquare] WordPress 2.8.3 RCE, [seebug] WordPress wp-admin非授权管理访问漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2853 was patched at 2024-05-15

800. Unknown Vulnerability Type - PHP (CVE-2016-6175) - High [454]

Description: {'vulners_cve_data_all': 'Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] PHP gettext 1.0.12 - gettext.php Code Execution, [packetstorm] PHP gettext 1.0.12 Code Execution, [zdt] PHP gettext 1.0.12 - (gettext.php) Unauthenticated Code Execution, [exploitdb] PHP gettext 1.0.12 - 'gettext.php' Code Execution)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6175 was patched at 2024-05-15

801. Denial of Service - Git (CVE-2018-20164) - High [453]

Description: An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service (ReDoS) issue allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to a value containing a long digit string. (The UAP-Core project contains the vulnerability, propagating to all implementations.)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] UA-Parser Denial Of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Git
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20164 was patched at 2024-05-15

802. Memory Corruption - GPAC (CVE-2020-19750) - High [453]

Description: {'vulners_cve_data_all': 'An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-19750 was patched at 2024-05-15

803. Memory Corruption - GPAC (CVE-2021-32271) - High [453]

Description: {'vulners_cve_data_all': 'An issue was discovered in gpac through 20200801. A stack-buffer-overflow exists in the function DumpRawUIConfig located in odf_dump.c. It allows an attacker to cause code Execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32271 was patched at 2024-05-15

804. Memory Corruption - GPAC (CVE-2023-0358) - High [453]

Description: Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0358 was patched at 2024-05-15

805. Cross Site Scripting - Unknown Product (CVE-2013-6364) - High [452]

Description: {'vulners_cve_data_all': 'Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability, [zdt] Horde 5.1.2 CSRF / Cross Site Scripting Vulnerabilities, [packetstorm] Horde 5.1.2 Cross Site Request Forgery / Cross Site Scripting, [exploitpack] Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (2), [exploitdb] Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (2))
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6364 was patched at 2024-05-15

806. Remote Code Execution - Kerberos (CVE-2005-0490) - High [452]

Description: Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0490 was patched at 2024-05-15

807. Remote Code Execution - Kerberos (CVE-2006-6143) - High [452]

Description: The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6143 was patched at 2024-05-15

808. Remote Code Execution - Kerberos (CVE-2008-0948) - High [452]

Description: Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0948 was patched at 2024-05-15

809. Remote Code Execution - Kerberos (CVE-2012-1014) - High [452]

Description: The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1014 was patched at 2024-05-15

810. Remote Code Execution - Unknown Product (CVE-2012-6081) - High [452]

Description: {'vulners_cve_data_all': 'Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] MoinMoin twikidraw Action Traversal File Upload, [zdt] MoinMoin twikidraw Action Traversal File Upload Vulnerability, [seebug] MoinMoin action/twikidraw.py和action/anywikidraw.py任意代码执行漏洞, [dsquare] MoinMoin 1.9.5 RCE)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6081 was patched at 2024-05-15

811. Remote Code Execution - Unknown Product (CVE-2012-6495) - High [452]

Description: {'vulners_cve_data_all': 'Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: MOINMOIN_RCE, [packetstorm] MoinMoin twikidraw Action Traversal File Upload, [zdt] MoinMoin twikidraw Action Traversal File Upload Vulnerability, [seebug] MoinMoin action/twikidraw.py和action/anywikidraw.py任意代码执行漏洞, [dsquare] MoinMoin 1.9.5 RCE)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6495 was patched at 2024-05-15

812. Remote Code Execution - Unknown Product (CVE-2019-1010091) - High [452]

Description: {'vulners_cve_data_all': 'tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Cross-site Scripting in Tiny Tinymce)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010091 was patched at 2024-05-15

813. Denial of Service - Perl (CVE-2013-6436) - High [451]

Description: The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] libvirt "lxcDomainGetMemoryParameters()"拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6436 was patched at 2024-05-15

814. Denial of Service - Perl (CVE-2014-2573) - High [451]

Description: The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenStack Compute (Nova) VMWare驱动配额限制绕过拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2573 was patched at 2024-05-15

815. Elevation of Privilege - Unknown Product (CVE-2016-10156) - High [449]

Description: {'vulners_cve_data_all': 'A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Systemd 228 (SUSE 12 SP2 Ubuntu Touch 15.04) - Local Privilege Escalation, [packetstorm] Systemd 228 Privilege Escalation, [zdt] Systemd 228 - Privilege Escalation Vulnerability, [exploitdb] Systemd 228 (SUSE 12 SP2 / Ubuntu Touch 15.04) - Local Privilege Escalation)
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10156 was patched at 2024-05-15

816. Elevation of Privilege - Unknown Product (CVE-2019-18862) - High [449]

Description: {'vulners_cve_data_all': 'maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] GNU Mailutils 3.7 Privilege Escalation, [zdt] GNU Mailutils 3.7 - Privilege Escalation Exploit, [exploitpack] GNU Mailutils 3.7 - Privilege Escalation, [exploitdb] GNU Mailutils 3.7 - Privilege Escalation)
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-18862 was patched at 2024-05-15

817. Memory Corruption - PHP (CVE-2013-1427) - High [448]

Description: The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a predictable name in /tmp, which allows local users to hijack the PHP control socket and perform unauthorized actions such as forcing the use of a different version of PHP via a symlink attack or a race condition.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] lighttpd不安全临时文件创建漏洞(CVE-2013-1427))
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1427 was patched at 2024-05-15

818. Command Injection - Unknown Product (CVE-2022-3590) - High [447]

Description: {'vulners_cve_data_all': 'WordPress is affected by an unauthenticated blind SSRF in the pingback feature. Because of a TOCTOU race condition between the validation checks and the HTTP request, attackers can reach internal hosts that are explicitly forbidden.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Wordpress, [wpexploit] WP <= 6.2 - Unauthenticated Blind SSRF via DNS Rebinding)
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3590 was patched at 2024-05-15

819. Remote Code Execution - Linux Kernel (CVE-2017-13715) - High [447]

Description: The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a single crafted MPLS packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-13715 was patched at 2024-05-15

820. Remote Code Execution - Windows Kernel (CVE-2008-0296) - High [447]

Description: Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0296 was patched at 2024-05-15

821. Remote Code Execution - Windows Kernel (CVE-2009-2688) - High [447]

Description: Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2688 was patched at 2024-05-15

822. Remote Code Execution - Windows Kernel (CVE-2022-28181) - High [447]

Description: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score1.010CVSS Base Score is 9.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-28181 was patched at 2024-05-15

823. Remote Code Execution - Windows LDAP (CVE-2002-1347) - High [447]

Description: Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1347 was patched at 2024-05-15

824. Unknown Vulnerability Type - Apache HTTP Server (CVE-2013-2249) - High [447]

Description: {'vulners_cve_data_all': 'mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apache HTTP Server mod_session_dbd 远程安全漏洞(CVE-2013-2249))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2249 was patched at 2024-05-15

825. Unknown Vulnerability Type - Linux Kernel (CVE-2016-6187) - High [447]

Description: {'vulners_cve_data_all': 'The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Linux Kernel < 4.5.1 - Off-By-One (PoC) Exploit, [exploitpack] Linux Kernel 4.5.1 - Off-By-One (PoC), [exploitdb] Linux Kernel < 4.5.1 - Off-By-One (PoC))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6187 was patched at 2024-05-15

826. Unknown Vulnerability Type - Linux Kernel (CVE-2021-45100) - High [447]

Description: {'vulners_cve_data_all': 'The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45100 was patched at 2024-05-15

827. Unknown Vulnerability Type - Windows LDAP (CVE-2011-4075) - High [447]

Description: {'vulners_cve_data_all': 'The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([dsquare] phpLDAPadmin 1.2.1.1 RCE)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4075 was patched at 2024-05-15

828. Denial of Service - Unknown Product (CVE-2017-7938) - High [446]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Dmitry 1.3a - Local Buffer Overflow (PoC), [zdt] DMitry - ( Deepmagic Information Gathering Tool ) - Local Stack Buffer Overflow Vulnerability, [packetstorm] Dmitry 1.3a Local Stack Buffer Overflow, [exploitdb] Dmitry 1.3a - Local Buffer Overflow (PoC))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7938 was patched at 2024-05-15

829. Denial of Service - Unknown Product (CVE-2017-9430) - High [446]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] DNSTracer 1.9 - Buffer Overflow Exploit, [zdt] DNSTracer 1.8.1 - Buffer Overflow Vulnerability, [exploitpack] DNSTracer 1.8.1 - Buffer Overflow (PoC), [exploitpack] DNSTracer 1.9 - Local Buffer Overflow, [packetstorm] DNSTracer 1.8.1 Buffer Overflow, [packetstorm] DNSTracer 1.9 Buffer Overflow, [exploitdb] DNSTracer 1.8.1 - Buffer Overflow (PoC), [exploitdb] DNSTracer 1.9 - Local Buffer Overflow)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9430 was patched at 2024-05-15

830. Denial of Service - Unknown Product (CVE-2018-16492) - High [446]

Description: {'vulners_cve_data_all': 'A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16492 was patched at 2024-05-15

831. Denial of Service - Unknown Product (CVE-2019-11072) - High [446]

Description: {'vulners_cve_data_all': 'lighttpd before 1.4.54 has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malicious HTTP GET request, as demonstrated by mishandling of /%2F? in burl_normalize_2F_to_slash_fix in burl.c. NOTE: The developer states "The feature which can be abused to cause the crash is a new feature in lighttpd 1.4.50, and is not enabled by default. It must be explicitly configured in the config file (e.g. lighttpd.conf). Certain input will trigger an abort() in lighttpd when that feature is enabled. lighttpd detects the underflow or realloc() will fail (in both 32-bit and 64-bit executables), also detected in lighttpd. Either triggers an explicit abort() by lighttpd. This is not exploitable beyond triggering the explicit abort() with subsequent application exit.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11072 was patched at 2024-05-15

832. Memory Corruption - HID (CVE-2018-1121) - High [446]

Description: procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Procps-ng - Multiple Vulnerabilities, [exploitpack] Procps-ng - Multiple Vulnerabilities, [packetstorm] Procps-ng Audit Report, [exploitdb] Procps-ng - Multiple Vulnerabilities)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514HID
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1121 was patched at 2024-05-15

debian: CVE-2018-11210 was patched at 2024-05-15

833. Path Traversal - Unknown Product (CVE-2022-23457) - High [446]

Description: {'vulners_cve_data_all': 'ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one's own implementation of the Validator interface. However, maintainers do not recommend this.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-23457 was patched at 2024-05-15

834. Security Feature Bypass - Unknown Product (CVE-2023-26159) - High [446]

Description: {'vulners_cve_data_all': 'Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26159 was patched at 2024-05-15

835. Arbitrary File Reading - Unknown Product (CVE-2010-0013) - High [445]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Pidgin MSN 2.6.4 - File Download, [packetstorm] Pidgin MSN 2.6.4 File Download, [seebug] Pidgin MSN <= 2.6.4 File Download Vulnerability, [exploitdb] Pidgin MSN 2.6.4 - File Download)
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0013 was patched at 2024-05-15

836. Arbitrary File Reading - Unknown Product (CVE-2017-5982) - High [445]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Kodi 17.0 Local File Inclusion Exploit, [packetstorm] Kodi 17.1 Local File Inclusion)
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5982 was patched at 2024-05-15

837. Information Disclosure - Unknown Product (CVE-2008-4359) - High [445]

Description: {'vulners_cve_data_all': 'lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Lighttpd URI重写/重定向信息泄露漏洞)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4359 was patched at 2024-05-15

838. Information Disclosure - Unknown Product (CVE-2016-1886) - High [445]

Description: {'vulners_cve_data_all': 'Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack overflow."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] FreeBSD Kernel (FreeBSD 10.2 < 10.3 x64) - SETFKEY (PoC) Exploit)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1886 was patched at 2024-05-15

839. Information Disclosure - Unknown Product (CVE-2017-2895) - High [445]

Description: {'vulners_cve_data_all': 'An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Cesanta Mongoose MQTT SUBSCRIBE Topic Length Information Leak(CVE-2017-2895))
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2895 was patched at 2024-05-15

840. Information Disclosure - Unknown Product (CVE-2018-19045) - High [445]

Description: {'vulners_cve_data_all': 'keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19045 was patched at 2024-05-15

841. Information Disclosure - Unknown Product (CVE-2018-9144) - High [445]

Description: {'vulners_cve_data_all': 'In Exiv2 0.26, there is an out-of-bounds read in Exiv2::Internal::binaryToString in image.cpp. It could result in denial of service or information disclosure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-9144 was patched at 2024-05-15

842. Information Disclosure - Unknown Product (CVE-2022-45868) - High [445]

Description: {'vulners_cve_data_all': 'The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that." Nonetheless, the issue was fixed in 2.2.220.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-45868 was patched at 2024-05-15

843. Unknown Vulnerability Type - PHP (CVE-2009-1960) - High [442]

Description: {'vulners_cve_data_all': 'inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: DOKUWIKI_EXEC2)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1960 was patched at 2024-05-15

844. Unknown Vulnerability Type - PHP (CVE-2015-8379) - High [442]

Description: {'vulners_cve_data_all': 'CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to bypass the CSRF protection mechanism via the _method parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] CakePHP 3.2.0 CSRF Bypass)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8379 was patched at 2024-05-15

845. Unknown Vulnerability Type - PHP (CVE-2017-5368) - High [442]

Description: {'vulners_cve_data_all': 'ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, is vulnerable to CSRF (Cross Site Request Forgery) which allows a remote attack to make changes to the web application as the current logged in victim. If the victim visits a malicious web page, the attacker can silently and automatically create a new admin user within the web application for remote persistence and further attacks. The URL is /zm/index.php and sample parameters could include action=user uid=0 newUser[Username]=attacker1 newUser[Password]=Password1234 conf_password=Password1234 newUser[System]=Edit (among others).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] ZoneMinder - Multiple Vulnerabilities, [packetstorm] ZoneMinder XSS / CSRF / File Disclosure / Authentication Bypass)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5368 was patched at 2024-05-15

846. Unknown Vulnerability Type - PHP (CVE-2018-10188) - High [442]

Description: {'vulners_cve_data_all': 'phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] phpMyAdmin 4.8.0 4.8.0-1 - Cross-Site Request Forgery, [zdt] phpMyAdmin 4.8.0 / 4.8.0-1 - Cross-Site Request Forgery Vulnerability, [packetstorm] phpMyAdmin Cross Site Request Forgery, [exploitdb] phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10188 was patched at 2024-05-15

847. Unknown Vulnerability Type - PHP (CVE-2020-14947) - High [442]

Description: {'vulners_cve_data_all': 'OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] OCS Inventory NG 2.7 Remote Code Execution, [githubexploit] Exploit for OS Command Injection in Factorfx Open Computer Software Inventory Next Generation, [zdt] OCS Inventory NG 2.7 - Remote Code Execution Exploit, [exploitdb] OCS Inventory NG 2.7 - Remote Code Execution)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-14947 was patched at 2024-05-15

848. Remote Code Execution - Kerberos (CVE-2002-0657) - High [440]

Description: Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0657 was patched at 2024-05-15

849. Remote Code Execution - Kerberos (CVE-2003-0060) - High [440]

Description: Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0060 was patched at 2024-05-15

850. Remote Code Execution - Kerberos (CVE-2004-0642) - High [440]

Description: Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0642 was patched at 2024-05-15

851. Remote Code Execution - Kerberos (CVE-2005-1175) - High [440]

Description: Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1175 was patched at 2024-05-15

852. Remote Code Execution - Unknown Product (CVE-2003-0165) - High [440]

Description: {'vulners_cve_data_all': 'Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] core.gnome.txt)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0165 was patched at 2024-05-15

853. Remote Code Execution - Unknown Product (CVE-2005-2335) - High [440]

Description: {'vulners_cve_data_all': 'Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Fetchmail POP3客户端缓冲区溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2335 was patched at 2024-05-15

854. Remote Code Execution - Unknown Product (CVE-2006-2237) - High [440]

Description: {'vulners_cve_data_all': 'The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([saint] AWStats migrate parameter command injection, [saint] AWStats migrate parameter command injection, [saint] AWStats migrate parameter command injection, [saint] AWStats migrate parameter command injection, [packetstorm] AWStats migrate Remote Command Execution)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2237 was patched at 2024-05-15

855. Remote Code Execution - Unknown Product (CVE-2006-2465) - High [440]

Description: {'vulners_cve_data_all': 'Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] MP3Info 0.8.5a - SEH Buffer Overflow Exploit, [packetstorm] MP3Info 0.8.5 SEH Buffer Overflow)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2465 was patched at 2024-05-15

856. Remote Code Execution - Unknown Product (CVE-2007-6613) - High [440]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image that contains a long joilet file name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] GNU libcdio库cd-info/iso-info文件栈溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6613 was patched at 2024-05-15

857. Remote Code Execution - Unknown Product (CVE-2009-1490) - High [440]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Sendmail X-header头远程堆溢出漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1490 was patched at 2024-05-15

858. Remote Code Execution - Unknown Product (CVE-2023-25440) - High [440]

Description: {'vulners_cve_data_all': 'Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] CiviCRM 5.59.alpha1 Cross Site Scripting, [zdt] CiviCRM 5.59.alpha1 Cross Site Scripting Vulnerability, [exploitdb] CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting))
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-25440 was patched at 2024-05-15

859. Unknown Vulnerability Type - Kerberos (CVE-2009-0360) - High [440]

Description: {'vulners_cve_data_all': 'Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configuration file, and then launching a PAM-based setuid application.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] pam-krb5 3.13 - Local Privilege Escalation, [seebug] pam-krb5 API使用本地权限提升漏洞, [seebug] pam-krb5 < 3.13 Local Privilege Escalation Exploit, [seebug] pam-krb5 < 3.13 Local Privilege Escalation Exploit, [exploitdb] pam-krb5 < 3.13 - Local Privilege Escalation)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0360 was patched at 2024-05-15

860. Unknown Vulnerability Type - MediaWiki (CVE-2017-0372) - High [438]

Description: {'vulners_cve_data_all': 'Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] SyntaxHighlight 2.0 MediaWiki 1.28.0 Stored Cross Site Scripting Vulnerability, [packetstorm] SyntaxHighlight 2.0 MediaWiki 1.28.0 Stored Cross Site Scripting, [packetstorm] MediaWiki SyntaxHighlight Extension Option Injection)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0372 was patched at 2024-05-15

861. Unknown Vulnerability Type - SQLite (CVE-2021-37832) - High [438]

Description: {'vulners_cve_data_all': 'A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for SQL Injection in Digitaldruid Hoteldruid, [githubexploit] Exploit for SQL Injection in Digitaldruid Hoteldruid)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714SQLite is a database engine written in the C programming language
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37832 was patched at 2024-05-15

862. Elevation of Privilege - Unknown Product (CVE-2021-3864) - High [437]

Description: {'vulners_cve_data_all': 'A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Improper Access Control in Linux Linux Kernel)
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3864 was patched at 2024-05-15

863. Code Injection - Unknown Product (CVE-2021-23413) - High [435]

Description: {'vulners_cve_data_all': 'This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-23413 was patched at 2024-05-15

864. Command Injection - Unknown Product (CVE-2021-32715) - High [435]

Description: {'vulners_cve_data_all': 'hyper is an HTTP library for rust. hyper's HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a `Content-Length` header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn't parse such `Content-Length` headers, but forwards them, can result in "request smuggling" or "desync attacks". The flaw exists in all prior versions of hyper prior to 0.14.10, if built with `rustc` v1.5.0 or newer. The vulnerability is patched in hyper version 0.14.10. Two workarounds exist: One may reject requests manually that contain a plus sign prefix in the `Content-Length` header or ensure any upstream proxy handles `Content-Length` headers with a plus sign prefix.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32715 was patched at 2024-05-15

865. Memory Corruption - Linux Kernel (CVE-2019-19814) - High [435]

Description: In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19814 was patched at 2024-05-15

866. Memory Corruption - Linux Kernel (CVE-2022-32981) - High [435]

Description: An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-32981 was patched at 2024-05-15

867. Memory Corruption - Linux Kernel (CVE-2023-52440) - High [435]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slub overflow in ksmbd_decode_ntlmssp_auth_blob()\n\nIf authblob->SessionKey.Length is bigger than session key\nsize(CIFS_KEY_SIZE), slub overflow can happen in key exchange codes.\ncifs_arc4_crypt copy to session key array from SessionKey from client.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52440 was patched at 2024-05-15

868. Remote Code Execution - Windows Kernel (CVE-2011-0191) - High [435]

Description: Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0191 was patched at 2024-05-15

869. XXE Injection - Unknown Product (CVE-2014-3242) - High [435]

Description: {'vulners_cve_data_all': 'SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] SOAPpy 0.12.5 多个漏洞)
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3242 was patched at 2024-05-15

870. Denial of Service - Unknown Product (CVE-2011-0531) - High [434]

Description: {'vulners_cve_data_all': 'demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([saint] VideoLAN VLC Media Player MKV Demuxer Code Execution, [saint] VideoLAN VLC Media Player MKV Demuxer Code Execution, [saint] VideoLAN VLC Media Player MKV Demuxer Code Execution, [saint] VideoLAN VLC Media Player MKV Demuxer Code Execution, [packetstorm] VideoLAN VLC MKV Memory Corruption)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0531 was patched at 2024-05-15

871. Denial of Service - Unknown Product (CVE-2018-8002) - High [434]

Description: {'vulners_cve_data_all': 'In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete() in PdfParserObject.cpp which may result in stack overflow. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] PoDoFo 0.9.5 - Buffer Overflow Vulnerability, [packetstorm] PoDoFo 0.9.5 Buffer Overflow, [exploitpack] PoDoFo 0.9.5 - Buffer Overflow (PoC), [exploitdb] PoDoFo 0.9.5 - Buffer Overflow (PoC))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-8002 was patched at 2024-05-15

872. Denial of Service - Unknown Product (CVE-2020-19497) - High [434]

Description: {'vulners_cve_data_all': 'Integer overflow vulnerability in Mat_VarReadNextInfo5 in mat5.c in tbeu matio (aka MAT File I/O Library) 1.5.17, allows attackers to cause a Denial of Service or possibly other unspecified impacts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-19497 was patched at 2024-05-15

873. Denial of Service - Unknown Product (CVE-2020-19498) - High [434]

Description: {'vulners_cve_data_all': 'Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-19498 was patched at 2024-05-15

874. Denial of Service - Unknown Product (CVE-2020-19499) - High [434]

Description: {'vulners_cve_data_all': 'An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-19499 was patched at 2024-05-15

875. Security Feature Bypass - Unknown Product (CVE-2022-40896) - High [434]

Description: {'vulners_cve_data_all': 'A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-40896 was patched at 2024-05-15

876. Information Disclosure - Unknown Product (CVE-2009-4235) - High [433]

Description: {'vulners_cve_data_all': 'acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerability than CVE-2009-4033.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Red Hat acpid '/var/log/acpid'日志文件权限本地特权提升漏洞)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4235 was patched at 2024-05-15

877. Information Disclosure - Unknown Product (CVE-2023-27478) - High [433]

Description: {'vulners_cve_data_all': 'libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This issue has been addressed in version 1.1.4. Users are advised to upgrade. There are several ways to workaround or lower the probability of this bug affecting a given deployment. 1: use a reasonably high `POLL_TIMEOUT` setting, like the default. 2: use separate libmemcached connections for unrelated data. 3: do not re-use libmemcached connections in an unknown state.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-27478 was patched at 2024-05-15

878. Information Disclosure - Unknown Product (CVE-2024-28849) - High [433]

Description: {'vulners_cve_data_all': 'follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28849 was patched at 2024-05-15

879. Spoofing - Perl (CVE-2013-6419) - High [433]

Description: Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by (1) api/metadata/handler.py in Nova and (2) the neutron-metadata-agent (agent/metadata/agent.py) in Neutron.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenStack Neutron/Nova信息泄漏漏洞)
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6419 was patched at 2024-05-15

880. Authentication Bypass - Apache HTTP Server (CVE-2017-6062) - High [432]

Description: The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDCUnAuthAction pass" configuration, which allows remote attackers to bypass authentication via crafted HTTP traffic.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.910CVSS Base Score is 8.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6062 was patched at 2024-05-15

881. Arbitrary File Writing - Unknown Product (CVE-2007-6683) - High [431]

Description: {'vulners_cve_data_all': 'The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to overwrite arbitrary files via (1) the :demuxdump-file option in a filename in a playlist, or (2) a EXTVLCOPT statement in an MP3 file, possibly an argument injection vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] VLC媒体播放器浏览器插件任意文件覆盖漏洞)
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6683 was patched at 2024-05-15

882. Arbitrary File Writing - Unknown Product (CVE-2008-1694) - High [431]

Description: {'vulners_cve_data_all': 'vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] GNU Emacs创建不安全临时文件漏洞)
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1694 was patched at 2024-05-15

883. Remote Code Execution - APT (CVE-2023-41101) - High [430]

Description: An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions 10.x and later. Attackers may exploit the issue to crash OpenNDS (Denial-of-Service condition) or to inject and execute arbitrary bytecode (Remote Code Execution).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-41101 was patched at 2024-05-15

884. Remote Code Execution - Mozilla Firefox (CVE-2006-1790) - High [430]

Description: A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1790 was patched at 2024-05-15

885. Remote Code Execution - Mozilla Firefox (CVE-2006-4571) - High [430]

Description: Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4571 was patched at 2024-05-15

886. Remote Code Execution - Mozilla Firefox (CVE-2008-3533) - High [430]

Description: Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3533 was patched at 2024-05-15

887. Remote Code Execution - OpenSSH (CVE-2002-0639) - High [430]

Description: Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0639 was patched at 2024-05-15

888. Remote Code Execution - OpenSSH (CVE-2002-0640) - High [430]

Description: Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0640 was patched at 2024-05-15

889. Remote Code Execution - OpenSSH (CVE-2003-0693) - High [430]

Description: A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0693 was patched at 2024-05-15

890. Remote Code Execution - OpenSSL (CVE-2003-0545) - High [430]

Description: Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0545 was patched at 2024-05-15

891. Remote Code Execution - PHP (CVE-2019-10774) - High [430]

Description: php-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10774 was patched at 2024-05-15

892. Remote Code Execution - PHP (CVE-2023-26034) - High [430]

Description: ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are affected by a SQL Injection vulnerability. The (blind) SQL Injection vulnerability is present within the `filter[Query][terms][0][attr]` query string parameter of the `/zm/index.php` endpoint. A user with the View or Edit permissions of Events may execute arbitrary SQL. The resulting impact can include unauthorized data access (and modification), authentication and/or authorization bypass, and remote code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26034 was patched at 2024-05-15

893. Remote Code Execution - PHP (CVE-2023-40619) - High [430]

Description: phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-40619 was patched at 2024-05-15

894. Remote Code Execution - RPC (CVE-2003-0033) - High [430]

Description: Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 allows remote attackers to execute arbitrary code via fragmented RPC packets.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0033 was patched at 2024-05-15

895. Remote Code Execution - RPC (CVE-2003-0252) - High [430]

Description: Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0252 was patched at 2024-05-15

896. Remote Code Execution - Samba (CVE-2004-0882) - High [430]

Description: Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0882 was patched at 2024-05-15

897. Remote Code Execution - Samba (CVE-2004-1154) - High [430]

Description: Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1154 was patched at 2024-05-15

898. Remote Code Execution - libvpx (CVE-2016-1621) - High [430]

Description: libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814libvpx is a free software video codec library from Google and the Alliance for Open Media (AOMedia)
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1621 was patched at 2024-05-15

899. Unknown Vulnerability Type - OpenSSH (CVE-2003-1562) - High [430]

Description: {'vulners_cve_data_all': 'sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Portable OpenSSH 3.6.1p-PAM4.1-SuSE - Timing Attack, [packetstorm] openssh-timing.txt, [seebug] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit, [seebug] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit, [seebug] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit, [exploitdb] Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-1562 was patched at 2024-05-15

900. Unknown Vulnerability Type - PHP (CVE-2008-3880) - High [430]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] airVisionNVR 1.1.13 Disclosure / SQL Injection, [exploitdb] airVisionNVR 1.1.13 - 'readfile()' Disclosure / SQL Injection, [exploitpack] airVisionNVR 1.1.13 - readfile() Disclosure SQL Injection, [seebug] airVisionNVR 1.1.13 readfile() Disclosure and SQL Injection)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3880 was patched at 2024-05-15

901. Unknown Vulnerability Type - PHP (CVE-2008-4360) - High [430]

Description: {'vulners_cve_data_all': 'mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Lighttpd 'mod_userdir'大小写区分对比安全绕过漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4360 was patched at 2024-05-15

902. Unknown Vulnerability Type - PHP (CVE-2009-3041) - High [430]

Description: {'vulners_cve_data_all': 'SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for (1) ecrire/exec/install.php and (2) ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([dsquare] SPIP 2.0.8 Information Disclosure)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3041 was patched at 2024-05-15

903. Unknown Vulnerability Type - PHP (CVE-2009-3697) - High [430]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin SQL注入和跨站脚本漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3697 was patched at 2024-05-15

904. Unknown Vulnerability Type - PHP (CVE-2009-4023) - High [430]

Description: {'vulners_cve_data_all': 'Argument injection vulnerability in the sendmail implementation of the Mail::Send method (Mail/sendmail.php) in the Mail package 1.1.14 for PEAR allows remote attackers to read and write arbitrary files via a crafted $from parameter, a different vector than CVE-2009-4111.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] PEAR Mail软件包Recipient参数注入漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4023 was patched at 2024-05-15

905. Unknown Vulnerability Type - PHP (CVE-2011-4674) - High [430]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([dsquare] Zabbix <= 1.8.4 SQL Injection)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4674 was patched at 2024-05-15

906. Unknown Vulnerability Type - PHP (CVE-2012-3435) - High [430]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([dsquare] Zabbix 2.0 SQL Injection)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3435 was patched at 2024-05-15

907. Unknown Vulnerability Type - PHP (CVE-2012-3448) - High [430]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Ganglia Web Frontend 3.5.1 - PHP Code Execution, [seebug] Ganglia Web Frontend < 3.5.1 - PHP Code Execution, [packetstorm] Ganglia Web Frontend PHP Code Execution, [zdt] Ganglia Web Frontend < 3.5.1 - PHP Code Execution Exploit, [exploitdb] Ganglia Web Frontend < 3.5.1 - PHP Code Execution)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3448 was patched at 2024-05-15

908. Unknown Vulnerability Type - PHP (CVE-2014-1691) - High [430]

Description: {'vulners_cve_data_all': 'The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted serialized object in the _formvars form.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([metasploit] Horde Framework Unserialize PHP Code Execution, [zdt] Horde Framework Unserialize PHP Code Execution, [seebug] Horde Framework Unserialize PHP Code Execution, [packetstorm] Horde Framework Unserialize PHP Code Execution, [packetstorm] Horde Framework Unserialize PHP Code Execution, [exploitdb] Horde Framework - Unserialize PHP Code Execution (Metasploit))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1691 was patched at 2024-05-15

909. Unknown Vulnerability Type - RPC (CVE-2013-1362) - High [430]

Description: {'vulners_cve_data_all': 'Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In Executor (NRPE) before 2.14 might allow remote attackers to execute arbitrary shell commands via "$()" shell metacharacters, which are processed by bash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Nagios NRPE 2.13 Code Execution, [packetstorm] Nagios Remote Plugin Executor Arbitrary Command Execution, [zdt] Nagios Remote Plugin Executor Arbitrary Command Execution, [saint] Nagios Remote Plugin Executor Metacharacter Filtering Omission, [saint] Nagios Remote Plugin Executor Metacharacter Filtering Omission, [saint] Nagios Remote Plugin Executor Metacharacter Filtering Omission, [saint] Nagios Remote Plugin Executor Metacharacter Filtering Omission)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1362 was patched at 2024-05-15

910. Unknown Vulnerability Type - Samba (CVE-2010-0728) - High [430]

Description: {'vulners_cve_data_all': 'smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Samba CAP_DAC_OVERRIDE文件权限绕过安全限制漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.810CVSS Base Score is 8.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0728 was patched at 2024-05-15

911. Memory Corruption - GPAC (CVE-2022-46490) - High [429]

Description: GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_box_read function at box_code_adobe.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-46490 was patched at 2024-05-15

912. Remote Code Execution - Linux Kernel (CVE-2023-6270) - High [429]

Description: A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-6270 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-6270 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

913. Cross Site Scripting - Unknown Product (CVE-2006-3636) - High [428]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] 0013.txt)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3636 was patched at 2024-05-15

914. Cross Site Scripting - Unknown Product (CVE-2024-4439) - High [428]

Description: {'vulners_cve_data_all': 'WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. In addition, it also makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that have the comment block present and display the comment author's avatar.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-4439 was patched at 2024-05-15

915. Remote Code Execution - Kerberos (CVE-2004-1189) - High [428]

Description: The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1189 was patched at 2024-05-15

916. Remote Code Execution - Unknown Product (CVE-2014-0039) - High [428]

Description: {'vulners_cve_data_all': 'Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] fwsnort 'fwsnort.conf'本地权限提升漏洞)
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0039 was patched at 2024-05-15

917. Unknown Vulnerability Type - Curl (CVE-2007-2951) - High [426]

Description: {'vulners_cve_data_all': 'The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] KVIrc irc:// URI处理器远程命令注入漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2951 was patched at 2024-05-15

918. Unknown Vulnerability Type - FFmpeg (CVE-2011-2160) - High [426]

Description: {'vulners_cve_data_all': 'The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in MPlayer and other products, does not properly restrict read operations, which allows remote attackers to have an unspecified impact via a crafted VC-1 file, a related issue to CVE-2011-0723.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg畸形"VC1"文件解析内存破坏远程代码执行漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2160 was patched at 2024-05-15

919. Unknown Vulnerability Type - FFmpeg (CVE-2013-0869) - High [426]

Description: {'vulners_cve_data_all': 'The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an out-of-bounds array access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FFmpeg 'field_end()'函数拒绝服务漏洞(CVE-2013-0869))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0869 was patched at 2024-05-15

920. Code Injection - APT (CVE-2019-18889) - High [425]

Description: An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-18889 was patched at 2024-05-15

921. Code Injection - PHP (CVE-2018-1000871) - High [425]

Description: HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done by anyone via specially crafted sql query passed to the "id_utente_mod=1" parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000871 was patched at 2024-05-15

922. Code Injection - PHP (CVE-2019-16774) - High [425]

Description: {'vulners_cve_data_all': 'In phpfastcache before 5.1.3, there is a possible object injection vulnerability in cookie driver.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16774 was patched at 2024-05-15

923. Code Injection - PHP (CVE-2019-8423) - High [425]

Description: ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-8423 was patched at 2024-05-15

924. Code Injection - PHP (CVE-2019-8424) - High [425]

Description: ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-8424 was patched at 2024-05-15

925. Code Injection - PHP (CVE-2019-8428) - High [425]

Description: ZoneMinder before 1.32.3 has SQL Injection via the skins/classic/views/control.php groupSql parameter, as demonstrated by a newGroup[MonitorIds][] value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-8428 was patched at 2024-05-15

926. Code Injection - PHP (CVE-2019-8429) - High [425]

Description: ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filter[Query][terms][0][cnj] parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-8429 was patched at 2024-05-15

927. Code Injection - PHP (CVE-2019-9086) - High [425]

Description: HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9086 was patched at 2024-05-15

928. Code Injection - PHP (CVE-2019-9087) - High [425]

Description: HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9087 was patched at 2024-05-15

929. Code Injection - PHP (CVE-2020-22452) - High [425]

Description: SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-22452 was patched at 2024-05-15

930. Command Injection - APT (CVE-2021-39214) - High [425]

Description: mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While a smuggled request is still captured as part of another request's body, it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless one uses mitmproxy to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 7.0.3 and above.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39214 was patched at 2024-05-15

931. Command Injection - APT (CVE-2022-24766) - High [425]

Description: mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response's HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request's body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless mitmproxy is used to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 8.0.0 and above. There are currently no known workarounds.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24766 was patched at 2024-05-15

932. Command Injection - GNOME desktop (CVE-2022-27811) - High [425]

Description: GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-27811 was patched at 2024-05-15

933. Command Injection - Node.js (CVE-2018-13797) - High [425]

Description: The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-13797 was patched at 2024-05-15

934. Command Injection - Node.js (CVE-2021-42740) - High [425]

Description: The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42740 was patched at 2024-05-15

935. Command Injection - Node.js (CVE-2022-35949) - High [425]

Description: undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//127.0.0.1` ```js const undici = require("undici") undici.request({origin: "http://example.com", pathname: "//127.0.0.1"}) ``` Instead of processing the request as `http://example.org//127.0.0.1` (or `http://example.org/http://127.0.0.1` when `http://127.0.0.1 is used`), it actually processes the request as `http://127.0.0.1/` and sends it to `http://127.0.0.1`. If a developer passes in user input into `path` parameter of `undici.request`, it can result in an _SSRF_ as they will assume that the hostname cannot change, when in actual fact it can change because the specified path parameter is combined with the base URL. This issue was fixed in `undici@5.8.1`. The best workaround is to validate user input before passing it to the `undici.request` call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35949 was patched at 2024-05-15

936. Command Injection - PHP (CVE-2008-3882) - High [425]

Description: Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary commands via (1) the executeFilter function in zm_html_view_events.php and (2) the run_state parameter to zm_html_view_state.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3882 was patched at 2024-05-15

937. Command Injection - PHP (CVE-2019-8427) - High [425]

Description: daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-8427 was patched at 2024-05-15

938. Denial of Service - Linux Kernel (CVE-2023-2019) - High [423]

Description: A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-2019 was patched at 2024-05-15

939. Memory Corruption - Linux Kernel (CVE-2021-32078) - High [423]

Description: {'vulners_cve_data_all': 'An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32078 was patched at 2024-05-15

940. Remote Code Execution - Linux Kernel (CVE-2016-4440) - High [423]

Description: arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4440 was patched at 2024-05-15

941. Remote Code Execution - Windows Encrypting File System (CVE-2021-3403) - High [423]

Description: In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3403 was patched at 2024-05-15

942. Remote Code Execution - Windows Kernel (CVE-2006-4046) - High [423]

Description: Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4046 was patched at 2024-05-15

943. Remote Code Execution - Windows Kernel (CVE-2021-40827) - High [423]

Description: Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) is vulnerable to a Read Access Violation on Block Data Move, affecting the MP3 file parsing functionality at memcpy+0x265. The vulnerability is triggered when the user opens a crafted MP3 file or loads a remote stream URL that is mishandled by Clementine. Attackers could exploit this issue to cause a crash (DoS) of the clementine.exe process or achieve arbitrary code execution in the context of the current logged-in Windows user.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40827 was patched at 2024-05-15

944. Remote Code Execution - Windows Kernel (CVE-2023-25515) - High [423]

Description: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-25515 was patched at 2024-05-15

945. Remote Code Execution - Windows LDAP (CVE-2002-0825) - High [423]

Description: Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0825 was patched at 2024-05-15

946. Remote Code Execution - Windows LDAP (CVE-2005-2549) - High [423]

Description: Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2549 was patched at 2024-05-15

947. Denial of Service - Unknown Product (CVE-2005-2096) - High [422]

Description: {'vulners_cve_data_all': 'zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] IPComp - encapsulation Kernel Memory Corruption, [seebug] IPComp encapsulation pre-auth kernel memory corruption, [exploitdb] IPComp - encapsulation Kernel Memory Corruption)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2096 was patched at 2024-05-15

948. Denial of Service - Unknown Product (CVE-2006-3463) - High [422]

Description: {'vulners_cve_data_all': 'The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Libtiff图形库多个安全漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3463 was patched at 2024-05-15

949. Denial of Service - Unknown Product (CVE-2007-2026) - High [422]

Description: {'vulners_cve_data_all': 'The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] File多个拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2026 was patched at 2024-05-15

950. Denial of Service - Unknown Product (CVE-2007-5846) - High [422]

Description: {'vulners_cve_data_all': 'The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Net-SNMP GETBULK远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5846 was patched at 2024-05-15

951. Denial of Service - Unknown Product (CVE-2008-3264) - High [422]

Description: {'vulners_cve_data_all': 'The FWDOWNL firmware-download implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (traffic amplification) via an IAX2 FWDOWNL request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Asterisk IAX2固件升级报文放大远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3264 was patched at 2024-05-15

952. Denial of Service - Unknown Product (CVE-2008-3688) - High [422]

Description: {'vulners_cve_data_all': 'sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an uninitialized variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] HAVP sockethandler.cpp客户端连接拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3688 was patched at 2024-05-15

953. Denial of Service - Unknown Product (CVE-2009-1250) - High [422]

Description: {'vulners_cve_data_all': 'The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenAFS出错代码远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1250 was patched at 2024-05-15

954. Denial of Service - Unknown Product (CVE-2014-2828) - High [422]

Description: {'vulners_cve_data_all': 'The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenStack Keystone V3 API验证拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2828 was patched at 2024-05-15

955. Denial of Service - Unknown Product (CVE-2015-7507) - High [422]

Description: {'vulners_cve_data_all': 'libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Libnsbmp 0.1.2 Heap Overflow / Out-Of-Bounds Read Exploit)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7507 was patched at 2024-05-15

956. Denial of Service - Unknown Product (CVE-2016-1887) - High [422]

Description: {'vulners_cve_data_all': 'Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] FreeBSD Kernel (FreeBSD 10.2 x64) - sendmsg Kernel Heap Overflow (PoC) Exploit)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1887 was patched at 2024-05-15

957. Denial of Service - Unknown Product (CVE-2016-2233) - High [422]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP LS message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Hexchat IRC Client 2.11.0 CAP LS Handling Buffer Overflow, [exploitpack] Hexchat IRC Client 2.11.0 - CAP LS Handling Buffer Overflow, [zdt] Hexchat IRC Client 2.11.0 - CAP LS Handling Buffer Overflow, [exploitdb] Hexchat IRC Client 2.11.0 - CAP LS Handling Buffer Overflow)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2233 was patched at 2024-05-15

958. Denial of Service - Unknown Product (CVE-2016-4957) - High [422]

Description: {'vulners_cve_data_all': 'ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial of service (daemon crash) via a crypto-NAK packet. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-1547.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Network Time Protocol Trap Crash Denial of Service Vulnerability(CVE-2016-9311), [seebug] Network Time Protocol Crypto-NAK Preemptible Association Denial of Service Vulnerability(CVE-2016-1547))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4957 was patched at 2024-05-15

959. Denial of Service - Unknown Product (CVE-2016-6301) - High [422]

Description: {'vulners_cve_data_all': 'The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Phoenix Contact TC Router / TC Cloud Client Command Injection, [packetstorm] ZTE Mobile Hotspot MS910S Backdoor / Hardcoded Password, [packetstorm] Cisco Device Hardcoded Credentials / GNU glibc / BusyBox, [packetstorm] WAGO 852 Industrial Managed Switch Series Code Execution / Hardcoded Credentials)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6301 was patched at 2024-05-15

960. Denial of Service - Unknown Product (CVE-2016-9036) - High [422]

Description: {'vulners_cve_data_all': 'An exploitable incorrect return value vulnerability exists in the mp_check function of Tarantool's Msgpuck library 1.0.3. A specially crafted packet can cause the mp_check function to incorrectly return success when trying to check if decoding a map16 packet will read outside the bounds of a buffer, resulting in a denial of service vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Tarantool Msgpuck mp_check Denial Of Service Vulnerability(CVE-2016-9036))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9036 was patched at 2024-05-15

961. Denial of Service - Unknown Product (CVE-2016-9037) - High [422]

Description: {'vulners_cve_data_all': 'An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key's value. This can lead to an out of bounds read within the context of the server. An attacker who exploits this vulnerability can cause a denial of service vulnerability on the server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Tarantool Key-type Denial Of Service Vulnerability(CVE-2016-9037))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9037 was patched at 2024-05-15

962. Denial of Service - Unknown Product (CVE-2017-16114) - High [422]

Description: {'vulners_cve_data_all': 'The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16114 was patched at 2024-05-15

963. Denial of Service - Unknown Product (CVE-2017-2893) - High [422]

Description: {'vulners_cve_data_all': 'An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Cesanta Mongoose MQTT SUBSCRIBE Command Denial Of Service(CVE-2017-2893))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2893 was patched at 2024-05-15

964. Denial of Service - Unknown Product (CVE-2017-7478) - High [422]

Description: {'vulners_cve_data_all': 'OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] OpenVPN 2.4.0 Denial Of Service, [zdt] OpenVPN 2.4.0 - Unauthenticated Denial of Service Exploit)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7478 was patched at 2024-05-15

965. Denial of Service - Unknown Product (CVE-2017-9872) - High [422]

Description: {'vulners_cve_data_all': 'The III_dequantize_sample function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9872 was patched at 2024-05-15

966. Denial of Service - Unknown Product (CVE-2018-0491) - High [422]

Description: {'vulners_cve_data_all': 'A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Tor Browser < 0.3.2.10 - Use After Free (PoC ) Exploit, [packetstorm] Tor Browser 0.3.2.x Use-After-Free, [exploitdb] Tor Browser < 0.3.2.10 - Use After Free (PoC))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-0491 was patched at 2024-05-15

967. Denial of Service - Unknown Product (CVE-2019-1010239) - High [422]

Description: {'vulners_cve_data_all': 'DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions. The impact is: Null dereference, so attack can cause denial of service. The component is: cJSON_GetObjectItemCaseSensitive() function. The attack vector is: crafted json file. The fixed version is: 1.7.9 and later.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010239 was patched at 2024-05-15

968. Denial of Service - Unknown Product (CVE-2020-13574) - High [422]

Description: {'vulners_cve_data_all': 'A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13574 was patched at 2024-05-15

969. Denial of Service - Unknown Product (CVE-2020-13575) - High [422]

Description: {'vulners_cve_data_all': 'A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13575 was patched at 2024-05-15

970. Denial of Service - Unknown Product (CVE-2020-13577) - High [422]

Description: {'vulners_cve_data_all': 'A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13577 was patched at 2024-05-15

971. Denial of Service - Unknown Product (CVE-2020-13578) - High [422]

Description: {'vulners_cve_data_all': 'A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13578 was patched at 2024-05-15

972. Denial of Service - Unknown Product (CVE-2020-18831) - High [422]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18831 was patched at 2024-05-15

973. Denial of Service - Unknown Product (CVE-2020-22885) - High [422]

Description: {'vulners_cve_data_all': 'Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-22885 was patched at 2024-05-15

974. Denial of Service - Unknown Product (CVE-2020-22886) - High [422]

Description: {'vulners_cve_data_all': 'Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-22886 was patched at 2024-05-15

975. Denial of Service - Unknown Product (CVE-2020-23308) - High [422]

Description: {'vulners_cve_data_all': 'There is an Assertion 'context_p->stack_top_uint8 == LEXER_EXPRESSION_START' at js-parser-expr.c:3565 in parser_parse_expression in JerryScript 2.2.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23308 was patched at 2024-05-15

976. Denial of Service - Unknown Product (CVE-2020-23309) - High [422]

Description: {'vulners_cve_data_all': 'There is an Assertion 'context_p->stack_depth == context_p->context_stack_depth' failed at js-parser-statm.c:2756 in parser_parse_statements in JerryScript 2.2.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23309 was patched at 2024-05-15

977. Denial of Service - Unknown Product (CVE-2020-23310) - High [422]

Description: {'vulners_cve_data_all': 'There is an Assertion 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' failed at js-parser-statm.c:733 in parser_parse_function_statement in JerryScript 2.2.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23310 was patched at 2024-05-15

978. Denial of Service - Unknown Product (CVE-2020-23311) - High [422]

Description: {'vulners_cve_data_all': 'There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' failed at js-parser-expr.c:3230 in parser_parse_object_initializer in JerryScript 2.2.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23311 was patched at 2024-05-15

979. Denial of Service - Unknown Product (CVE-2020-23312) - High [422]

Description: {'vulners_cve_data_all': 'There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCCESSFUL' failed at js-parser.c:2185 in parser_parse_source in JerryScript 2.2.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23312 was patched at 2024-05-15

980. Denial of Service - Unknown Product (CVE-2020-23313) - High [422]

Description: {'vulners_cve_data_all': 'There is an Assertion 'scope_stack_p > context_p->scope_stack_p' failed at js-scanner-util.c:2510 in scanner_literal_is_created in JerryScript 2.2.0', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23313 was patched at 2024-05-15

981. Denial of Service - Unknown Product (CVE-2020-23314) - High [422]

Description: {'vulners_cve_data_all': 'There is an Assertion 'block_found' failed at js-parser-statm.c:2003 parser_parse_try_statement_end in JerryScript 2.2.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23314 was patched at 2024-05-15

982. Denial of Service - Unknown Product (CVE-2020-23319) - High [422]

Description: {'vulners_cve_data_all': 'There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) >= CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE - (flags >> CBC_STACK_ADJUST_SHIFT)) <= context_p->stack_depth' in parser_emit_cbc_backward_branch in JerryScript 2.2.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23319 was patched at 2024-05-15

983. Denial of Service - Unknown Product (CVE-2020-23320) - High [422]

Description: {'vulners_cve_data_all': 'There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' in parser_parse_function_arguments in JerryScript 2.2.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23320 was patched at 2024-05-15

984. Denial of Service - Unknown Product (CVE-2020-23322) - High [422]

Description: {'vulners_cve_data_all': 'There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' in parser_parse_object_initializer in JerryScript 2.2.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23322 was patched at 2024-05-15

985. Denial of Service - Unknown Product (CVE-2020-36420) - High [422]

Description: {'vulners_cve_data_all': 'Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36420 was patched at 2024-05-15

986. Denial of Service - Unknown Product (CVE-2021-28302) - High [422]

Description: {'vulners_cve_data_all': 'A stack overflow in pupnp before version 1.14.5 can cause the denial of service through the Parser_parseDocument() function. ixmlNode_free() will release a child node recursively, which will consume stack space and lead to a crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28302 was patched at 2024-05-15

987. Denial of Service - Unknown Product (CVE-2021-28903) - High [422]

Description: {'vulners_cve_data_all': 'A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28903 was patched at 2024-05-15

988. Denial of Service - Unknown Product (CVE-2021-28905) - High [422]

Description: {'vulners_cve_data_all': 'In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28905 was patched at 2024-05-15

989. Denial of Service - Unknown Product (CVE-2021-31155) - High [422]

Description: {'vulners_cve_data_all': 'Failure to normalize the umask in please before 0.4 allows a local attacker to gain full root privileges if they are allowed to execute at least one command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31155 was patched at 2024-05-15

990. Denial of Service - Unknown Product (CVE-2021-34555) - High [422]

Description: {'vulners_cve_data_all': 'OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-34555 was patched at 2024-05-15

991. Denial of Service - Unknown Product (CVE-2021-37501) - High [422]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37501 was patched at 2024-05-15

992. Denial of Service - Unknown Product (CVE-2022-21680) - High [422]

Description: {'vulners_cve_data_all': 'Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `block.def` may cause catastrophic backtracking against some strings and lead to a regular expression denial of service (ReDoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-21680 was patched at 2024-05-15

993. Denial of Service - Unknown Product (CVE-2022-21681) - High [422]

Description: {'vulners_cve_data_all': 'Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression `inline.reflinkSearch` may cause catastrophic backtracking against some strings and lead to a denial of service (DoS). Anyone who runs untrusted markdown through a vulnerable version of marked and does not use a worker with a time limit may be affected. This issue is patched in version 4.0.10. As a workaround, avoid running untrusted markdown through marked or run marked on a worker thread and set a reasonable time limit to prevent draining resources.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-21681 was patched at 2024-05-15

994. Denial of Service - Unknown Product (CVE-2022-25844) - High [422]

Description: {'vulners_cve_data_all': 'The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25844 was patched at 2024-05-15

995. Denial of Service - Unknown Product (CVE-2022-30780) - High [422]

Description: {'vulners_cve_data_all': 'Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Incorrect Calculation in Lighttpd)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-30780 was patched at 2024-05-15

996. Denial of Service - Unknown Product (CVE-2022-31394) - High [422]

Description: {'vulners_cve_data_all': 'Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-31394 was patched at 2024-05-15

997. Denial of Service - Unknown Product (CVE-2022-41409) - High [422]

Description: {'vulners_cve_data_all': 'Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-41409 was patched at 2024-05-15

998. Denial of Service - Unknown Product (CVE-2023-26964) - High [422]

Description: {'vulners_cve_data_all': 'An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26964 was patched at 2024-05-15

999. Denial of Service - Unknown Product (CVE-2023-27786) - High [422]

Description: {'vulners_cve_data_all': 'An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-27786 was patched at 2024-05-15

1000. Denial of Service - Unknown Product (CVE-2023-34623) - High [422]

Description: {'vulners_cve_data_all': 'An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34623 was patched at 2024-05-15

redos: CVE-2023-34623 was patched at 2024-06-06

1001. Denial of Service - Unknown Product (CVE-2023-43642) - High [422]

Description: {'vulners_cve_data_all': 'snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-43642 was patched at 2024-05-15

1002. Denial of Service - Unknown Product (CVE-2023-50980) - High [422]

Description: {'vulners_cve_data_all': 'gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the polynomial is not strictly decreasing.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50980 was patched at 2024-05-15

1003. Denial of Service - Unknown Product (CVE-2023-52355) - High [422]

Description: {'vulners_cve_data_all': 'An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52355 was patched at 2024-05-15

1004. Denial of Service - Unknown Product (CVE-2024-21490) - High [422]

Description: {'vulners_cve_data_all': 'This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. \r\r\r**Note:**\r\rThis package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-21490 was patched at 2024-05-15

1005. Denial of Service - Unknown Product (CVE-2024-24814) - High [422]

Description: {'vulners_cve_data_all': 'mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable to a denial of service (DoS) attack. An internal security audit has been conducted and the reviewers found that if they manipulated the value of the mod_auth_openidc_session_chunks cookie to a very large integer, like 99999999, the server struggles with the request for a long time and finally gets back with a 500 error. Making a few requests of this kind caused our server to become unresponsive. Attackers can craft requests that would make the server work very hard (and possibly become unresponsive) and/or crash with minimal effort. This issue has been addressed in version 2.4.15.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-24814 was patched at 2024-05-15

1006. Information Disclosure - Unknown Product (CVE-2012-1257) - High [422]

Description: {'vulners_cve_data_all': 'Pidgin 2.10.0 uses DBUS for certain cleartext communication, which allows local users to obtain sensitive information via a dbus session monitor.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] libpurple 2.8.10 - OTR Information Disclosure, [exploitdb] libpurple 2.8.10 - OTR Information Disclosure)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1257 was patched at 2024-05-15

1007. Information Disclosure - Unknown Product (CVE-2020-18972) - High [422]

Description: {'vulners_cve_data_all': 'Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18972 was patched at 2024-05-15

1008. Path Traversal - Unknown Product (CVE-2017-10974) - High [422]

Description: {'vulners_cve_data_all': 'Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Yaws 1.91 Unauthenticated Remote File Disclosure, [zdt] Yaws 1.91 - Remote File Disclosure Vulnerability, [exploitpack] Yaws 1.91 - Remote File Disclosure, [exploitdb] Yaws 1.91 - Remote File Disclosure)
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-10974 was patched at 2024-05-15

1009. Path Traversal - Unknown Product (CVE-2017-12938) - High [422]

Description: {'vulners_cve_data_all': 'UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12938 was patched at 2024-05-15

1010. Path Traversal - Unknown Product (CVE-2022-24716) - High [422]

Description: {'vulners_cve_data_all': 'Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Path Traversal in Icinga Icinga Web 2, [githubexploit] Exploit for Path Traversal in Icinga Icinga Web 2, [githubexploit] Exploit for Path Traversal in Icinga Icinga Web 2, [githubexploit] Exploit for Path Traversal in Icinga Icinga Web 2, [githubexploit] Exploit for Path Traversal in Icinga Icinga Web 2, [packetstorm] Icinga Web 2.10 Arbitrary File Disclosure, [zdt] Icinga Web 2.10 - Arbitrary File Disclosure Exploit, [exploitdb] Icinga Web 2.10 - Arbitrary File Disclosure)
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24716 was patched at 2024-05-15

1011. Path Traversal - Unknown Product (CVE-2024-21633) - High [422]

Description: {'vulners_cve_data_all': 'Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are those in which an attacker may write/overwrite any file that user has write access, and either user name is known or cwd is under user folder. Commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-21633 was patched at 2024-05-15

1012. Security Feature Bypass - Unknown Product (CVE-2010-2156) - High [422]

Description: {'vulners_cve_data_all': 'ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2156 was patched at 2024-05-15

1013. Security Feature Bypass - Unknown Product (CVE-2021-28170) - High [422]

Description: {'vulners_cve_data_all': 'In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28170 was patched at 2024-05-15

1014. Unknown Vulnerability Type - Perl (CVE-2007-6610) - High [421]

Description: {'vulners_cve_data_all': 'unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] unp文件名远程任意Shell命令注入漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6610 was patched at 2024-05-15

1015. Unknown Vulnerability Type - Perl (CVE-2008-3910) - High [421]

Description: {'vulners_cve_data_all': 'dns2tcp before 0.4.1 does not properly handle negative values in a certain length field in the input argument to the (1) dns_simple_decode or (2) dns_decode function, which allows remote attackers to overwrite a buffer and have unspecified other impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Dns2tcp远程缓冲区溢出漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3910 was patched at 2024-05-15

1016. Unknown Vulnerability Type - Perl (CVE-2016-5734) - High [421]

Description: {'vulners_cve_data_all': 'phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace e (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] phpMyAdmin 4.x Remote Code Execution, [seebug] PhpMyAdmin 4.3.0—4.6.2 authorized users remote command execution vulnerability, [zdt] phpMyAdmin 4.x Remote Code Execution Exploit, [zdt] phpMyAdmin 4.6.2 - Authenticated Remote Code Execution, [exploitpack] phpMyAdmin 4.6.2 - (Authenticated) Remote Code Execution, [exploitdb] phpMyAdmin 4.6.2 - (Authenticated) Remote Code Execution)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5734 was patched at 2024-05-15

1017. Unknown Vulnerability Type - Perl (CVE-2020-7746) - High [421]

Description: {'vulners_cve_data_all': 'This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7746 was patched at 2024-05-15

1018. Unknown Vulnerability Type - Python (CVE-2013-2167) - High [421]

Description: {'vulners_cve_data_all': 'python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenStack python-keystoneclient 安全绕过漏洞(CVE-2013-2167))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2167 was patched at 2024-05-15

1019. Authentication Bypass - Linux Kernel (CVE-2020-15852) - High [420]

Description: {'vulners_cve_data_all': 'An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used in Xen through 4.13.x for x86 PV guests. An attacker may be granted the I/O port permissions of an unrelated task. This occurs because tss_invalidate_io_bitmap mishandling causes a loss of synchronization between the I/O bitmaps of TSS and Xen, aka CID-cadfad870154.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15852 was patched at 2024-05-15

1020. Authentication Bypass - Sudo (CVE-2020-8933) - High [420]

Description: {'vulners_cve_data_all': 'A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS filesystem and modify /etc/sudoers to then gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "lxd" user from the OS Login entry.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.914Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-8933 was patched at 2024-05-15

1021. Authentication Bypass - Windows Kernel (CVE-2022-28184) - High [420]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-28184 was patched at 2024-05-15

1022. Arbitrary File Writing - Unknown Product (CVE-2009-1297) - High [419]

Description: {'vulners_cve_data_all': 'iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and SUSE Linux Enterprise (SLE) 10 SP2 and 11, and other operating systems, allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file that has a predictable name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] SUSE Linux 'scsi_discovery tool'不安全临时文件建立漏洞)
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1297 was patched at 2024-05-15

1023. Remote Code Execution - Google Chrome (CVE-2021-30559) - High [419]

Description: Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30559 was patched at 2024-05-15

1024. Remote Code Execution - Google Chrome (CVE-2021-30565) - High [419]

Description: Out of bounds write in Tab Groups in Google Chrome on Linux and ChromeOS prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30565 was patched at 2024-05-15

1025. Remote Code Execution - Google Chrome (CVE-2021-30575) - High [419]

Description: Out of bounds write in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30575 was patched at 2024-05-15

1026. Remote Code Execution - Google Chrome (CVE-2021-30592) - High [419]

Description: Out of bounds write in Tab Groups in Google Chrome prior to 92.0.4515.131 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory write via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30592 was patched at 2024-05-15

1027. Remote Code Execution - Google Chrome (CVE-2021-30598) - High [419]

Description: Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30598 was patched at 2024-05-15

1028. Remote Code Execution - Google Chrome (CVE-2021-30599) - High [419]

Description: Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30599 was patched at 2024-05-15

1029. Remote Code Execution - Mozilla Firefox (CVE-2006-0748) - High [419]

Description: Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0748 was patched at 2024-05-15

1030. Remote Code Execution - Mozilla Firefox (CVE-2006-0749) - High [419]

Description: nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0749 was patched at 2024-05-15

1031. Remote Code Execution - Mozilla Firefox (CVE-2006-1726) - High [419]

Description: Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1726 was patched at 2024-05-15

1032. Remote Code Execution - Mozilla Firefox (CVE-2006-1728) - High [419]

Description: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1728 was patched at 2024-05-15

1033. Remote Code Execution - Mozilla Firefox (CVE-2006-1730) - High [419]

Description: Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1730 was patched at 2024-05-15

1034. Remote Code Execution - Mozilla Firefox (CVE-2006-1735) - High [419]

Description: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1735 was patched at 2024-05-15

1035. Remote Code Execution - Mozilla Firefox (CVE-2006-1739) - High [419]

Description: The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1739 was patched at 2024-05-15

1036. Remote Code Execution - Mozilla Firefox (CVE-2006-2779) - High [419]

Description: Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2779 was patched at 2024-05-15

1037. Remote Code Execution - Mozilla Firefox (CVE-2006-2780) - High [419]

Description: Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2780 was patched at 2024-05-15

1038. Remote Code Execution - Mozilla Firefox (CVE-2006-4565) - High [419]

Description: Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4565 was patched at 2024-05-15

1039. Remote Code Execution - Mozilla Firefox (CVE-2006-6504) - High [419]

Description: Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6504 was patched at 2024-05-15

1040. Remote Code Execution - Mozilla Firefox (CVE-2009-3388) - High [419]

Description: liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3388 was patched at 2024-05-15

1041. Remote Code Execution - Mozilla Firefox (CVE-2009-3389) - High [419]

Description: Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3389 was patched at 2024-05-15

1042. Remote Code Execution - Mozilla Firefox (CVE-2012-1128) - High [419]

Description: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1128 was patched at 2024-05-15

1043. Remote Code Execution - Mozilla Firefox (CVE-2012-1129) - High [419]

Description: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1129 was patched at 2024-05-15

1044. Remote Code Execution - Mozilla Firefox (CVE-2012-1133) - High [419]

Description: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1133 was patched at 2024-05-15

1045. Remote Code Execution - Mozilla Firefox (CVE-2012-1135) - High [419]

Description: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1135 was patched at 2024-05-15

1046. Remote Code Execution - Mozilla Firefox (CVE-2012-1138) - High [419]

Description: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1138 was patched at 2024-05-15

1047. Remote Code Execution - PHP (CVE-2022-25018) - High [419]

Description: Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25018 was patched at 2024-05-15

1048. Remote Code Execution - PHP (CVE-2023-43655) - High [419]

Description: Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Versions 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Users are advised to upgrade. Users unable to upgrade should make sure `register_argc_argv` is disabled in php.ini, and avoid publishing composer.phar to the web as this is not best practice.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-43655 was patched at 2024-05-15

1049. Remote Code Execution - Safari (CVE-2009-0945) - High [419]

Description: Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0945 was patched at 2024-05-15

1050. Remote Code Execution - Safari (CVE-2009-1725) - High [419]

Description: WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1725 was patched at 2024-05-15

1051. Remote Code Execution - Safari (CVE-2016-4692) - High [419]

Description: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4692 was patched at 2024-05-15

1052. Remote Code Execution - Safari (CVE-2016-7587) - High [419]

Description: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7587 was patched at 2024-05-15

1053. Remote Code Execution - Safari (CVE-2016-7610) - High [419]

Description: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7610 was patched at 2024-05-15

1054. Remote Code Execution - Safari (CVE-2016-7611) - High [419]

Description: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7611 was patched at 2024-05-15

1055. Remote Code Execution - Safari (CVE-2016-7640) - High [419]

Description: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7640 was patched at 2024-05-15

1056. Remote Code Execution - Safari (CVE-2016-7642) - High [419]

Description: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7642 was patched at 2024-05-15

1057. Remote Code Execution - Safari (CVE-2016-7646) - High [419]

Description: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7646 was patched at 2024-05-15

1058. Remote Code Execution - Safari (CVE-2016-7648) - High [419]

Description: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7648 was patched at 2024-05-15

1059. Remote Code Execution - Safari (CVE-2016-7649) - High [419]

Description: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7649 was patched at 2024-05-15

1060. Remote Code Execution - Safari (CVE-2017-2506) - High [419]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2506 was patched at 2024-05-15

1061. Remote Code Execution - Safari (CVE-2017-2525) - High [419]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2525 was patched at 2024-05-15

1062. Remote Code Execution - Safari (CVE-2017-2526) - High [419]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2526 was patched at 2024-05-15

1063. Remote Code Execution - Safari (CVE-2017-2530) - High [419]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iCloud before 6.2.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2530 was patched at 2024-05-15

1064. Remote Code Execution - Safari (CVE-2017-2544) - High [419]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2544 was patched at 2024-05-15

1065. Remote Code Execution - Safari (CVE-2017-7012) - High [419]

Description: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit Web Inspector" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7012 was patched at 2024-05-15

1066. Remote Code Execution - Safari (CVE-2017-7019) - High [419]

Description: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit Page Loading" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7019 was patched at 2024-05-15

1067. Remote Code Execution - Safari (CVE-2017-7020) - High [419]

Description: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7020 was patched at 2024-05-15

1068. Remote Code Execution - Safari (CVE-2017-7157) - High [419]

Description: An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7157 was patched at 2024-05-15

1069. Remote Code Execution - Safari (CVE-2018-4201) - High [419]

Description: An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-4201 was patched at 2024-05-15

1070. Remote Code Execution - Safari (CVE-2019-6201) - High [419]

Description: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6201 was patched at 2024-05-15

1071. Remote Code Execution - Safari (CVE-2019-6216) - High [419]

Description: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6216 was patched at 2024-05-15

1072. Remote Code Execution - Safari (CVE-2019-6217) - High [419]

Description: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6217 was patched at 2024-05-15

1073. Remote Code Execution - Safari (CVE-2019-6226) - High [419]

Description: Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6226 was patched at 2024-05-15

1074. Remote Code Execution - Safari (CVE-2019-6227) - High [419]

Description: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, watchOS 5.1.3, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6227 was patched at 2024-05-15

1075. Remote Code Execution - Safari (CVE-2019-6233) - High [419]

Description: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6233 was patched at 2024-05-15

1076. Remote Code Execution - Safari (CVE-2019-6234) - High [419]

Description: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to arbitrary code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6234 was patched at 2024-05-15

1077. Remote Code Execution - Visual Basic for Applications (CVE-2008-5050) - High [419]

Description: Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Visual Basic for Applications is a computer programming language developed and owned by Microsoft
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5050 was patched at 2024-05-15

1078. Unknown Vulnerability Type - OpenSSH (CVE-2004-2760) - High [419]

Description: {'vulners_cve_data_all': 'sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Portable OpenSSH 3.6.1p-PAM4.1-SuSE - Timing Attack, [packetstorm] openssh-timing.txt, [seebug] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit, [seebug] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit, [seebug] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit, [exploitdb] Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2760 was patched at 2024-05-15

1079. Unknown Vulnerability Type - OpenSSH (CVE-2008-1483) - High [419]

Description: {'vulners_cve_data_all': 'OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emacs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenSSH X连接会话劫持漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1483 was patched at 2024-05-15

1080. Unknown Vulnerability Type - OpenSSL (CVE-2015-1793) - High [419]

Description: {'vulners_cve_data_all': 'The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] OpenSSL Alternative Chains Certificate Forgery, [packetstorm] OpenSSL Alternative Chains Certificate Forgery MITM Proxy, [packetstorm] Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle, [zdt] OpenSSL Alternative Chains Certificate Forgery Vulnerability, [zdt] OpenSSL 1.0.2c Alternative chains certificate forgery Vulnerability)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1793 was patched at 2024-05-15

1081. Unknown Vulnerability Type - PHP (CVE-2007-5976) - High [419]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin DB_Create.PHP多个输入验证漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5976 was patched at 2024-05-15

1082. Unknown Vulnerability Type - PHP (CVE-2007-6318) - High [419]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\\" in a multibyte character.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] WordPress wp-db.php Character Set SQL Injection Vulnerability)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6318 was patched at 2024-05-15

1083. Unknown Vulnerability Type - PHP (CVE-2009-4111) - High [419]

Description: {'vulners_cve_data_all': 'Argument injection vulnerability in Mail/sendmail.php in the Mail package 1.1.14, 1.2.0b2, and possibly other versions for PEAR allows remote attackers to read and write arbitrary files via a crafted $recipients parameter, and possibly other parameters, a different vulnerability than CVE-2009-4023.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] PEAR Mail软件包Recipient参数注入漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4111 was patched at 2024-05-15

1084. Unknown Vulnerability Type - PHP (CVE-2013-6275) - High [419]

Description: {'vulners_cve_data_all': 'Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability, [packetstorm] Horde Groupware Web Mail 5.1.2 Cross Site Request Forgery, [exploitpack] Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (1), [exploitdb] Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (1))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6275 was patched at 2024-05-15

1085. Unknown Vulnerability Type - PHP (CVE-2016-6897) - High [419]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authentication of subscribers for /dev/random read operations by leveraging a late call to the check_ajax_referer function, a related issue to CVE-2016-6896.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] WordPress 4.5.3 - Directory Traversal Denial of Service, [zdt] WordPress 4.5.3 - Directory Traversal / Denial of Service, [exploitdb] WordPress Core 4.5.3 - Directory Traversal / Denial of Service, [metasploit] WordPress Traversal Directory DoS)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6897 was patched at 2024-05-15

1086. Unknown Vulnerability Type - Safari (CVE-2009-1703) - High [419]

Description: {'vulners_cve_data_all': 'WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1703 was patched at 2024-05-15

1087. Unknown Vulnerability Type - Safari (CVE-2009-1713) - High [419]

Description: {'vulners_cve_data_all': 'The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1713 was patched at 2024-05-15

1088. Unknown Vulnerability Type - Safari (CVE-2009-2816) - High [419]

Description: {'vulners_cve_data_all': 'The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] WebKit Preflight请求同源策略绕过漏洞, [seebug] Safari 4.0.4版本修复多个安全漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2816 was patched at 2024-05-15

1089. Command Injection - HTTP/2 (CVE-2021-21299) - High [418]

Description: hyper is an open-source HTTP library for Rust (crates.io). In hyper from version 0.12.0 and before versions 0.13.10 and 0.14.3 there is a vulnerability that can enable a request smuggling attack. The HTTP server code had a flaw that incorrectly understands some requests with multiple transfer-encoding headers to have a chunked payload, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that understands the request payload boundary differently can result in "request smuggling" or "desync attacks". To determine if vulnerable, all these things must be true: 1) Using hyper as an HTTP server (the client is not affected), 2) Using HTTP/1.1 (HTTP/2 does not use transfer-encoding), 3) Using a vulnerable HTTP proxy upstream to hyper. If an upstream proxy correctly rejects the illegal transfer-encoding headers, the desync attack cannot succeed. If there is no proxy upstream of hyper, hyper cannot start the desync attack, as the client will repair the headers before forwarding. This is fixed in versions 0.14.3 and 0.13.10. As a workaround one can take the following options: 1) Reject requests that contain a `transfer-encoding` header, 2) Ensure any upstream proxy handles `transfer-encoding` correctly.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.914HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-21299 was patched at 2024-05-15

1090. Denial of Service - Git (CVE-2012-2657) - High [417]

Description: Buffer overflow in the SQLDriverConnect function in unixODBC 2.0.10, 2.3.1, and earlier allows local users to cause a denial of service (crash) via a long string in the FILEDSN option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Git
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2657 was patched at 2024-05-15

1091. Denial of Service - Git (CVE-2012-2658) - High [417]

Description: Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service (crash) via a long string in the DRIVER option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Git
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2658 was patched at 2024-05-15

1092. Cross Site Scripting - Unknown Product (CVE-2012-6708) - High [416]

Description: {'vulners_cve_data_all': 'jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6708 was patched at 2024-05-15

1093. Cross Site Scripting - Unknown Product (CVE-2015-7579) - High [416]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Ruby on Rails rails-html-sanitizer XSS 漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7579 was patched at 2024-05-15

1094. Cross Site Scripting - Unknown Product (CVE-2017-12794) - High [416]

Description: {'vulners_cve_data_all': 'In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you shouldn't run with "DEBUG = True" (which makes this page accessible) in your production settings.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12794 was patched at 2024-05-15

1095. Cross Site Scripting - Unknown Product (CVE-2018-12040) - High [416]

Description: {'vulners_cve_data_all': 'Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should never be deployed in production (so, we don't handle those issues as security issues).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] SensioLabs Symfony 3.3.6 Cross Site Scripting)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12040 was patched at 2024-05-15

1096. Cross Site Scripting - Unknown Product (CVE-2018-17960) - High [416]

Description: {'vulners_cve_data_all': 'CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17960 was patched at 2024-05-15

1097. Cross Site Scripting - Unknown Product (CVE-2018-6561) - High [416]

Description: {'vulners_cve_data_all': 'dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6561 was patched at 2024-05-15

1098. Cross Site Scripting - Unknown Product (CVE-2019-14862) - High [416]

Description: {'vulners_cve_data_all': 'There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Cross-site Scripting in Knockoutjs Knockout)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14862 was patched at 2024-05-15

1099. Cross Site Scripting - Unknown Product (CVE-2021-37833) - High [416]

Description: {'vulners_cve_data_all': 'A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Cross-site Scripting in Digitaldruid Hoteldruid)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37833 was patched at 2024-05-15

1100. Cross Site Scripting - Unknown Product (CVE-2023-43643) - High [416]

Description: {'vulners_cve_data_all': 'AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. This issue has been patched in AntiSamy 1.7.4 and later. ', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-43643 was patched at 2024-05-15

1101. Cross Site Scripting - Unknown Product (CVE-2024-22119) - High [416]

Description: {'vulners_cve_data_all': 'The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22119 was patched at 2024-05-15

1102. Unknown Vulnerability Type - Kerberos (CVE-2010-0014) - High [416]

Description: {'vulners_cve_data_all': 'System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attackers to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user's Kerberos ticket-granting ticket (TGT); and might allow remote attackers to bypass intended access restrictions via vectors involving an arbitrary password in conjunction with a valid TGT.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Fedora SSSD绕过Kerberos认证漏洞, [seebug] Fedora SSSD Kerberos验证安全绕过漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0014 was patched at 2024-05-15

1103. Remote Code Execution - Apache Traffic Server (CVE-2015-3249) - High [414]

Description: The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary code via vectors related to the (1) frame_handlers array or (2) set_dynamic_table_size function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-3249 was patched at 2024-05-15

1104. Remote Code Execution - BIND (CVE-2014-9513) - High [414]

Description: Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9513 was patched at 2024-05-15

1105. Remote Code Execution - BIND (CVE-2019-14892) - High [414]

Description: A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14892 was patched at 2024-05-15

1106. Remote Code Execution - BIND (CVE-2019-14893) - High [414]

Description: A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14893 was patched at 2024-05-15

1107. Remote Code Execution - BIND (CVE-2023-37895) - High [414]

Description: Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component "commons-beanutils", which contains a class that can be used for remote code execution over RMI. Users are advised to immediately update to versions 2.20.11 or 2.21.18. Note that earlier stable branches (1.0.x .. 2.18.x) have been EOLd already and do not receive updates anymore. In general, RMI support can expose vulnerabilities by the mere presence of an exploitable class on the classpath. Even if Jackrabbit itself does not contain any code known to be exploitable anymore, adding other components to your server can expose the same type of problem. We therefore recommend to disable RMI access altogether (see further below), and will discuss deprecating RMI support in future Jackrabbit releases. How to check whether RMI support is enabledRMI support can be over an RMI-specific TCP port, and over an HTTP binding. Both are by default enabled in Jackrabbit webapp/standalone. The native RMI protocol by default uses port 1099. To check whether it is enabled, tools like "netstat" can be used to check. RMI-over-HTTP in Jackrabbit by default uses the path "/rmi". So when running standalone on port 8080, check whether an HTTP GET request on localhost:8080/rmi returns 404 (not enabled) or 200 (enabled). Note that the HTTP path may be different when the webapp is deployed in a container as non-root context, in which case the prefix is under the user's control. Turning off RMIFind web.xml (either in JAR/WAR file or in unpacked web application folder), and remove the declaration and the mapping definition for the RemoteBindingServlet:         <servlet>             <servlet-name>RMI</servlet-name>             <servlet-class>org.apache.jackrabbit.servlet.remote.RemoteBindingServlet</servlet-class>         </servlet>         <servlet-mapping>             <servlet-name>RMI</servlet-name>             <url-pattern>/rmi</url-pattern>         </servlet-mapping> Find the bootstrap.properties file (in $REPOSITORY_HOME), and set         rmi.enabled=false     and also remove         rmi.host         rmi.port         rmi.url-pattern  If there is no file named bootstrap.properties in $REPOSITORY_HOME, it is located somewhere in the classpath. In this case, place a copy in $REPOSITORY_HOME and modify it as explained.  

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-37895 was patched at 2024-05-15

1108. Remote Code Execution - Babel (CVE-2022-46291) - High [414]

Description: Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MSI file format

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-46291 was patched at 2024-05-15

1109. Remote Code Execution - QEMU (CVE-2009-3616) - High [414]

Description: Multiple use-after-free vulnerabilities in vnc.c in the VNC server in QEMU 0.10.6 and earlier might allow guest OS users to execute arbitrary code on the host OS by establishing a connection from a VNC client and then (1) disconnecting during data transfer, (2) sending a message using incorrect integer data types, or (3) using the Fuzzy Screen Mode protocol, related to double free vulnerabilities.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score1.010CVSS Base Score is 9.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3616 was patched at 2024-05-15

1110. Remote Code Execution - QEMU (CVE-2019-12928) - High [414]

Description: The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12928 was patched at 2024-05-15

1111. Remote Code Execution - QEMU (CVE-2019-12929) - High [414]

Description: The QMP guest_exec command in QEMU 4.0.0 and earlier is prone to OS command injection, which allows the attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening server. Note: This has been disputed as a non-issue since QEMU's -qmp interface is meant to be used by trusted users. If one is able to access this interface via a tcp socket open to the internet, then it is an insecure configuration issue

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12929 was patched at 2024-05-15

1112. Remote Code Execution - SQLite (CVE-2017-2513) - High [414]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SQL statement.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714SQLite is a database engine written in the C programming language
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2513 was patched at 2024-05-15

1113. Remote Code Execution - SQLite (CVE-2023-32697) - High [414]

Description: SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714SQLite is a database engine written in the C programming language
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-32697 was patched at 2024-05-15

1114. Remote Code Execution - iOS (CVE-2017-16082) - High [414]

Description: A remote code execution vulnerability was found within the pg module when the remote database or query specifies a specially crafted column name. There are 2 likely scenarios in which one would likely be vulnerable. 1) Executing unsafe, user-supplied sql which contains a malicious column name. 2) Connecting to an untrusted database and executing a query which returns results where any of the column names are malicious.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16082 was patched at 2024-05-15

1115. Remote Code Execution - iOS (CVE-2024-21795) - High [414]

Description: A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-21795 was patched at 2024-05-15

1116. Remote Code Execution - iOS (CVE-2024-21812) - High [414]

Description: An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-21812 was patched at 2024-05-15

1117. Remote Code Execution - iOS (CVE-2024-22097) - High [414]

Description: A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22097 was patched at 2024-05-15

1118. Remote Code Execution - iOS (CVE-2024-23305) - High [414]

Description: An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23305 was patched at 2024-05-15

1119. Remote Code Execution - iOS (CVE-2024-23310) - High [414]

Description: A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23310 was patched at 2024-05-15

1120. Remote Code Execution - iOS (CVE-2024-23313) - High [414]

Description: An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23313 was patched at 2024-05-15

1121. Remote Code Execution - iOS (CVE-2024-23606) - High [414]

Description: An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23606 was patched at 2024-05-15

1122. Remote Code Execution - iOS (CVE-2024-23809) - High [414]

Description: A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23809 was patched at 2024-05-15

1123. Unknown Vulnerability Type - Curl (CVE-2006-2878) - High [414]

Description: {'vulners_cve_data_all': 'The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: DOKUWIKI_EXEC)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2878 was patched at 2024-05-15

1124. Command Injection - PHP (CVE-2023-26039) - High [413]

Description: ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authenticated user can construct an api command to execute any shell command as the web user. This issue is patched in versions 1.36.33 and 1.37.33.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26039 was patched at 2024-05-15

1125. Security Feature Bypass - Google Chrome (CVE-2021-30571) - High [413]

Description: Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score1.010CVSS Base Score is 9.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30571 was patched at 2024-05-15

1126. Remote Code Execution - Linux Kernel (CVE-2014-3183) - High [411]

Description: Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3183 was patched at 2024-05-15

1127. Remote Code Execution - Linux Kernel (CVE-2023-2006) - High [411]

Description: A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-2006 was patched at 2024-05-15

1128. Remote Code Execution - Windows Kernel (CVE-2023-25512) - High [411]

Description: NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds memory read by running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.710CVSS Base Score is 6.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-25512 was patched at 2024-05-15

1129. Remote Code Execution - Windows Kernel (CVE-2023-25513) - High [411]

Description: NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.710CVSS Base Score is 6.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-25513 was patched at 2024-05-15

1130. Remote Code Execution - Windows Kernel (CVE-2023-25514) - High [411]

Description: NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.710CVSS Base Score is 6.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-25514 was patched at 2024-05-15

1131. Unknown Vulnerability Type - Apache HTTP Server (CVE-2009-1191) - High [411]

Description: {'vulners_cve_data_all': 'mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apache mod_proxy_ajp信息泄露漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1191 was patched at 2024-05-15

1132. Unknown Vulnerability Type - Sudo (CVE-2005-2959) - High [411]

Description: {'vulners_cve_data_all': 'Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] sudo168p10.sh.txt)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2959 was patched at 2024-05-15

1133. Denial of Service - Unknown Product (CVE-2008-1768) - High [410]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via the (1) MP4 demuxer, (2) Real demuxer, and (3) Cinepak codec, which triggers a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] VLC媒体播放器MP及Cinepak解码器缓冲区溢出漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1768 was patched at 2024-05-15

1134. Denial of Service - Unknown Product (CVE-2008-1769) - High [410]

Description: {'vulners_cve_data_all': 'VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] VLC媒体播放器MP及Cinepak解码器缓冲区溢出漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1769 was patched at 2024-05-15

1135. Denial of Service - Unknown Product (CVE-2013-2189) - High [410]

Description: {'vulners_cve_data_all': 'Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apache OpenOffice 文档内存破坏漏洞(CVE-2013-2189))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2189 was patched at 2024-05-15

1136. Denial of Service - Unknown Product (CVE-2013-4156) - High [410]

Description: {'vulners_cve_data_all': 'Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apache OpenOffice DOCM内存破坏漏洞(CVE-2013-4156))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4156 was patched at 2024-05-15

1137. Denial of Service - Unknown Product (CVE-2014-0998) - High [410]

Description: {'vulners_cve_data_all': 'Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service (crash) and possibly gain privileges via a negative value in a VT_WAITACTIVE ioctl call, which triggers an array index error and out-of-bounds kernel memory access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] FreeBSD Kernel Multiple Vulnerabilities, [packetstorm] FreeBSD Kernel Crash / Code Execution / Disclosure, [exploitpack] FreeBSD - Multiple Vulnerabilities, [exploitdb] FreeBSD - Multiple Vulnerabilities)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0998 was patched at 2024-05-15

1138. Denial of Service - Unknown Product (CVE-2015-7506) - High [410]

Description: {'vulners_cve_data_all': 'The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted LZW stream in a GIF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Libnsgif 0.1.2 Stack Overflow / Out-Of-Bounds Read Exploit)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7506 was patched at 2024-05-15

1139. Denial of Service - Unknown Product (CVE-2016-10504) - High [410]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] OpenJPEG - mqc.c Heap-Based Buffer Overflow Exploit)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10504 was patched at 2024-05-15

1140. Denial of Service - Unknown Product (CVE-2017-12950) - High [410]

Description: {'vulners_cve_data_all': 'The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities, [zdt] libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities, [exploitdb] libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12950 was patched at 2024-05-15

1141. Denial of Service - Unknown Product (CVE-2017-12951) - High [410]

Description: {'vulners_cve_data_all': 'The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities, [zdt] libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities, [exploitdb] libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12951 was patched at 2024-05-15

1142. Denial of Service - Unknown Product (CVE-2017-12952) - High [410]

Description: {'vulners_cve_data_all': 'The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities, [zdt] libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities, [exploitdb] libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12952 was patched at 2024-05-15

1143. Denial of Service - Unknown Product (CVE-2017-12953) - High [410]

Description: {'vulners_cve_data_all': 'The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities, [exploitpack] libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities, [exploitdb] libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12953 was patched at 2024-05-15

1144. Denial of Service - Unknown Product (CVE-2017-12954) - High [410]

Description: {'vulners_cve_data_all': 'The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities, [zdt] libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities, [exploitdb] libgig 4.0.0 (LinuxSampler) - Multiple Vulnerabilities)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12954 was patched at 2024-05-15

1145. Denial of Service - Unknown Product (CVE-2018-17438) - High [410]

Description: {'vulners_cve_data_all': 'A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17438 was patched at 2024-05-15

1146. Denial of Service - Unknown Product (CVE-2018-20450) - High [410]

Description: {'vulners_cve_data_all': 'The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] libxls read_MSAT Code Execution Vulnerability(CVE-2017-2897))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20450 was patched at 2024-05-15

1147. Denial of Service - Unknown Product (CVE-2019-20056) - High [410]

Description: {'vulners_cve_data_all': 'stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20056 was patched at 2024-05-15

1148. Denial of Service - Unknown Product (CVE-2019-7148) - High [410]

Description: {'vulners_cve_data_all': 'An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7148 was patched at 2024-05-15

1149. Denial of Service - Unknown Product (CVE-2020-18773) - High [410]

Description: {'vulners_cve_data_all': 'An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18773 was patched at 2024-05-15

1150. Denial of Service - Unknown Product (CVE-2020-18774) - High [410]

Description: {'vulners_cve_data_all': 'A float point exception in the printLong function in tags_int.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18774 was patched at 2024-05-15

1151. Denial of Service - Unknown Product (CVE-2020-18899) - High [410]

Description: {'vulners_cve_data_all': 'An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof(box)) function of Exiv2 0.27 allows attackers to cause a denial of service (DOS) via a crafted input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18899 was patched at 2024-05-15

1152. Denial of Service - Unknown Product (CVE-2020-21048) - High [410]

Description: {'vulners_cve_data_all': 'An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21048 was patched at 2024-05-15

1153. Denial of Service - Unknown Product (CVE-2020-21049) - High [410]

Description: {'vulners_cve_data_all': 'An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21049 was patched at 2024-05-15

1154. Denial of Service - Unknown Product (CVE-2020-21677) - High [410]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21677 was patched at 2024-05-15

1155. Denial of Service - Unknown Product (CVE-2020-5421) - High [410]

Description: {'vulners_cve_data_all': 'In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Vulnerability in Pivotal Software Spring Framework)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5421 was patched at 2024-05-15

1156. Denial of Service - Unknown Product (CVE-2021-44568) - High [410]

Description: {'vulners_cve_data_all': 'Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44568 was patched at 2024-05-15

1157. Denial of Service - Unknown Product (CVE-2022-22971) - High [410]

Description: {'vulners_cve_data_all': 'In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-22971 was patched at 2024-05-15

1158. Information Disclosure - Unknown Product (CVE-2008-1111) - High [410]

Description: {'vulners_cve_data_all': 'mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts instead of a 500 error when a fork failure occurs, which might allow remote attackers to obtain sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Lighttpd mod_cgi模块信息泄露漏洞)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1111 was patched at 2024-05-15

1159. Information Disclosure - Unknown Product (CVE-2009-1255) - High [410]

Description: {'vulners_cve_data_all': 'The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Memcached stats maps命令信息泄露漏洞)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1255 was patched at 2024-05-15

1160. Information Disclosure - Unknown Product (CVE-2013-7299) - High [410]

Description: {'vulners_cve_data_all': 'framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \\n instead of \\r\\n, which prevents a null terminator from being added and causes Tntnet to include headers from other requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Tntnet HTTP报文头泄露漏洞)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7299 was patched at 2024-05-15

1161. Memory Corruption - Unknown Product (CVE-2014-2830) - High [410]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] 'pam_cifscreds' PAM模块'cifskey.c'栈缓冲区溢出漏洞)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2830 was patched at 2024-05-15

1162. Memory Corruption - Unknown Product (CVE-2017-6542) - High [410]

Description: {'vulners_cve_data_all': 'The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] PuTTY 0.68 - ssh_agent_channel_data Integer Overflow Heap Corruption, [packetstorm] PuTTY ssh_agent_channel_data Integer Overflow, [zdt] PuTTY < 0.68 - ssh_agent_channel_data Integer Overflow Heap Corruption Vulnerability, [exploitdb] PuTTY < 0.68 - 'ssh_agent_channel_data' Integer Overflow Heap Corruption)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6542 was patched at 2024-05-15

1163. Memory Corruption - Unknown Product (CVE-2018-25017) - High [410]

Description: {'vulners_cve_data_all': 'RawSpeed (aka librawspeed) 3.1 has a heap-based buffer overflow in TableLookUp::setTable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-25017 was patched at 2024-05-15

1164. Memory Corruption - Unknown Product (CVE-2020-23302) - High [410]

Description: {'vulners_cve_data_all': 'There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_ref_ecma_string in JerryScript 2.2.0', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23302 was patched at 2024-05-15

1165. Memory Corruption - Unknown Product (CVE-2020-23303) - High [410]

Description: {'vulners_cve_data_all': 'There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_collect_empty in JerryScript 2.2.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23303 was patched at 2024-05-15

1166. Memory Corruption - Unknown Product (CVE-2020-23306) - High [410]

Description: {'vulners_cve_data_all': 'There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_match in JerryScript 2.2.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23306 was patched at 2024-05-15

1167. Memory Corruption - Unknown Product (CVE-2020-23321) - High [410]

Description: {'vulners_cve_data_all': 'There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_unit_from_utf8 in JerryScript 2.2.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23321 was patched at 2024-05-15

1168. Memory Corruption - Unknown Product (CVE-2020-23323) - High [410]

Description: {'vulners_cve_data_all': 'There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23323 was patched at 2024-05-15

1169. Memory Corruption - Unknown Product (CVE-2020-24978) - High [410]

Description: {'vulners_cve_data_all': 'In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24978 was patched at 2024-05-15

1170. Memory Corruption - Unknown Product (CVE-2020-7720) - High [410]

Description: {'vulners_cve_data_all': 'The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Improperly Controlled Modification of Dynamically-Determined Object Attributes in Digitalbazaar Forge)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7720 was patched at 2024-05-15

1171. Memory Corruption - Unknown Product (CVE-2021-45951) - High [410]

Description: {'vulners_cve_data_all': 'Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (called from check_for_bogus_wildcard and FuzzCheckForBogusWildcard). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45951 was patched at 2024-05-15

1172. Memory Corruption - Unknown Product (CVE-2021-45952) - High [410]

Description: {'vulners_cve_data_all': 'Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called from dhcp_packet and FuzzDhcp). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45952 was patched at 2024-05-15

1173. Memory Corruption - Unknown Product (CVE-2021-45953) - High [410]

Description: {'vulners_cve_data_all': 'Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45953 was patched at 2024-05-15

1174. Memory Corruption - Unknown Product (CVE-2021-45954) - High [410]

Description: {'vulners_cve_data_all': 'Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45954 was patched at 2024-05-15

1175. Memory Corruption - Unknown Product (CVE-2021-45955) - High [410]

Description: {'vulners_cve_data_all': 'Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c) because of the lack of a proper bounds check upon pseudo header re-insertion. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." However, a contributor states that a security patch (mentioned in 016162.html) is needed', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45955 was patched at 2024-05-15

1176. Memory Corruption - Unknown Product (CVE-2021-45956) - High [410]

Description: {'vulners_cve_data_all': 'Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45956 was patched at 2024-05-15

1177. Memory Corruption - Unknown Product (CVE-2021-45957) - High [410]

Description: {'vulners_cve_data_all': 'Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45957 was patched at 2024-05-15

1178. Memory Corruption - Unknown Product (CVE-2022-30595) - High [410]

Description: {'vulners_cve_data_all': 'libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-30595 was patched at 2024-05-15

1179. Memory Corruption - Unknown Product (CVE-2023-49287) - High [410]

Description: {'vulners_cve_data_all': 'TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49287 was patched at 2024-05-15

1180. Path Traversal - Unknown Product (CVE-2008-2942) - High [410]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Mercurial 'patch.py'目录遍历漏洞, [seebug] Mercurial patch.py文件目录遍历漏洞)
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2942 was patched at 2024-05-15

1181. Path Traversal - Unknown Product (CVE-2010-3867) - High [410]

Description: {'vulners_cve_data_all': 'Multiple directory traversal vulnerabilities in the mod_site_misc module in ProFTPD before 1.3.3c allow remote authenticated users to create directories, delete directories, create symlinks, and modify file timestamps via directory traversal sequences in a (1) SITE MKDIR, (2) SITE RMDIR, (3) SITE SYMLINK, or (4) SITE UTIME command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow, [seebug] ProFTPD多个模块目录遍历和缓冲区溢出漏洞)
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3867 was patched at 2024-05-15

1182. Path Traversal - Unknown Product (CVE-2013-4885) - High [410]

Description: {'vulners_cve_data_all': 'The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Nmap 任意文件写漏洞(CVE-2013-4885))
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4885 was patched at 2024-05-15

1183. Path Traversal - Unknown Product (CVE-2019-8943) - High [410]

Description: {'vulners_cve_data_all': 'WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WordPress 5.0.0 crop-image Shell Upload, [packetstorm] WordPress 5.0.0 Remote Code Execution, [zdt] WordPress 5.0.0 crop-image Shell Upload Exploit, [zdt] WordPress Core 5.0 - Remote Code Execution Exploit, [githubexploit] Exploit for Unrestricted Upload of File with Dangerous Type in Wordpress, [githubexploit] Exploit for Path Traversal in Wordpress)
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-8943 was patched at 2024-05-15

1184. Unknown Vulnerability Type - Perl (CVE-2009-2946) - High [409]

Description: {'vulners_cve_data_all': 'Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in devscripts allows remote attackers to execute arbitrary Perl code via crafted pathnames on distribution servers for upstream source code used in Debian GNU/Linux packages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Debian devscripts软件包uscan远程代码执行漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2946 was patched at 2024-05-15

1185. Unknown Vulnerability Type - Perl (CVE-2010-2971) - High [409]

Description: {'vulners_cve_data_all': 'loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Winamp模块解码器插件多个缓冲区溢出漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2971 was patched at 2024-05-15

1186. Unknown Vulnerability Type - Python (CVE-2017-17522) - High [409]

Description: {'vulners_cve_data_all': 'Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Python 'Lib/webbrowser.py' Remote Command Execution Vulnerability(CVE-2017-17522))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17522 was patched at 2024-05-15

1187. Unknown Vulnerability Type - Wireshark (CVE-2011-3360) - High [409]

Description: {'vulners_cve_data_all': 'Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Wireshark 1.6 console.lua Pre-Load / Execution, [saint] Wireshark Lua Untrusted Search Path vulnerability, [saint] Wireshark Lua Untrusted Search Path vulnerability, [saint] Wireshark Lua Untrusted Search Path vulnerability, [saint] Wireshark Lua Untrusted Search Path vulnerability, [d2] DSquare Exploit Pack: D2SEC_WIRESHARK)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3360 was patched at 2024-05-15

1188. Code Injection - BIND (CVE-2024-27304) - High [408]

Description: {'vulners_cve_data_all': 'pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27304 was patched at 2024-05-15

1189. Elevation of Privilege - Linux Kernel (CVE-2023-28339) - High [408]

Description: OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-28339 was patched at 2024-05-15

1190. Elevation of Privilege - Windows Kernel (CVE-2023-0184) - High [408]

Description: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0184 was patched at 2024-05-15

1191. Arbitrary File Writing - Unknown Product (CVE-2010-5105) - High [407]

Description: {'vulners_cve_data_all': 'The undo save quit routine in the kernel in Blender 2.5, 2.63a, and earlier allows local users to overwrite arbitrary files via a symlink attack on the quit.blend temporary file. NOTE: this issue might be a regression of CVE-2008-1103.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Blender创建不安全临时文件漏洞)
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-5105 was patched at 2024-05-15

1192. Arbitrary File Writing - Unknown Product (CVE-2013-0248) - High [407]

Description: {'vulners_cve_data_all': 'The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apache Commons FileUpload不安全临时文件创建漏洞(CVE-2013-0248))
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0248 was patched at 2024-05-15

1193. Remote Code Execution - Binutils (CVE-2005-4807) - High [407]

Description: Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4807 was patched at 2024-05-15

1194. Remote Code Execution - Binutils (CVE-2006-2362) - High [407]

Description: Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2362 was patched at 2024-05-15

1195. Remote Code Execution - GNOME desktop (CVE-2022-48622) - High [407]

Description: In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2022-48622 was patched at 2024-05-23, 2024-06-11

debian: CVE-2022-48622 was patched at 2024-05-15

oraclelinux: CVE-2022-48622 was patched at 2024-05-29, 2024-06-11

redhat: CVE-2022-48622 was patched at 2024-05-23, 2024-06-11

ubuntu: CVE-2022-48622 was patched at 2024-06-05

1196. Remote Code Execution - GNOME desktop (CVE-2023-36250) - High [407]

Description: CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-36250 was patched at 2024-05-15

1197. Remote Code Execution - GNU C Library (CVE-2002-0651) - High [407]

Description: Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0651 was patched at 2024-05-15

1198. Remote Code Execution - GNU C Library (CVE-2002-0684) - High [407]

Description: Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0684 was patched at 2024-05-15

1199. Remote Code Execution - GNU C Library (CVE-2003-0689) - High [407]

Description: The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0689 was patched at 2024-05-15

1200. Remote Code Execution - Mozilla Firefox (CVE-2006-0292) - High [407]

Description: The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0292 was patched at 2024-05-15

1201. Remote Code Execution - Mozilla Firefox (CVE-2006-0294) - High [407]

Description: Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0294 was patched at 2024-05-15

1202. Remote Code Execution - Mozilla Firefox (CVE-2006-1529) - High [407]

Description: Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1529 was patched at 2024-05-15

1203. Remote Code Execution - Mozilla Firefox (CVE-2006-1530) - High [407]

Description: Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1530 was patched at 2024-05-15

1204. Remote Code Execution - Mozilla Firefox (CVE-2006-1531) - High [407]

Description: Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1531 was patched at 2024-05-15

1205. Remote Code Execution - Mozilla Firefox (CVE-2006-1723) - High [407]

Description: Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1723 was patched at 2024-05-15

1206. Remote Code Execution - Mozilla Firefox (CVE-2006-1724) - High [407]

Description: Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1724 was patched at 2024-05-15

1207. Remote Code Execution - Mozilla Firefox (CVE-2006-2776) - High [407]

Description: Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2776 was patched at 2024-05-15

1208. Remote Code Execution - Mozilla Firefox (CVE-2006-3113) - High [407]

Description: Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via simultaneous XPCOM events, which causes a timer object to be deleted in a way that triggers memory corruption.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3113 was patched at 2024-05-15

1209. Remote Code Execution - Mozilla Firefox (CVE-2006-3805) - High [407]

Description: The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3805 was patched at 2024-05-15

1210. Remote Code Execution - Mozilla Firefox (CVE-2006-3806) - High [407]

Description: Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3806 was patched at 2024-05-15

1211. Remote Code Execution - Mozilla Firefox (CVE-2006-3807) - High [407]

Description: Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3807 was patched at 2024-05-15

1212. Remote Code Execution - Mozilla Firefox (CVE-2006-3808) - High [407]

Description: Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3808 was patched at 2024-05-15

1213. Remote Code Execution - Mozilla Firefox (CVE-2006-3811) - High [407]

Description: Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMenuItemActiveEvent, (2) buffer overflows in the string class in out-of-memory conditions, (3) table row and column groups, (4) "anonymous box selectors outside of UA stylesheets," (5) stale references to "removed nodes," and (6) running the crypto.generateCRMFRequest callback on deleted context.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3811 was patched at 2024-05-15

1214. Remote Code Execution - Mozilla Firefox (CVE-2006-5747) - High [407]

Description: Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5747 was patched at 2024-05-15

1215. Remote Code Execution - OpenSSH (CVE-2003-0695) - High [407]

Description: Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0695 was patched at 2024-05-15

1216. Remote Code Execution - OpenSSH (CVE-2006-5051) - High [407]

Description: Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5051 was patched at 2024-05-15

1217. Remote Code Execution - OpenSSL (CVE-2002-0655) - High [407]

Description: OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0655 was patched at 2024-05-15

1218. Remote Code Execution - PHP (CVE-2005-4873) - High [407]

Description: Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1.1.23rc1 might allow context-dependent attackers to execute arbitrary code via vectors that result in long function parameters, as demonstrated by the cups_get_dest_options function in phpcups.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4873 was patched at 2024-05-15

1219. Remote Code Execution - PHP (CVE-2008-4096) - High [407]

Description: libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 8.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4096 was patched at 2024-05-15

1220. Remote Code Execution - PHP (CVE-2010-4335) - High [407]

Description: The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is processed by the unserialize function, as demonstrated by modifying the file_map cache to execute arbitrary local files.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4335 was patched at 2024-05-15

1221. Remote Code Execution - PHP (CVE-2014-5203) - High [407]

Description: wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5203 was patched at 2024-05-15

1222. Remote Code Execution - PHP (CVE-2016-6633) - High [407]

Description: An issue was discovered in phpMyAdmin. phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations that are running with the dbase extension. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6633 was patched at 2024-05-15

1223. Remote Code Execution - PHP (CVE-2024-31210) - High [407]

Description: WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins -> Add New -> Upload Plugin screen in WordPress. If FTP credentials are requested for installation (in order to move the file into place outside of the `uploads` directory) then the uploaded file remains temporary available in the Media Library despite it not being allowed. If the `DISALLOW_FILE_EDIT` constant is set to `true` on the site _and_ FTP credentials are required when uploading a new theme or plugin, then this technically allows an RCE when the user would otherwise have no means of executing arbitrary PHP code. This issue _only_ affects Administrator level users on single site installations, and Super Admin level users on Multisite installations where it's otherwise expected that the user does not have permission to upload or execute arbitrary PHP code. Lower level users are not affected. Sites where the `DISALLOW_FILE_MODS` constant is set to `true` are not affected. Sites where an administrative user either does not need to enter FTP credentials or they have access to the valid FTP credentials, are not affected. The issue was fixed in WordPress 6.4.3 on January 30, 2024 and backported to versions 6.3.3, 6.2.4, 6.1.5, 6.0.7, 5.9.9, 5.8.9, 5.7.11, 5.6.13, 5.5.14, 5.4.15, 5.3.17, 5.2.20, 5.1.18, 5.0.21, 4.9.25, 2.8.24, 4.7.28, 4.6.28, 4.5.31, 4.4.32, 4.3.33, 4.2.37, and 4.1.40. A workaround is available. If the `DISALLOW_FILE_MODS` constant is defined as `true` then it will not be possible for any user to upload a plugin and therefore this issue will not be exploitable.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31210 was patched at 2024-05-08, 2024-05-15

1224. Remote Code Execution - Samba (CVE-2002-2196) - High [407]

Description: Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-2196 was patched at 2024-05-15

1225. Remote Code Execution - libvpx (CVE-2016-2464) - High [407]

Description: libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted mkv file, aka internal bug 23167726.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814libvpx is a free software video codec library from Google and the Alliance for Open Media (AOMedia)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2464 was patched at 2024-05-15

1226. Unknown Vulnerability Type - Binutils (CVE-2020-35494) - High [407]

Description: {'vulners_cve_data_all': 'There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35494 was patched at 2024-05-15

1227. Unknown Vulnerability Type - OpenSSH (CVE-2013-4548) - High [407]

Description: {'vulners_cve_data_all': 'The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] IBM AIX/Virtual I/O Server OpenSSH AES-GCM密文特权提升漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4548 was patched at 2024-05-15

1228. Unknown Vulnerability Type - PHP (CVE-2005-3299) - High [407]

Description: {'vulners_cve_data_all': 'PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object) website
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3299 was patched at 2024-05-15

1229. Unknown Vulnerability Type - PHP (CVE-2009-2854) - High [407]

Description: {'vulners_cve_data_all': 'Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to (1) edit-comments.php, (2) edit-pages.php, (3) edit.php, (4) edit-category-form.php, (5) edit-link-category-form.php, (6) edit-tag-form.php, (7) export.php, (8) import.php, or (9) link-add.php in wp-admin/.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] WordPress wp-admin非授权管理访问漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2854 was patched at 2024-05-15

1230. Unknown Vulnerability Type - PHP (CVE-2011-2505) - High [407]

Description: {'vulners_cve_data_all': 'libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication feature in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 assigns values to arbitrary parameters referenced in the query string, which allows remote attackers to modify the SESSION superglobal array via a crafted request, related to a "remote variable manipulation vulnerability."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin3 remote code execute exploit [Not jilei(chicken\'s ribs)], [seebug] phpMyAdmin3 (pma3) Remote Code Execution Exploit, [seebug] phpMyAdmin 3.x Swekey Remote Code Injection Exploit, [seebug] phpMyAdmin 3.x Multiple Remote Code Executions, [seebug] phpMyAdmin 3.x 多个安全漏洞, [exploitpack] phpMyAdmin 3.x - Swekey Remote Code Injection, [exploitpack] phpMyAdmin3 (pma3) - Remote Code Execution, [packetstorm] phpMyAdmin 3.x Swekey Remote Code Injection, [packetstorm] phpMyAdmin3 Remote Code Execution, [packetstorm] phpMyAdmin 3.x Remote Code Execution, [dsquare] Phpmyadmin 3.x RCE, [exploitdb] phpMyAdmin 3.x - Swekey Remote Code Injection, [exploitdb] phpMyAdmin3 (pma3) - Remote Code Execution)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2505 was patched at 2024-05-15

1231. Unknown Vulnerability Type - RPC (CVE-2008-0664) - High [407]

Description: {'vulners_cve_data_all': 'The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, when registration is enabled, allows remote attackers to edit posts of other blog users via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Wordpress XML-RPC接口非授权操作漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0664 was patched at 2024-05-15

1232. Unknown Vulnerability Type - RPC (CVE-2012-0215) - High [407]

Description: {'vulners_cve_data_all': 'model/modelstorage.py in the Tryton application framework (trytond) before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a (1) create, (2) write, (3) delete, or (4) copy rpc call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Python 'trytond'模块'Many2Many'字段安全限制绕过漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0215 was patched at 2024-05-15

1233. Unknown Vulnerability Type - Safari (CVE-2009-1693) - High [407]

Description: {'vulners_cve_data_all': 'WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1693 was patched at 2024-05-15

1234. Unknown Vulnerability Type - Safari (CVE-2009-1694) - High [407]

Description: {'vulners_cve_data_all': 'WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1694 was patched at 2024-05-15

1235. Unknown Vulnerability Type - Samba (CVE-2009-0022) - High [407]

Description: {'vulners_cve_data_all': 'Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Samba注册表共享名非授权访问漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0022 was patched at 2024-05-15

1236. Unknown Vulnerability Type - Samba (CVE-2014-2079) - High [407]

Description: {'vulners_cve_data_all': 'X File Explorer (aka xfe) might allow local users to bypass intended access restrictions and gain access to arbitrary files by leveraging failure to use directory masks when creating files on Samba and NFS shares.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] X File Explorer 'FilePanel::onCmdNewFile'函数访问绕过漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2079 was patched at 2024-05-15

1237. Unknown Vulnerability Type - Samba (CVE-2019-3870) - High [407]

Description: {'vulners_cve_data_all': 'A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-3870 was patched at 2024-05-15

1238. Security Feature Bypass - Apache HTTP Server (CVE-2019-0190) - High [405]

Description: {'vulners_cve_data_all': 'A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-0190 was patched at 2024-05-15

1239. Security Feature Bypass - Linux Kernel (CVE-2016-9919) - High [405]

Description: {'vulners_cve_data_all': 'The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through 4.8.12 omits a certain check of the dst data structure, which allows remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9919 was patched at 2024-05-15

1240. Security Feature Bypass - Linux Kernel (CVE-2019-12456) - High [405]

Description: {'vulners_cve_data_all': 'An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a "double fetch" vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12456 was patched at 2024-05-15

1241. Security Feature Bypass - Linux Kernel (CVE-2021-3847) - High [405]

Description: {'vulners_cve_data_all': 'An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a capable file from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3847 was patched at 2024-05-15

1242. Cross Site Scripting - Unknown Product (CVE-2020-7676) - High [404]

Description: {'vulners_cve_data_all': 'angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Cross-site Scripting in Angularjs Angular.Js)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7676 was patched at 2024-05-15

1243. Cross Site Scripting - Unknown Product (CVE-2021-38602) - High [404]

Description: {'vulners_cve_data_all': 'PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Cross-site Scripting in Pluxml)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38602 was patched at 2024-05-15

1244. Incorrect Calculation - Unknown Product (CVE-2024-34403) - High [404]

Description: {'vulners_cve_data_all': 'An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-34403 was patched at 2024-05-15

1245. Memory Corruption - Unknown Product (CVE-2024-29133) - High [404]

Description: {'vulners_cve_data_all': 'Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1.\n\nUsers are recommended to upgrade to version 2.10.1, which fixes the issue.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on BDU website
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29133 was patched at 2024-05-15

1246. Remote Code Execution - Kerberos (CVE-2004-0643) - High [404]

Description: Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0643 was patched at 2024-05-15

1247. Authentication Bypass - PHP (CVE-2004-2632) - High [403]

Description: phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2632 was patched at 2024-05-15

1248. Authentication Bypass - PHP (CVE-2017-1000071) - High [403]

Description: Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against an old CAS server.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000071 was patched at 2024-05-15

1249. Authentication Bypass - RPC (CVE-2024-23324) - High [403]

Description: Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

redos: CVE-2024-23324 was patched at 2024-04-23

1250. Remote Code Execution - FFmpeg (CVE-2011-3504) - High [402]

Description: The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3504 was patched at 2024-05-15

1251. Remote Code Execution - FFmpeg (CVE-2012-5359) - High [402]

Description: Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5359 was patched at 2024-05-15

1252. Remote Code Execution - FFmpeg (CVE-2012-5360) - High [402]

Description: Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5360 was patched at 2024-05-15

1253. Remote Code Execution - FFmpeg (CVE-2014-4610) - High [402]

Description: Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4610 was patched at 2024-05-15

1254. Remote Code Execution - vim (CVE-2008-3076) - High [402]

Description: The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Vim is a free and open-source, screen-based text editor program
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3076 was patched at 2024-05-15

1255. Unknown Vulnerability Type - BIND (CVE-2006-2194) - High [402]

Description: {'vulners_cve_data_all': 'The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] PPPD Winbind插件本地权限提升漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2194 was patched at 2024-05-15

1256. Unknown Vulnerability Type - BIND (CVE-2009-1894) - High [402]

Description: {'vulners_cve_data_all': 'Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Linux Kernel tun_chr_pool()函数空指针引用漏洞, [seebug] GNU C library dynamic linker $ORIGIN expansion Vulnerability, [packetstorm] GNU C Library Dynamic Linker $ORIGIN Expansion Vulnerability, [exploitpack] GNU C library dynamic linker - $ORIGIN Expansion, [exploitdb] GNU C library dynamic linker - '$ORIGIN' Expansion)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1894 was patched at 2024-05-15

1257. Unknown Vulnerability Type - MediaWiki (CVE-2012-4379) - High [402]

Description: {'vulners_cve_data_all': 'MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MediaWiki 1.x 跨站请求伪造漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4379 was patched at 2024-05-15

1258. Unknown Vulnerability Type - MediaWiki (CVE-2012-5391) - High [402]

Description: {'vulners_cve_data_all': 'Session fixation vulnerability in Special:UserLogin in MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the session_id.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MediaWiki 会话固定漏洞(CVE-2012-5391))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5391 was patched at 2024-05-15

1259. Unknown Vulnerability Type - iOS (CVE-2008-1692) - High [402]

Description: {'vulners_cve_data_all': 'Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] rxvt终端X11显示任意代码执行漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1692 was patched at 2024-05-15

1260. Code Injection - PHP (CVE-2006-2667) - High [401]

Description: Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2667 was patched at 2024-05-15

1261. Code Injection - PHP (CVE-2006-4674) - High [401]

Description: Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4674 was patched at 2024-05-15

1262. Command Injection - Node.js (CVE-2016-2086) - High [401]

Description: Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2086 was patched at 2024-05-15

1263. Security Feature Bypass - APT (CVE-2021-32642) - High [401]

Description: {'vulners_cve_data_all': 'radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. Missing input validation in radsecproxy's `naptr-eduroam.sh` and `radsec-dynsrv.sh` scripts can lead to configuration injection via crafted radsec peer discovery DNS records. Users are subject to Information disclosure, Denial of Service, Redirection of Radius connection to a non-authenticated server leading to non-authenticated network access. Updated example scripts are available in the master branch and 1.9 release. Note that the scripts are not part of the installation package and are not updated automatically. If you are using the examples, you have to update them manually. The dyndisc scripts work independently of the radsecproxy code. The updated scripts can be used with any version of radsecproxy.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.910CVSS Base Score is 9.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32642 was patched at 2024-05-15

1264. Security Feature Bypass - Chromium (CVE-2021-30618) - High [401]

Description: {'vulners_cve_data_all': 'Chromium: CVE-2021-30618 Inappropriate implementation in DevTools', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30618 was patched at 2024-05-15

1265. Security Feature Bypass - Chromium (CVE-2021-30620) - High [401]

Description: Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30620 was patched at 2024-05-15

1266. Remote Code Execution - Apache HTTP Server (CVE-2007-1741) - High [400]

Description: Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1741 was patched at 2024-05-15

1267. Remote Code Execution - Apache HTTP Server (CVE-2009-3890) - High [400]

Description: Unrestricted file upload vulnerability in the wp_check_filetype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the mod_mime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an attachment with a multiple-extension filename, and then accessing this attachment via a direct request to a wp-content/uploads/ pathname, as demonstrated by a .php.jpg filename.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3890 was patched at 2024-05-15

1268. Remote Code Execution - Windows LDAP (CVE-2005-4744) - High [400]

Description: Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single issue is part of a larger-scale disclosure, originally by SUSE, which reported multiple issues that were disputed by FreeRADIUS. Disputed issues included file descriptor leaks, memory disclosure, LDAP injection, and other issues. Without additional information, the most recent FreeRADIUS report is being regarded as the authoritative source for this CVE identifier.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4744 was patched at 2024-05-15

1269. Unknown Vulnerability Type - Apache HTTP Server (CVE-2007-6420) - High [400]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apache 'mod_proxy_balancer'存在多个漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6420 was patched at 2024-05-15

1270. Unknown Vulnerability Type - Linux Kernel (CVE-2013-1959) - High [400]

Description: {'vulners_cve_data_all': 'kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Linux Kernel Capability file_ns_capable() - Privilege Escalation)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1959 was patched at 2024-05-15

Medium (5390)

1271. Arbitrary File Writing - OpenSSH (CVE-2020-12062) - Medium [398]

Description: The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-12062 was patched at 2024-05-15

1272. Denial of Service - Unknown Product (CVE-2011-4939) - Medium [398]

Description: {'vulners_cve_data_all': 'The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Pidgin 2.x XMPP协议拒绝访问漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4939 was patched at 2024-05-15

1273. Denial of Service - Unknown Product (CVE-2012-3495) - Medium [398]

Description: {'vulners_cve_data_all': 'The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x and Citrix XenServer 6.0.2 and earlier uses the return value of the get_free_pirq function as an array index without checking that the return value indicates an error, which allows guest OS users to cause a denial of service (invalid memory write and host crash) and possibly gain privileges via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] XenSource Xen 'physdev_get_free_pirq'拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3495 was patched at 2024-05-15

1274. Denial of Service - Unknown Product (CVE-2016-1885) - Medium [398]

Description: {'vulners_cve_data_all': 'Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1885 was patched at 2024-05-15

1275. Denial of Service - Unknown Product (CVE-2017-11331) - Medium [398]

Description: {'vulners_cve_data_all': 'The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Vorbis Tools oggenc 1.4.0 - .wav Denial of Service, [zdt] Vorbis Tools oggenc 1.4.0 - .wav Denial of Service Exploit, [exploitdb] Vorbis Tools oggenc 1.4.0 - '.wav' Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11331 was patched at 2024-05-15

1276. Denial of Service - Unknown Product (CVE-2017-11548) - Medium [398]

Description: {'vulners_cve_data_all': 'The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] libao 1.2.0 - Denial of Service, [zdt] libao 1.2.0 - Denial of Service Exploit, [exploitdb] libao 1.2.0 - Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11548 was patched at 2024-05-15

1277. Denial of Service - Unknown Product (CVE-2017-9129) - Medium [398]

Description: {'vulners_cve_data_all': 'The wav_open_read function in frontend/input.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (large loop) via a crafted wav file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Freeware Advanced Audio Coder (FAAC) 1.28 - Denial of Service Vulnerability, [packetstorm] Freeware Advanced Audio Coder (FAAC) 1.28 Denial Of Service, [exploitpack] Freeware Advanced Audio Coder (FAAC) 1.28 - Denial of Service, [exploitdb] Freeware Advanced Audio Coder (FAAC) 1.28 - Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9129 was patched at 2024-05-15

1278. Denial of Service - Unknown Product (CVE-2017-9130) - Medium [398]

Description: {'vulners_cve_data_all': 'The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio Coder (FAAC) 1.28 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Freeware Advanced Audio Coder (FAAC) 1.28 Denial Of Service, [exploitpack] Freeware Advanced Audio Coder (FAAC) 1.28 - Denial of Service, [zdt] Freeware Advanced Audio Coder (FAAC) 1.28 - Denial of Service Vulnerability, [exploitdb] Freeware Advanced Audio Coder (FAAC) 1.28 - Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9130 was patched at 2024-05-15

1279. Denial of Service - Unknown Product (CVE-2017-9869) - Medium [398]

Description: {'vulners_cve_data_all': 'The II_step_one function in layer2.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] LAME 3.99.5 - II_step_one Buffer Overflow Exploit)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9869 was patched at 2024-05-15

1280. Denial of Service - Unknown Product (CVE-2018-11771) - Medium [398]

Description: {'vulners_cve_data_all': 'When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11771 was patched at 2024-05-15

1281. Denial of Service - Unknown Product (CVE-2018-1324) - Medium [398]

Description: {'vulners_cve_data_all': 'A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1324 was patched at 2024-05-15

1282. Denial of Service - Unknown Product (CVE-2018-16369) - Medium [398]

Description: {'vulners_cve_data_all': 'XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16369 was patched at 2024-05-15

1283. Denial of Service - Unknown Product (CVE-2018-16517) - Medium [398]

Description: {'vulners_cve_data_all': 'asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Netwide Assembler (NASM) 2.14rc15 Null Pointer Dereference, [zdt] Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference Exploit, [exploitpack] Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC), [exploitdb] Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16517 was patched at 2024-05-15

1284. Denial of Service - Unknown Product (CVE-2020-18768) - Medium [398]

Description: {'vulners_cve_data_all': 'There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18768 was patched at 2024-05-15

1285. Denial of Service - Unknown Product (CVE-2020-18971) - Medium [398]

Description: {'vulners_cve_data_all': 'Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause a denial of service via the component 'src/base/PdfDictionary.cpp:65'.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18971 was patched at 2024-05-15

1286. Denial of Service - Unknown Product (CVE-2020-18976) - Medium [398]

Description: {'vulners_cve_data_all': 'Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial of Service via the 'do_checksum' function in 'checksum.c'. It can be triggered by sending a crafted pcap file to the 'tcpreplay-edit' binary. This issue is different than CVE-2019-8381.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18976 was patched at 2024-05-15

1287. Denial of Service - Unknown Product (CVE-2020-19488) - Medium [398]

Description: {'vulners_cve_data_all': 'An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, allows attackers to cause a Denial of Service due to an invalid read on function ilst_item_Read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-19488 was patched at 2024-05-15

1288. Denial of Service - Unknown Product (CVE-2020-21678) - Medium [398]

Description: {'vulners_cve_data_all': 'A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21678 was patched at 2024-05-15

1289. Denial of Service - Unknown Product (CVE-2020-21679) - Medium [398]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21679 was patched at 2024-05-15

1290. Denial of Service - Unknown Product (CVE-2020-21680) - Medium [398]

Description: {'vulners_cve_data_all': 'A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21680 was patched at 2024-05-15

1291. Denial of Service - Unknown Product (CVE-2020-21681) - Medium [398]

Description: {'vulners_cve_data_all': 'A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21681 was patched at 2024-05-15

1292. Denial of Service - Unknown Product (CVE-2020-21682) - Medium [398]

Description: {'vulners_cve_data_all': 'A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21682 was patched at 2024-05-15

1293. Denial of Service - Unknown Product (CVE-2020-21683) - Medium [398]

Description: {'vulners_cve_data_all': 'A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21683 was patched at 2024-05-15

1294. Denial of Service - Unknown Product (CVE-2020-21684) - Medium [398]

Description: {'vulners_cve_data_all': 'A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21684 was patched at 2024-05-15

1295. Denial of Service - Unknown Product (CVE-2020-23273) - Medium [398]

Description: {'vulners_cve_data_all': 'Heap-buffer overflow in the randomize_iparp function in edit_packet.c. of Tcpreplay v4.3.2 allows attackers to cause a denial of service (DOS) via a crafted pcap.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23273 was patched at 2024-05-15

1296. Denial of Service - Unknown Product (CVE-2020-23856) - Medium [398]

Description: {'vulners_cve_data_all': 'Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, int line) function at src/parser.c, which could cause a denial of service via the pointer variable caller->callee.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23856 was patched at 2024-05-15

1297. Denial of Service - Unknown Product (CVE-2020-24821) - Medium [398]

Description: {'vulners_cve_data_all': 'A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24821 was patched at 2024-05-15

1298. Denial of Service - Unknown Product (CVE-2020-24822) - Medium [398]

Description: {'vulners_cve_data_all': 'A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24822 was patched at 2024-05-15

1299. Denial of Service - Unknown Product (CVE-2020-24823) - Medium [398]

Description: {'vulners_cve_data_all': 'A vulnerability in the dwarf::to_string function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24823 was patched at 2024-05-15

1300. Denial of Service - Unknown Product (CVE-2020-24824) - Medium [398]

Description: {'vulners_cve_data_all': 'A global buffer overflow issue in the dwarf::line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24824 was patched at 2024-05-15

1301. Denial of Service - Unknown Product (CVE-2020-24825) - Medium [398]

Description: {'vulners_cve_data_all': 'A vulnerability in the line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24825 was patched at 2024-05-15

1302. Denial of Service - Unknown Product (CVE-2020-24826) - Medium [398]

Description: {'vulners_cve_data_all': 'A vulnerability in the elf::section::as_strtab function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24826 was patched at 2024-05-15

1303. Denial of Service - Unknown Product (CVE-2020-24827) - Medium [398]

Description: {'vulners_cve_data_all': 'A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24827 was patched at 2024-05-15

1304. Denial of Service - Unknown Product (CVE-2021-30027) - Medium [398]

Description: {'vulners_cve_data_all': 'md_analyze_line in md4c.c in md4c 0.4.7 allows attackers to trigger use of uninitialized memory, and cause a denial of service via a malformed Markdown document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30027 was patched at 2024-05-15

1305. Denial of Service - Unknown Product (CVE-2021-32275) - Medium [398]

Description: {'vulners_cve_data_all': 'An issue was discovered in faust through v2.30.5. A NULL pointer dereference exists in the function CosPrim::computeSigOutput() located in cosprim.hh. It allows an attacker to cause Denial of Service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32275 was patched at 2024-05-15

1306. Denial of Service - Unknown Product (CVE-2021-37529) - Medium [398]

Description: {'vulners_cve_data_all': 'A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37529 was patched at 2024-05-15

1307. Denial of Service - Unknown Product (CVE-2021-37530) - Medium [398]

Description: {'vulners_cve_data_all': 'A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37530 was patched at 2024-05-15

1308. Denial of Service - Unknown Product (CVE-2021-4214) - Medium [398]

Description: {'vulners_cve_data_all': 'A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4214 was patched at 2024-05-15

1309. Denial of Service - Unknown Product (CVE-2023-42364) - Medium [398]

Description: {'vulners_cve_data_all': 'A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-42364 was patched at 2024-05-15

1310. Incorrect Calculation - Unknown Product (CVE-2022-28048) - Medium [398]

Description: {'vulners_cve_data_all': 'STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-28048 was patched at 2024-05-15

1311. Information Disclosure - Unknown Product (CVE-2017-8761) - Medium [398]

Description: {'vulners_cve_data_all': 'In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8761 was patched at 2024-05-15

1312. Memory Corruption - Unknown Product (CVE-2017-2818) - Medium [398]

Description: {'vulners_cve_data_all': 'An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during image rendering, resulting in heap corruption. An attacker controlled PDF file can be used to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Poppler PDF Image Display DCTStream::readProgressiveSOF() Code Execution Vulnerability(CVE-2017-2818))
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2818 was patched at 2024-05-15

1313. Memory Corruption - Unknown Product (CVE-2018-14550) - Medium [398]

Description: {'vulners_cve_data_all': 'An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14550 was patched at 2024-05-15

1314. Memory Corruption - Unknown Product (CVE-2018-20751) - Medium [398]

Description: {'vulners_cve_data_all': 'An issue was discovered in crop_page in PoDoFo 0.9.6. For a crafted PDF document, pPage->GetObject()->GetDictionary().AddKey(PdfName("MediaBox"),var) can be problematic due to the function GetObject() being called for the pPage NULL pointer object. The value of pPage at this point is 0x0, which causes a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20751 was patched at 2024-05-15

1315. Memory Corruption - Unknown Product (CVE-2020-21547) - Medium [398]

Description: {'vulners_cve_data_all': 'Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21547 was patched at 2024-05-15

1316. Memory Corruption - Unknown Product (CVE-2020-21548) - Medium [398]

Description: {'vulners_cve_data_all': 'Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21548 was patched at 2024-05-15

1317. Memory Corruption - Unknown Product (CVE-2020-36403) - Medium [398]

Description: {'vulners_cve_data_all': 'HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36403 was patched at 2024-05-15

1318. Memory Corruption - Unknown Product (CVE-2020-36407) - Medium [398]

Description: {'vulners_cve_data_all': 'libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36407 was patched at 2024-05-15

1319. Memory Corruption - Unknown Product (CVE-2021-26195) - Medium [398]

Description: {'vulners_cve_data_all': 'An issue was discovered in JerryScript 2.4.0. There is a heap-buffer-overflow in lexer_parse_number in js-lexer.c file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26195 was patched at 2024-05-15

1320. Memory Corruption - Unknown Product (CVE-2021-32294) - Medium [398]

Description: {'vulners_cve_data_all': 'An issue was discovered in libgig through 20200507. A heap-buffer-overflow exists in the function RIFF::List::GetSubList located in RIFF.cpp. It allows an attacker to cause code Execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32294 was patched at 2024-05-15

1321. Memory Corruption - Unknown Product (CVE-2023-5841) - Medium [398]

Description: {'vulners_cve_data_all': 'Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEX\xa0image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. This issue was resolved as of versions\xa0v3.2.2 and v3.1.12 of the affected library.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-5841 was patched at 2024-05-15

1322. Path Traversal - Unknown Product (CVE-2016-5537) - Medium [398]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the October 2016 CPU. Oracle has not commented on third-party claims that this issue is a directory traversal vulnerability which allows local users with certain permissions to write to arbitrary files and consequently gain privileges via a .. (dot dot) in a archive entry in a ZIP file imported as a project.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitdb] Oracle Netbeans IDE 8.1 - Directory Traversal, [exploitpack] Oracle Netbeans IDE 8.1 - Directory Traversal, [zdt] Oracle Netbeans IDE 8.1 Directory Traversal Vulnerability, [packetstorm] Oracle Netbeans IDE 8.1 Directory Traversal)
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5537 was patched at 2024-05-15

1323. Path Traversal - Unknown Product (CVE-2018-1002209) - Medium [398]

Description: {'vulners_cve_data_all': 'QuaZIP before 0.7.6 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in a Zip archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1002209 was patched at 2024-05-15

1324. Elevation of Privilege - Linux Kernel (CVE-2020-25221) - Medium [397]

Description: get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25221 was patched at 2024-05-15

1325. Elevation of Privilege - Linux Kernel (CVE-2022-0998) - Medium [397]

Description: An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-0998 was patched at 2024-05-15

1326. Elevation of Privilege - Linux Kernel (CVE-2022-1976) - Medium [397]

Description: A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1976 was patched at 2024-05-15

1327. Elevation of Privilege - Linux Kernel (CVE-2022-3238) - Medium [397]

Description: A double-free flaw was found in the Linux kernel’s NTFS3 subsystem in how a user triggers remount and umount simultaneously. This flaw allows a local user to crash or potentially escalate their privileges on the system.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3238 was patched at 2024-05-15

1328. Elevation of Privilege - Linux Kernel (CVE-2022-3577) - Medium [397]

Description: An out-of-bounds memory write flaw was found in the Linux kernel’s Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system. It is in bigben_probe of drivers/hid/hid-bigbenff.c. The reason is incorrect assumption - bigben devices all have inputs. However, malicious devices can break this assumption, leaking to out-of-bound write.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3577 was patched at 2024-05-15

1329. Elevation of Privilege - Linux Kernel (CVE-2022-3910) - Medium [397]

Description: Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation. When io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately. We recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3910 was patched at 2024-05-15

1330. Elevation of Privilege - Linux Kernel (CVE-2022-3977) - Medium [397]

Description: A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on the system.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3977 was patched at 2024-05-15

1331. Elevation of Privilege - Linux Kernel (CVE-2023-0030) - Medium [397]

Description: A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0030 was patched at 2024-05-15

1332. Elevation of Privilege - Linux Kernel (CVE-2023-28464) - Medium [397]

Description: hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-28464 was patched at 2024-05-22

oraclelinux: CVE-2023-28464 was patched at 2024-05-02, 2024-05-23

redhat: CVE-2023-28464 was patched at 2024-05-22

1333. Remote Code Execution - ImageMagick (CVE-2004-0981) - Medium [397]

Description: Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0981 was patched at 2024-05-15

1334. Remote Code Execution - Perl (CVE-2002-1369) - Medium [397]

Description: jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1369 was patched at 2024-05-15

1335. Remote Code Execution - Perl (CVE-2003-0161) - Medium [397]

Description: The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0161 was patched at 2024-05-15

1336. Remote Code Execution - Perl (CVE-2004-0414) - Medium [397]

Description: CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0414 was patched at 2024-05-15

1337. Remote Code Execution - Perl (CVE-2004-0418) - Medium [397]

Description: serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0418 was patched at 2024-05-15

1338. Remote Code Execution - Perl (CVE-2006-1615) - Medium [397]

Description: Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1615 was patched at 2024-05-15

1339. Remote Code Execution - Perl (CVE-2011-1930) - Medium [397]

Description: In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1930 was patched at 2024-05-15

1340. Remote Code Execution - Perl (CVE-2014-4657) - Medium [397]

Description: The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4657 was patched at 2024-05-15

1341. Remote Code Execution - Perl (CVE-2014-4678) - Medium [397]

Description: The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4678 was patched at 2024-05-15

1342. Remote Code Execution - Perl (CVE-2018-20752) - Medium [397]

Description: An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when exported to a CSV file. This can result in remote code execution for the attacker.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20752 was patched at 2024-05-15

1343. Remote Code Execution - Perl (CVE-2018-9246) - Medium [397]

Description: The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-9246 was patched at 2024-05-15

1344. Remote Code Execution - Perl (CVE-2022-4170) - Medium [397]

Description: The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-4170 was patched at 2024-05-15

1345. Remote Code Execution - Python (CVE-2012-4406) - Medium [397]

Description: OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4406 was patched at 2024-05-15

1346. Remote Code Execution - Python (CVE-2014-3539) - Medium [397]

Description: base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3539 was patched at 2024-05-15

1347. Remote Code Execution - Python (CVE-2016-4972) - Medium [397]

Description: OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4972 was patched at 2024-05-15

1348. Remote Code Execution - Python (CVE-2021-42343) - Medium [397]

Description: An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by a sophisticated attacker to achieve remote code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42343 was patched at 2024-05-15

1349. Remote Code Execution - Python (CVE-2023-37271) - Medium [397]

Description: RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generator expressions, which are allowed inside RestrictedPython. Prior to versions 6.1 and 5.3, an attacker with access to a RestrictedPython environment can write code that gets the current stack frame in a generator and then walk the stack all the way beyond the RestrictedPython invocation boundary, thus breaking out of the restricted sandbox and potentially allowing arbitrary code execution in the Python interpreter. All RestrictedPython deployments that allow untrusted users to write Python code in the RestrictedPython environment are at risk. In terms of Zope and Plone, this would mean deployments where the administrator allows untrusted users to create and/or edit objects of type `Script (Python)`, `DTML Method`, `DTML Document` or `Zope Page Template`. This is a non-default configuration and likely to be extremely rare. The problem has been fixed in versions 6.1 and 5.3.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score1.010CVSS Base Score is 9.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-37271 was patched at 2024-05-15

1350. Remote Code Execution - Wireshark (CVE-2006-3628) - Medium [397]

Description: Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3628 was patched at 2024-05-15

1351. Remote Code Execution - Wireshark (CVE-2006-3632) - Medium [397]

Description: Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3632 was patched at 2024-05-15

1352. Remote Code Execution - libxml2 (CVE-2004-0989) - Medium [397]

Description: Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0989 was patched at 2024-05-15

1353. Unknown Vulnerability Type - Bouncy Castle (CVE-2020-28052) - Medium [397]

Description: {'vulners_cve_data_all': 'An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for CVE-2020-28052, [githubexploit] Exploit for CVE-2020-28052)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Bouncy Castle is a collection of APIs used in cryptography
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28052 was patched at 2024-05-15

1354. Unknown Vulnerability Type - Eclipse Mosquitto (CVE-2021-34432) - Medium [397]

Description: {'vulners_cve_data_all': 'In Eclipse Mosquitto versions 2.07 and earlier, the server will crash if the client tries to send a PUBLISH packet with topic length = 0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Eclipse Mosquitto provides a lightweight server implementation of the MQTT protocol that is suitable for all situations from full power machines to embedded and low power machines
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-34432 was patched at 2024-05-15

1355. Unknown Vulnerability Type - Nokogiri (CVE-2022-29181) - Medium [397]

Description: {'vulners_cve_data_all': 'Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Nokogiri is an open source XML and HTML library for the Ruby programming language
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29181 was patched at 2024-05-15

1356. Unknown Vulnerability Type - Perl (CVE-2006-6171) - Medium [397]

Description: {'vulners_cve_data_all': 'ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] vd_proftpd.pm.txt, [packetstorm] ProFTPD 1.2 - 1.3.0 sreplace Buffer Overflow (Linux))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6171 was patched at 2024-05-15

1357. Unknown Vulnerability Type - Perl (CVE-2009-2702) - Medium [397]

Description: {'vulners_cve_data_all': 'KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Mozilla Firefox NULL字符CA SSL证书验证安全绕过漏洞, [exploitdb] Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2702 was patched at 2024-05-15

1358. Unknown Vulnerability Type - Perl (CVE-2009-3475) - Medium [397]

Description: {'vulners_cve_data_all': 'Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Mozilla Firefox NULL字符CA SSL证书验证安全绕过漏洞, [seebug] Randombit Botan Library X509 Certificate Validation Bypass Vulnerability(CVE-2017-2801), [seebug] mozilla-thunderbird多个安全漏洞, [exploitdb] Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3475 was patched at 2024-05-15

1359. Unknown Vulnerability Type - Perl (CVE-2011-1762) - Medium [397]

Description: {'vulners_cve_data_all': 'A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object) website
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1762 was patched at 2024-05-15

1360. Unknown Vulnerability Type - Perl (CVE-2011-4116) - Medium [397]

Description: {'vulners_cve_data_all': '_is_safe in the File::Temp module for Perl does not properly handle symlinks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4116 was patched at 2024-05-15

1361. Unknown Vulnerability Type - Perl (CVE-2012-1102) - Medium [397]

Description: {'vulners_cve_data_all': 'It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1102 was patched at 2024-05-15

1362. Unknown Vulnerability Type - Perl (CVE-2021-29424) - Medium [397]

Description: {'vulners_cve_data_all': 'The Net::Netmask module before 2.0000 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29424 was patched at 2024-05-15

1363. Unknown Vulnerability Type - Perl (CVE-2021-29662) - Medium [397]

Description: {'vulners_cve_data_all': 'The Data::Validate::IP module through 0.29 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29662 was patched at 2024-05-15

1364. Unknown Vulnerability Type - Perl (CVE-2022-25640) - Medium [397]

Description: {'vulners_cve_data_all': 'In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Improper Certificate Validation in Wolfssl)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25640 was patched at 2024-05-15

1365. Unknown Vulnerability Type - Wireshark (CVE-2017-9347) - Medium [397]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Wireshark 2.2.0 to 2.2.12 - ROS Dissector Denial of Service Vulnerability)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9347 was patched at 2024-05-15

1366. Unknown Vulnerability Type - Wireshark (CVE-2017-9353) - Medium [397]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Wireshark 2.2.6 - IPv6 Dissector Denial of Service Vulnerability)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9353 was patched at 2024-05-15

1367. Unknown Vulnerability Type - Wireshark (CVE-2020-7044) - Medium [397]

Description: {'vulners_cve_data_all': 'In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7044 was patched at 2024-05-15

1368. Security Feature Bypass - Apache Traffic Server (CVE-2015-5168) - Medium [396]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5168 was patched at 2024-05-15

1369. Security Feature Bypass - Apache Traffic Server (CVE-2015-5206) - Medium [396]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5206 was patched at 2024-05-15

1370. Arbitrary File Writing - Unknown Product (CVE-2004-0996) - Medium [395]

Description: {'vulners_cve_data_all': 'main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Mac OS X 2007-007更新修复多个安全漏洞)
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0996 was patched at 2024-05-15

1371. Arbitrary File Writing - Unknown Product (CVE-2013-0162) - Medium [395]

Description: {'vulners_cve_data_all': 'The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] RubyGems 'ruby_parser' 不安全临时文件创建漏洞(CVE-2013-0162))
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0162 was patched at 2024-05-15

1372. Remote Code Execution - APT (CVE-2003-0542) - Medium [395]

Description: Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0542 was patched at 2024-05-15

1373. Remote Code Execution - APT (CVE-2008-0302) - Medium [395]

Description: Untrusted search path vulnerability in apt-listchanges.py in apt-listchanges before 2.82 allows local users to execute arbitrary code via a malicious apt-listchanges program in the current working directory.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0302 was patched at 2024-05-15

1374. Remote Code Execution - GNOME desktop (CVE-2007-6183) - Medium [395]

Description: Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6183 was patched at 2024-05-15

1375. Remote Code Execution - GNOME desktop (CVE-2011-5244) - Medium [395]

Description: Multiple off-by-one errors in the (1) token and (2) linetoken functions in backend/dvi/mdvi-lib/afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, different vulnerabilities than CVE-2010-2642 and CVE-2011-0433.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-5244 was patched at 2024-05-15

1376. Remote Code Execution - GNU C Library (CVE-2007-3508) - Medium [395]

Description: Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3508 was patched at 2024-05-15

1377. Remote Code Execution - GNU C Library (CVE-2008-2357) - Medium [395]

Description: Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2357 was patched at 2024-05-15

1378. Remote Code Execution - Mozilla Firefox (CVE-2006-1733) - Medium [395]

Description: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1733 was patched at 2024-05-15

1379. Remote Code Execution - Mozilla Firefox (CVE-2006-1734) - Medium [395]

Description: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1734 was patched at 2024-05-15

1380. Remote Code Execution - Mozilla Firefox (CVE-2006-6497) - Medium [395]

Description: Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6497 was patched at 2024-05-15

1381. Remote Code Execution - Mozilla Firefox (CVE-2006-6498) - Medium [395]

Description: Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6498 was patched at 2024-05-15

1382. Remote Code Execution - Safari (CVE-2015-7096) - Medium [395]

Description: WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7096 was patched at 2024-05-15

1383. Remote Code Execution - Safari (CVE-2015-7098) - Medium [395]

Description: WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7098 was patched at 2024-05-15

1384. Remote Code Execution - Visual Basic for Applications (CVE-2011-1003) - Medium [395]

Description: Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Visual Basic for Applications is a computer programming language developed and owned by Microsoft
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1003 was patched at 2024-05-15

1385. Remote Code Execution - WinRAR (CVE-2007-0855) - Medium [395]

Description: Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR and possibly other products, allows user-assisted remote attackers to execute arbitrary code via a crafted, password-protected archive.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814WinRAR is a trialware file archiver utility for Windows, developed by Eugene Roshal of win.rar GmbH
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0855 was patched at 2024-05-15

1386. Unknown Vulnerability Type - APT (CVE-2009-3584) - Medium [395]

Description: {'vulners_cve_data_all': 'SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] SQL-Ledger ERP多个输入验证和绕过安全限制漏洞, [packetstorm] SQL-Ledger XSS / XSRF / SQL Injection / LFI)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3584 was patched at 2024-05-15

1387. Unknown Vulnerability Type - GNOME desktop (CVE-2013-7220) - Medium [395]

Description: {'vulners_cve_data_all': 'js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus on the Activities search.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] GNOME gnome-shell本地任意命令执行漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7220 was patched at 2024-05-15

1388. Unknown Vulnerability Type - OpenSSH (CVE-2003-0190) - Medium [395]

Description: {'vulners_cve_data_all': 'OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Portable OpenSSH 3.6.1p-PAM4.1-SuSE - Timing Attack, [packetstorm] openssh-timing.txt, [seebug] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit, [seebug] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit, [seebug] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit, [exploitdb] Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0190 was patched at 2024-05-15

1389. Unknown Vulnerability Type - OpenSSH (CVE-2006-0225) - Medium [395]

Description: {'vulners_cve_data_all': 'scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Avaya CMS / IR Solaris scp命令行shell命令注入漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0225 was patched at 2024-05-15

1390. Unknown Vulnerability Type - OpenSSH (CVE-2007-2243) - Medium [395]

Description: {'vulners_cve_data_all': 'OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a similar issue to CVE-2001-1483.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] OpenSSH s/key Weakness)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2243 was patched at 2024-05-15

1391. Unknown Vulnerability Type - OpenSSL (CVE-2009-0126) - Medium [395]

Description: {'vulners_cve_data_all': 'The decrypt_public function in lib/crypt.cpp in the client in Berkeley Open Infrastructure for Network Computing (BOINC) 6.2.14 and 6.4.5 does not check the return value from the OpenSSL RSA_public_decrypt function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenSSL 'EVP_VerifyFinal'函数签名验证漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0126 was patched at 2024-05-15

1392. Unknown Vulnerability Type - OpenSSL (CVE-2009-0127) - Medium [395]

Description: {'vulners_cve_data_all': 'M2Crypto does not properly check the return value from the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify, and ECDSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a Linux vendor disputes the relevance of this report to the M2Crypto product because "these functions are not used anywhere in m2crypto.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenSSL 'EVP_VerifyFinal'函数签名验证漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0127 was patched at 2024-05-15

1393. Unknown Vulnerability Type - OpenSSL (CVE-2009-0128) - Medium [395]

Description: {'vulners_cve_data_all': 'plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for Resource Management (aka SLURM or slurm-llnl) does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenSSL 'EVP_VerifyFinal'函数签名验证漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0128 was patched at 2024-05-15

1394. Unknown Vulnerability Type - OpenSSL (CVE-2009-0129) - Medium [395]

Description: {'vulners_cve_data_all': 'libcrypt-openssl-dsa-perl does not properly check the return value from the OpenSSL DSA_verify and DSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenSSL 'EVP_VerifyFinal'函数签名验证漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0129 was patched at 2024-05-15

1395. Unknown Vulnerability Type - OpenSSL (CVE-2009-0130) - Medium [395]

Description: {'vulners_cve_data_all': 'lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus "this report is invalid.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenSSL 'EVP_VerifyFinal'函数签名验证漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0130 was patched at 2024-05-15

1396. Unknown Vulnerability Type - PHP (CVE-2009-4605) - Medium [395]

Description: {'vulners_cve_data_all': 'scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before 2.11.10 calls the unserialize function on the values of the (1) configuration and (2) v[0] parameters, which might allow remote attackers to conduct cross-site request forgery (CSRF) attacks via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin unserialize()调用跨站请求伪造漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4605 was patched at 2024-05-15

1397. Unknown Vulnerability Type - PHP (CVE-2011-4898) - Medium [395]

Description: {'vulners_cve_data_all': 'wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier generates different error messages for requests lacking a dbname parameter depending on whether the MySQL credentials are valid, which makes it easier for remote attackers to conduct brute-force attacks via a series of requests with different uname and pwd parameters. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether providing intentionally vague error messages during installation would be reasonable from a usability perspective', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] WordPress 3.3.1 - Multiple Vulnerabilities, [seebug] wordpress <= 3.3.1 - Multiple Vulnerabilities, [seebug] WordPress 3.3.1 Code Execution / Cross Site Scripting, [packetstorm] WordPress 3.3.1 Code Execution / Cross Site Scripting, [exploitdb] WordPress Core 3.3.1 - Multiple Vulnerabilities)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4898 was patched at 2024-05-15

1398. Unknown Vulnerability Type - PHP (CVE-2022-39291) - Medium [395]

Description: {'vulners_cve_data_all': 'ZoneMinder is a free, open source Closed-circuit television software application. Affected versions of zoneminder are subject to a vulnerability which allows users with "View" system permissions to inject new data into the logs stored by Zoneminder. This was observed through an HTTP POST request containing log information to the "/zm/index.php" endpoint. Submission is not rate controlled and could affect database performance and/or consume all storage resources. Users are advised to upgrade. There are no known workarounds for this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Zoneminder Log Injection / XSS / Cross Site Request Forgery, [zdt] Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass Exploit, [exploitdb] Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-39291 was patched at 2024-05-15

1399. Unknown Vulnerability Type - Safari (CVE-2009-1696) - Medium [395]

Description: {'vulners_cve_data_all': 'WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Firefox JavaScript引擎Math.Random()跨域信息泄露漏洞, [seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1696 was patched at 2024-05-15

1400. Unknown Vulnerability Type - Safari (CVE-2009-2841) - Medium [395]

Description: {'vulners_cve_data_all': 'The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] WebKit资源装载回调信息泄漏漏洞, [seebug] Safari 4.0.4版本修复多个安全漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2841 was patched at 2024-05-15

1401. Authentication Bypass - Perl (CVE-2015-5053) - Medium [394]

Description: {'vulners_cve_data_all': 'The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 before 352.41 for Linux and R352 before 352.46 for GRID vGPU and vSGA does not properly restrict access to third-party device IO memory, which allows attackers to gain privileges, cause a denial of service (resource consumption), or possibly have unspecified other impact via unknown vectors related to the follow_pfn kernel-mode API call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5053 was patched at 2024-05-15

1402. Denial of Service - Linux Kernel (CVE-2016-10150) - Medium [394]

Description: Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10150 was patched at 2024-05-15

1403. Denial of Service - Linux Kernel (CVE-2018-5703) - Medium [394]

Description: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-5703 was patched at 2024-05-15

1404. Denial of Service - Windows Kernel (CVE-2016-4608) - Medium [394]

Description: libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4608 was patched at 2024-05-15

1405. Path Traversal - Windows Kernel (CVE-2020-27304) - Medium [394]

Description: The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27304 was patched at 2024-05-15

1406. Security Feature Bypass - Active Directory (CVE-2018-1140) - Medium [394]

Description: {'vulners_cve_data_all': 'A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914Active Directory is a directory service developed by Microsoft for Windows domain networks
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1140 was patched at 2024-05-15

1407. Security Feature Bypass - Linux Kernel (CVE-2018-1000028) - Medium [394]

Description: Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server (nfsd) that can result in remote users reading or writing files they should not be able to via NFS. This attack appear to be exploitable via NFS server must export a filesystem with the "rootsquash" options enabled. This vulnerability appears to have been fixed in after commit 1995266727fa.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000028 was patched at 2024-05-15

1408. Arbitrary File Reading - Windows Kernel (CVE-2002-0661) - Medium [393]

Description: Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0661 was patched at 2024-05-15

1409. Information Disclosure - Windows Kernel (CVE-2022-28183) - Medium [393]

Description: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810CVSS Base Score is 7.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-28183 was patched at 2024-05-15

1410. Code Injection - Perl (CVE-2023-26037) - Medium [392]

Description: ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26037 was patched at 2024-05-15

1411. Code Injection - ReadyMedia (CVE-2013-2738) - Medium [392]

Description: minidlna has SQL Injection that may allow retrieval of arbitrary files

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.614ReadyMedia (formerly known as MiniDLNA) is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2738 was patched at 2024-05-15

1412. Code Injection - ReadyMedia (CVE-2013-2745) - Medium [392]

Description: An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.614ReadyMedia (formerly known as MiniDLNA) is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2745 was patched at 2024-05-15

1413. Command Injection - Python (CVE-2022-24065) - Medium [392]

Description: The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24065 was patched at 2024-05-15

1414. Cross Site Scripting - Unknown Product (CVE-2008-3328) - Medium [392]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Trac Wiki引擎跨站脚本执行漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3328 was patched at 2024-05-15

1415. Cross Site Scripting - Unknown Product (CVE-2008-3714) - Medium [392]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] AWStats awstats.pl跨站脚本漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3714 was patched at 2024-05-15

1416. Cross Site Scripting - Unknown Product (CVE-2009-2324) - Medium [392]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] FCKeditor connectors模块多个跨站脚本及目录遍历漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2324 was patched at 2024-05-15

1417. Cross Site Scripting - Unknown Product (CVE-2009-3009) - Medium [392]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Ruby on Rails表单帮助程序Unicode字符串处理跨站脚本漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3009 was patched at 2024-05-15

1418. Cross Site Scripting - Unknown Product (CVE-2011-0446) - Medium [392]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in the mail_to helper in Ruby on Rails before 2.3.11, and 3.x before 3.0.4, when javascript encoding is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) name or (2) email value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Ruby on Rails跨站脚本执行及跨站请求伪造漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0446 was patched at 2024-05-15

1419. Cross Site Scripting - Unknown Product (CVE-2011-4024) - Medium [392]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] OCS Inventory NG 2.0.1 - Persistent Cross-Site Scripting, [packetstorm] OCS Inventory NG 2.0.1 Cross Site Scripting, [seebug] OCS Inventory NG 2.0.1 Persistent XSS, [exploitdb] OCS Inventory NG 2.0.1 - Persistent Cross-Site Scripting)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4024 was patched at 2024-05-15

1420. Cross Site Scripting - Unknown Product (CVE-2011-4969) - Medium [392]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4969 was patched at 2024-05-15

1421. Cross Site Scripting - Unknown Product (CVE-2012-3414) - Medium [392]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Dotclear XSS Vulnerabilities, [zdt] Wordpress Plugin (wp-e-commerce v3.8.9.5) Multiple Vulnerabilities, [seebug] Turbomail邮件系统XSS-1, [packetstorm] WordPress 3.3.1 swfupload.swf Cross Site Scripting, [packetstorm] SWF Upload Cross Site Scripting, [packetstorm] Dotclear 2.4.4 Cross Site Scripting / Content Spoofing, [packetstorm] WordPress E-Commerce 3.8.9.5 File Upload / XSS / CSRF / Code Execution)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3414 was patched at 2024-05-15

1422. Cross Site Scripting - Unknown Product (CVE-2012-3442) - Medium [392]

Description: {'vulners_cve_data_all': 'The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Django跨站脚本执行和两个拒绝服务漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3442 was patched at 2024-05-15

1423. Cross Site Scripting - Unknown Product (CVE-2012-3465) - Medium [392]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Ruby on Rails 'strip_tags()'跨站脚本执行漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3465 was patched at 2024-05-15

1424. Cross Site Scripting - Unknown Product (CVE-2012-4751) - Medium [392]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] OTRS 3.1 Cross Site Scripting)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4751 was patched at 2024-05-15

1425. Cross Site Scripting - Unknown Product (CVE-2012-6550) - Medium [392]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vulnerability than CVE-2013-1808.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([wpexploit] slidedeck2 < 2.1.20130313 - XSS in ZeroClipboard, [packetstorm] ZeroClipbord.swf Cross Site Scripting / Path Disclosure, [zdt] ZeroClipboard Wordpress plugin XSS / FPD Vulnerabilities)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6550 was patched at 2024-05-15

1426. Cross Site Scripting - Unknown Product (CVE-2013-1808) - Medium [392]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([wpexploit] slidedeck2 < 2.1.20130313 - XSS in ZeroClipboard, [packetstorm] ZeroClipbord.swf Cross Site Scripting / Path Disclosure, [packetstorm] WordPress WP-Table-Reloaded Cross Site Scripting, [zdt] ZeroClipboard Wordpress plugin XSS / FPD Vulnerabilities)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1808 was patched at 2024-05-15

1427. Cross Site Scripting - Unknown Product (CVE-2013-4249) - Medium [392]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Django is_safe_url() 跨站脚本 和 URLField 脚本插入漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4249 was patched at 2024-05-15

1428. Cross Site Scripting - Unknown Product (CVE-2014-0157) - Medium [392]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenStack Horizon Orchestration Dashboard栈模版描述字段存储型跨站脚本漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0157 was patched at 2024-05-15

1429. Elevation of Privilege - RPC (CVE-2021-37219) - Medium [392]

Description: HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37219 was patched at 2024-05-15

1430. Remote Code Execution - Kerberos (CVE-2010-1320) - Medium [392]

Description: Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1320 was patched at 2024-05-15

1431. Unknown Vulnerability Type - Cacti (CVE-2009-4112) - Medium [392]

Description: {'vulners_cve_data_all': 'Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] New cacti packages fix insufficient input sanitising)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4112 was patched at 2024-05-15

1432. XXE Injection - Apache ActiveMQ (CVE-2014-3600) - Medium [392]

Description: XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common0.614Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3600 was patched at 2024-05-15

1433. Authentication Bypass - Chromium (CVE-2021-30619) - Medium [391]

Description: {'vulners_cve_data_all': 'Chromium: CVE-2021-30619 UI Spoofing in Autofill', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30619 was patched at 2024-05-15

1434. Authentication Bypass - Chromium (CVE-2021-30621) - Medium [391]

Description: {'vulners_cve_data_all': 'Chromium: CVE-2021-30621 UI Spoofing in Autofill', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30621 was patched at 2024-05-15

1435. Remote Code Execution - Babel (CVE-2022-37331) - Medium [390]

Description: An out-of-bounds write vulnerability exists in the Gaussian format orientation functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-37331 was patched at 2024-05-15

1436. Remote Code Execution - Babel (CVE-2022-43607) - Medium [390]

Description: An out-of-bounds write vulnerability exists in the MOL2 format attribute and value functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-43607 was patched at 2024-05-15

1437. Remote Code Execution - Curl (CVE-2005-3185) - Medium [390]

Description: Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3185 was patched at 2024-05-15

1438. Remote Code Execution - FFmpeg (CVE-2006-4800) - Medium [390]

Description: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4800 was patched at 2024-05-15

1439. Remote Code Execution - FFmpeg (CVE-2011-4351) - Medium [390]

Description: Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute arbitrary code via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4351 was patched at 2024-05-15

1440. Remote Code Execution - FFmpeg (CVE-2012-5361) - Medium [390]

Description: Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted WMV file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5361 was patched at 2024-05-15

1441. Remote Code Execution - FFmpeg (CVE-2016-6671) - Medium [390]

Description: The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6671 was patched at 2024-05-15

1442. Remote Code Execution - MediaWiki (CVE-2004-1405) - Medium [390]

Description: MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1405 was patched at 2024-05-15

1443. Remote Code Execution - QEMU (CVE-2024-3446) - Medium [390]

Description: A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3446 was patched at 2024-05-15

debian: CVE-2024-34462 was patched at 2024-05-15

1444. Remote Code Execution - SQLite (CVE-2007-1888) - Medium [390]

Description: Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714SQLite is a database engine written in the C programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1888 was patched at 2024-05-15

1445. Unknown Vulnerability Type - MediaWiki (CVE-2014-2243) - Medium [390]

Description: {'vulners_cve_data_all': 'includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timing differences in responses to incorrect token guesses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MediaWiki 'theloadFromSession'函数信息泄露漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2243 was patched at 2024-05-15

1446. Security Feature Bypass - APT (CVE-2016-8614) - Medium [389]

Description: A flaw was found in Ansible before version 2.2.0. The apt_key module does not properly verify key fingerprints, allowing remote adversary to create an OpenPGP key which matches the short key ID and inject this key instead of the correct key.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-8614 was patched at 2024-05-15

1447. Security Feature Bypass - APT (CVE-2021-36367) - Medium [389]

Description: {'vulners_cve_data_all': 'PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-36367 was patched at 2024-05-15

1448. Security Feature Bypass - Google Chrome (CVE-2021-30577) - Medium [389]

Description: Insufficient policy enforcement in Installer in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform local privilege escalation via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30577 was patched at 2024-05-15

1449. Security Feature Bypass - OpenSSL (CVE-2017-3733) - Medium [389]

Description: {'vulners_cve_data_all': 'During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-3733 was patched at 2024-05-15

1450. Security Feature Bypass - PHP (CVE-2017-7189) - Medium [389]

Description: {'vulners_cve_data_all': 'main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7189 was patched at 2024-05-15

1451. Elevation of Privilege - Kubernetes (CVE-2017-1000056) - Medium [387]

Description: Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.714Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000056 was patched at 2024-05-15

1452. Arbitrary File Writing - APT (CVE-2008-4987) - Medium [386]

Description: xastir 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the (a) /tmp/ldconfig.tmp, (b) /tmp/ldconf.tmp, and (c) /tmp/ld.so.conf temporary files, related to the (1) get-maptools.sh and (2) get_shapelib.sh scripts.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4987 was patched at 2024-05-15

1453. Authentication Bypass - BIND (CVE-2014-0074) - Medium [386]

Description: Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0074 was patched at 2024-05-15

1454. Authentication Bypass - BIND (CVE-2014-3999) - Medium [386]

Description: The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3999 was patched at 2024-05-15

1455. Authentication Bypass - BIND (CVE-2017-14623) - Medium [386]

Description: {'vulners_cve_data_all': 'In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker may be able to login with an empty password. This issue affects an application using this package if these conditions are met: (1) it relies only on the return error of the Bind function call to determine whether a user is authorized (i.e., a nil return value is interpreted as successful authorization) and (2) it is used with an LDAP server allowing unauthenticated bind.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14623 was patched at 2024-05-15

1456. Denial of Service - Kerberos (CVE-2010-0283) - Medium [386]

Description: The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0283 was patched at 2024-05-15

1457. Denial of Service - Kerberos (CVE-2011-4151) - Medium [386]

Description: The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4151 was patched at 2024-05-15

1458. Denial of Service - Kerberos (CVE-2018-16807) - Medium [386]

Description: In Bro through 2.5.5, there is a memory leak potentially leading to DoS in scripts/base/protocols/krb/main.bro in the Kerberos protocol parser.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16807 was patched at 2024-05-15

1459. Denial of Service - Kerberos (CVE-2018-16853) - Medium [386]

Description: Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experimental. Therefore the Samba Team will not issue security patches for this configuration. Additionally, Samba 4.7.12, 4.8.7 and 4.9.3 have been issued as security releases to prevent building of the AD DC with MIT Kerberos unless --with-experimental-mit-ad-dc is specified to the configure command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16853 was patched at 2024-05-15

1460. Denial of Service - Kerberos (CVE-2019-12175) - Medium [386]

Description: In Zeek Network Security Monitor (formerly known as Bro) before 2.6.2, a NULL pointer dereference in the Kerberos (aka KRB) protocol parser leads to DoS because a case-type index is mishandled.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12175 was patched at 2024-05-15

1461. Denial of Service - Unknown Product (CVE-2003-0108) - Medium [386]

Description: {'vulners_cve_data_all': 'isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] tcpdump - ISAKMP Identification Payload Integer Overflow, [seebug] tcpdump ISAKMP Identification payload Integer Overflow Exploit, [exploitdb] tcpdump - ISAKMP Identification Payload Integer Overflow)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0108 was patched at 2024-05-15

1462. Denial of Service - Unknown Product (CVE-2003-0540) - Medium [386]

Description: {'vulners_cve_data_all': 'The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Postfix 1.1.x - Denial of Service (2), [exploitpack] Postfix 1.1.x - Denial of Service (1), [seebug] Postfix 1.1.x Denial of Service Vulnerabilities (1), [seebug] Postfix 1.1.x Denial of Service Vulnerabilities (2), [exploitdb] Postfix 1.1.x - Denial of Service (1), [exploitdb] Postfix 1.1.x - Denial of Service (2))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0540 was patched at 2024-05-15

1463. Denial of Service - Unknown Product (CVE-2004-0184) - Medium [386]

Description: {'vulners_cve_data_all': 'Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] tcpdump - ISAKMP Identification Payload Integer Overflow, [seebug] tcpdump ISAKMP Identification payload Integer Overflow Exploit, [exploitdb] tcpdump - ISAKMP Identification Payload Integer Overflow)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0184 was patched at 2024-05-15

1464. Denial of Service - Unknown Product (CVE-2004-0230) - Medium [386]

Description: {'vulners_cve_data_all': 'TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0230 was patched at 2024-05-15

1465. Denial of Service - Unknown Product (CVE-2004-0942) - Medium [386]

Description: {'vulners_cve_data_all': 'Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit, [seebug] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit, [packetstorm] slmail5x.txt, [exploitpack] Apache 2.0.52 - GET Denial of Service, [exploitdb] Apache 2.0.52 - GET Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0942 was patched at 2024-05-15

1466. Denial of Service - Unknown Product (CVE-2005-3357) - Medium [386]

Description: {'vulners_cve_data_all': 'mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apache Mod_SSL可定制错误文档拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3357 was patched at 2024-05-15

1467. Denial of Service - Unknown Product (CVE-2006-4334) - Medium [386]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2006-007存在多个安全漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4334 was patched at 2024-05-15

1468. Denial of Service - Unknown Product (CVE-2006-4338) - Medium [386]

Description: {'vulners_cve_data_all': 'unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2006-007存在多个安全漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4338 was patched at 2024-05-15

1469. Denial of Service - Unknown Product (CVE-2007-3126) - Medium [386]

Description: {'vulners_cve_data_all': 'Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MS Windows GDI+ ICO File - Remote Denial of Service Exploit, [seebug] MS Windows GDI+ ICO File Remote Denial of Service Exploit, [exploitpack] Microsoft Windows - GDI+ .ICO File Remote Denial of Service, [exploitdb] Microsoft Windows - GDI+ '.ICO' File Remote Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3126 was patched at 2024-05-15

1470. Denial of Service - Unknown Product (CVE-2007-3764) - Medium [386]

Description: {'vulners_cve_data_all': 'The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Asterisk多个远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3764 was patched at 2024-05-15

1471. Denial of Service - Unknown Product (CVE-2007-3765) - Medium [386]

Description: {'vulners_cve_data_all': 'The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a crafted STUN length attribute in a STUN packet sent on an RTP port.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Asterisk多个远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3765 was patched at 2024-05-15

1472. Denial of Service - Unknown Product (CVE-2007-6341) - Medium [386]

Description: {'vulners_cve_data_all': 'Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Perl Net::DNS DNS应答远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6341 was patched at 2024-05-15

1473. Denial of Service - Unknown Product (CVE-2008-0095) - Medium [386]

Description: {'vulners_cve_data_all': 'The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appliance s800i 1.0.x before 1.0.3.4 allows remote attackers to cause a denial of service (daemon crash) via a BYE message with an Also (Also transfer) header, which triggers a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Asterisk 1.x - BYE Message Remote Denial of Service Vulnerability)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0095 was patched at 2024-05-15

1474. Denial of Service - Unknown Product (CVE-2008-1389) - Medium [386]

Description: {'vulners_cve_data_all': 'libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ClamAV 'chmunpack.c'非法内存访问远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1389 was patched at 2024-05-15

1475. Denial of Service - Unknown Product (CVE-2008-1928) - Medium [386]

Description: {'vulners_cve_data_all': 'Buffer overflow in Imager 0.42 through 0.63 allows attackers to cause a denial of service (crash) via an image based fill in which the number of input channels is different from the number of output channels.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Imager基于图形填充堆溢出漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1928 was patched at 2024-05-15

1476. Denial of Service - Unknown Product (CVE-2008-2109) - Medium [386]

Description: {'vulners_cve_data_all': 'field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service (CPU consumption) via an ID3_FIELD_TYPE_STRINGLIST field that ends in '\\0', which triggers an infinite loop.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] libid3tag拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2109 was patched at 2024-05-15

1477. Denial of Service - Unknown Product (CVE-2008-2713) - Medium [386]

Description: {'vulners_cve_data_all': 'libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ClamAV petite.c无效内存访问绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2713 was patched at 2024-05-15

1478. Denial of Service - Unknown Product (CVE-2008-3215) - Medium [386]

Description: {'vulners_cve_data_all': 'libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ClamAV petite.c无效内存访问绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3215 was patched at 2024-05-15

1479. Denial of Service - Unknown Product (CVE-2008-3350) - Medium [386]

Description: {'vulners_cve_data_all': 'dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Dnsmasq DCHP租期多个远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3350 was patched at 2024-05-15

1480. Denial of Service - Unknown Product (CVE-2008-3912) - Medium [386]

Description: {'vulners_cve_data_all': 'libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ClamAV多个未明内存破坏漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3912 was patched at 2024-05-15

1481. Denial of Service - Unknown Product (CVE-2008-3913) - Medium [386]

Description: {'vulners_cve_data_all': 'Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic".', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ClamAV多个未明内存破坏漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3913 was patched at 2024-05-15

1482. Denial of Service - Unknown Product (CVE-2009-0478) - Medium [386]

Description: {'vulners_cve_data_all': 'Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service Exploit, [seebug] Squid < 3.1 5 HTTP Version Number Parsing Denial of Service Exploit, [seebug] Squid Web代理缓存HTTP版本号解析拒绝服务漏洞, [exploitpack] Squid 3.1 5 - HTTP Version Number Parsing Denial of Service, [packetstorm] Squid Denial Of Service, [exploitdb] Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0478 was patched at 2024-05-15

1483. Denial of Service - Unknown Product (CVE-2009-0661) - Medium [386]

Description: {'vulners_cve_data_all': 'Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote attackers to cause a denial of service (crash) via an IRC PRIVMSG command containing crafted color codes that trigger an out-of-bounds read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] WeeChat IRC消息远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0661 was patched at 2024-05-15

1484. Denial of Service - Unknown Product (CVE-2009-0751) - Medium [386]

Description: {'vulners_cve_data_all': 'Yaws before 1.80 allows remote attackers to cause a denial of service (memory consumption and crash) via a request with a large number of headers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Yaws 1.80 - Multiple Headers Remote Denial of Service Vulnerabilities, [seebug] Yaws < 1.80 (multiple headers) Remote Denial of Service Exploit, [seebug] Yaws < 1.80 (multiple headers) Remote Denial of Service Exploit, [packetstorm] Yaws Denial Of Service, [exploitdb] Yaws < 1.80 - Multiple Headers Remote Denial of Service Vulnerabilities)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0751 was patched at 2024-05-15

1485. Denial of Service - Unknown Product (CVE-2009-1196) - Medium [386]

Description: {'vulners_cve_data_all': 'The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] CUPS调度程序目录服务远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1196 was patched at 2024-05-15

1486. Denial of Service - Unknown Product (CVE-2009-1371) - Medium [386]

Description: {'vulners_cve_data_all': 'The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ClamAV UPack拒绝服务和cli_url_canon()栈溢出漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1371 was patched at 2024-05-15

1487. Denial of Service - Unknown Product (CVE-2009-1374) - Medium [386]

Description: {'vulners_cve_data_all': 'Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Pidgin多个缓冲区溢出漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1374 was patched at 2024-05-15

1488. Denial of Service - Unknown Product (CVE-2009-1889) - Medium [386]

Description: {'vulners_cve_data_all': 'The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets the ICQWebMessage message type as the ICQSMS message type, which allows remote attackers to cause a denial of service (application crash) via a crafted ICQ web message that triggers allocation of a large amount of memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] pidgin特制ICQ Web消息拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1889 was patched at 2024-05-15

1489. Denial of Service - Unknown Product (CVE-2009-1892) - Medium [386]

Description: {'vulners_cve_data_all': 'dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ISC DHCP服务器主机定义远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1892 was patched at 2024-05-15

1490. Denial of Service - Unknown Product (CVE-2009-2703) - Medium [386]

Description: {'vulners_cve_data_all': 'libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Pidgin Libpurple库多个拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2703 was patched at 2024-05-15

1491. Denial of Service - Unknown Product (CVE-2009-3615) - Medium [386]

Description: {'vulners_cve_data_all': 'The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] New pidgin packages fix arbitrary code execution, [seebug] Pidgin OSCAR插件非法内存访问拒绝服务漏洞, [seebug] Adium ICQ消息拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3615 was patched at 2024-05-15

1492. Denial of Service - Unknown Product (CVE-2010-0277) - Medium [386]

Description: {'vulners_cve_data_all': 'slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malformed MSNSLP INVITE request in an SLP message, a different issue than CVE-2010-0013.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Pidgin多个拒绝服务漏洞, [seebug] Pidgin MSN <= 2.6.4 File Download Vulnerability, [packetstorm] Pidgin MSN 2.6.4 File Download, [exploitpack] Pidgin MSN 2.6.4 - File Download, [exploitdb] Pidgin MSN 2.6.4 - File Download)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0277 was patched at 2024-05-15

1493. Denial of Service - Unknown Product (CVE-2010-0292) - Medium [386]

Description: {'vulners_cve_data_all': 'The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony before 1.23.1, and 1.24-pre1, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a spoofed cmdmon packet that triggers a continuous exchange of NOHOSTACCESS messages between two daemons, a related issue to CVE-2009-3563.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] NTP MODE_PRIVATE报文远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0292 was patched at 2024-05-15

1494. Denial of Service - Unknown Product (CVE-2010-0295) - Medium [386]

Description: {'vulners_cve_data_all': 'lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read operation that occurs for a request, which allows remote attackers to cause a denial of service (memory consumption) by breaking a request into small pieces that are sent at a slow rate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] lighttpd畸形HTTP请求远程拒绝服务漏洞, [seebug] lighttpd < 1.4.25-r1 Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0295 was patched at 2024-05-15

1495. Denial of Service - Unknown Product (CVE-2010-0423) - Medium [386]

Description: {'vulners_cve_data_all': 'gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Pidgin多个拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0423 was patched at 2024-05-15

1496. Denial of Service - Unknown Product (CVE-2010-0639) - Medium [386]

Description: {'vulners_cve_data_all': 'The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets to the HTCP port.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Squid Web代理缓存HTCP请求远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0639 was patched at 2024-05-15

1497. Denial of Service - Unknown Product (CVE-2011-4362) - Medium [386]

Description: {'vulners_cve_data_all': 'Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] lighttpd Denial of Service Vulnerability PoC, [seebug] Lighttpd 1.4.30 / 1.5 Denial Of Service, [seebug] Lighttpd Proof of Concept code for CVE-2011-4362, [seebug] lighttpd mod_auth模块base64 拒绝服务漏洞, [exploitpack] lighttpd - Denial of Service (PoC), [exploitdb] lighttpd - Denial of Service (PoC))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4362 was patched at 2024-05-15

1498. Denial of Service - Unknown Product (CVE-2011-4603) - Medium [386]

Description: {'vulners_cve_data_all': 'The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Pidgin "silc_private_message()"拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4603 was patched at 2024-05-15

1499. Denial of Service - Unknown Product (CVE-2012-2098) - Medium [386]

Description: {'vulners_cve_data_all': 'Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apache Commons Compress和Apache Ant拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2098 was patched at 2024-05-15

1500. Denial of Service - Unknown Product (CVE-2012-3443) - Medium [386]

Description: {'vulners_cve_data_all': 'The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Django跨站脚本执行和两个拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3443 was patched at 2024-05-15

1501. Denial of Service - Unknown Product (CVE-2012-3444) - Medium [386]

Description: {'vulners_cve_data_all': 'The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Django跨站脚本执行和两个拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3444 was patched at 2024-05-15

1502. Denial of Service - Unknown Product (CVE-2012-5533) - Medium [386]

Description: {'vulners_cve_data_all': 'The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] lighttpd畸形HTTP Connection域处理拒绝服务漏洞, [seebug] lighttpd 1.4.31 Denial of Service PoC, [exploitpack] lighttpd 1.4.31 - Denial of Service (PoC), [packetstorm] Simple Lighttpd 1.4.31 Denial Of Service, [exploitdb] lighttpd 1.4.31 - Denial of Service (PoC))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5533 was patched at 2024-05-15

1503. Denial of Service - Unknown Product (CVE-2013-0189) - Medium [386]

Description: {'vulners_cve_data_all': 'cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and other versions, allows remote attackers to cause a denial of service (resource consumption) via a crafted request. NOTE: this issue is due to an incorrect fix for CVE-2012-5643, possibly involving an incorrect order of arguments or incorrect comparison.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Squid 'cachemgr.cgi'不完整修复远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0189 was patched at 2024-05-15

1504. Denial of Service - Unknown Product (CVE-2013-0306) - Medium [386]

Description: {'vulners_cve_data_all': 'The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service (memory consumption) or trigger server errors via a modified max_num parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Django 1.3/1.4 拒绝服务和信息泄露漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0306 was patched at 2024-05-15

1505. Denial of Service - Unknown Product (CVE-2013-2494) - Medium [386]

Description: {'vulners_cve_data_all': 'libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ISC BIND 9 'libdns' 远程拒绝服务漏洞(CVE-2013-2266))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2494 was patched at 2024-05-15

1506. Denial of Service - Unknown Product (CVE-2014-0333) - Medium [386]

Description: {'vulners_cve_data_all': 'The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an IDAT chunk with a length of zero.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] libpng拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0333 was patched at 2024-05-15

1507. Denial of Service - Unknown Product (CVE-2021-29060) - Medium [386]

Description: {'vulners_cve_data_all': 'A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29060 was patched at 2024-05-15

1508. Denial of Service - Unknown Product (CVE-2024-21503) - Medium [386]

Description: {'vulners_cve_data_all': 'Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service.\r\rExploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-21503 was patched at 2024-05-15

1509. Incorrect Calculation - Unknown Product (CVE-2006-3464) - Medium [386]

Description: {'vulners_cve_data_all': 'TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations".', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Libtiff图形库多个安全漏洞)
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3464 was patched at 2024-05-15

1510. Incorrect Calculation - Unknown Product (CVE-2012-5340) - Medium [386]

Description: {'vulners_cve_data_all': 'SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] SumatraPDF 2.1.1/MuPDF 1.0 Integer Overflow, [exploitpack] SumatraPDF 2.1.1MuPDF 1.0 - Integer Overflow, [exploitdb] SumatraPDF 2.1.1/MuPDF 1.0 - Integer Overflow)
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5340 was patched at 2024-05-15

1511. Information Disclosure - Unknown Product (CVE-2008-3962) - Medium [386]

Description: {'vulners_cve_data_all': 'The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain configurations, uses uninitialized memory for the From: field of an e-mail message, which might allow remote attackers to obtain sensitive information (memory contents) in opportunistic circumstances by reading a message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] sSMTP 'from_format()'未初始化内存信息泄漏漏洞)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3962 was patched at 2024-05-15

1512. Information Disclosure - Unknown Product (CVE-2021-31153) - Medium [386]

Description: {'vulners_cve_data_all': 'please before 0.4 allows a local unprivileged attacker to gain knowledge about the existence of files or directories in privileged locations via the search_path function, the --check option, or the -d option.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31153 was patched at 2024-05-15

1513. Memory Corruption - Unknown Product (CVE-2008-1289) - Medium [386]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3, Open Source 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6.1, AsteriskNOW 1.0.x before 1.0.2, Appliance Developer Kit before 1.4 revision 109386, and s800i 1.1.x before 1.1.0.2 allow remote attackers to (1) write a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c; or (2) write certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Asterisk RTP Codec负载处理多个溢出漏洞)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1289 was patched at 2024-05-15

1514. Memory Corruption - Unknown Product (CVE-2017-20006) - Medium [386]

Description: {'vulners_cve_data_all': 'UnRAR 5.6.1.2 and 5.6.1.3 has a heap-based buffer overflow in Unpack::CopyString (called from Unpack::Unpack5 and CmdExtract::ExtractCurrentFile).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-20006 was patched at 2024-05-15

1515. Memory Corruption - Unknown Product (CVE-2017-9445) - Medium [386]

Description: {'vulners_cve_data_all': 'In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] systemd CVE-2017-9445 Out-Of-Bounds Write Remote Code Execution Vulnerability)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9445 was patched at 2024-05-15

1516. Memory Corruption - Unknown Product (CVE-2018-16742) - Medium [386]

Description: {'vulners_cve_data_all': 'An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] mgetty 1.2.0 Buffer Overflow / Privilege Escalation Vulnerabilities)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16742 was patched at 2024-05-15

1517. Memory Corruption - Unknown Product (CVE-2018-16743) - Medium [386]

Description: {'vulners_cve_data_all': 'An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] mgetty 1.2.0 Buffer Overflow / Privilege Escalation Vulnerabilities)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16743 was patched at 2024-05-15

1518. Memory Corruption - Unknown Product (CVE-2018-16745) - Medium [386]

Description: {'vulners_cve_data_all': 'An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] mgetty 1.2.0 Buffer Overflow / Privilege Escalation Vulnerabilities)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16745 was patched at 2024-05-15

1519. Memory Corruption - Unknown Product (CVE-2018-25018) - Medium [386]

Description: {'vulners_cve_data_all': 'UnRAR 5.6.1.7 through 5.7.4 and 6.0.3 has an out-of-bounds write during a memcpy in QuickOpen::ReadRaw when called from QuickOpen::ReadNext.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-25018 was patched at 2024-05-15

1520. Memory Corruption - Unknown Product (CVE-2019-16226) - Medium [386]

Description: {'vulners_cve_data_all': 'An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16226 was patched at 2024-05-15

1521. Memory Corruption - Unknown Product (CVE-2019-25050) - Medium [386]

Description: {'vulners_cve_data_all': 'netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-25050 was patched at 2024-05-15

1522. Memory Corruption - Unknown Product (CVE-2020-19752) - Medium [386]

Description: {'vulners_cve_data_all': 'The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-19752 was patched at 2024-05-15

1523. Memory Corruption - Unknown Product (CVE-2020-36280) - Medium [386]

Description: {'vulners_cve_data_all': 'Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36280 was patched at 2024-05-15

1524. Memory Corruption - Unknown Product (CVE-2020-36401) - Medium [386]

Description: {'vulners_cve_data_all': 'mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36401 was patched at 2024-05-15

1525. Memory Corruption - Unknown Product (CVE-2021-28216) - Medium [386]

Description: {'vulners_cve_data_all': 'BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28216 was patched at 2024-05-15

1526. Memory Corruption - Unknown Product (CVE-2021-32286) - Medium [386]

Description: {'vulners_cve_data_all': 'An issue was discovered in hcxtools through 6.1.6. A global-buffer-overflow exists in the function pcapngoptionwalk located in hcxpcapngtool.c. It allows an attacker to cause code Execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32286 was patched at 2024-05-15

1527. Memory Corruption - Unknown Product (CVE-2021-42704) - Medium [386]

Description: {'vulners_cve_data_all': 'Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42704 was patched at 2024-05-15

1528. Memory Corruption - Unknown Product (CVE-2023-4235) - Medium [386]

Description: {'vulners_cve_data_all': 'A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver_report().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-4235 was patched at 2024-05-15

1529. Path Traversal - Unknown Product (CVE-2009-3583) - Medium [386]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] SQL-Ledger ERP多个输入验证和绕过安全限制漏洞, [packetstorm] SQL-Ledger XSS / XSRF / SQL Injection / LFI)
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3583 was patched at 2024-05-15

1530. Path Traversal - Unknown Product (CVE-2021-32746) - Medium [386]

Description: {'vulners_cve_data_all': 'Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Between versions 2.3.0 and 2.8.2, the `doc` module of Icinga Web 2 allows to view documentation directly in the UI. It must be enabled manually by an administrator and users need explicit access permission to use it. Then, by visiting a certain route, it is possible to gain access to arbitrary files readable by the web-server user. The issue has been fixed in the 2.9.0, 2.8.3, and 2.7.5 releases. As a workaround, an administrator may disable the `doc` module or revoke permission to use it from all users.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32746 was patched at 2024-05-15

1531. Path Traversal - Unknown Product (CVE-2023-7207) - Medium [386]

Description: {'vulners_cve_data_all': 'Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Zimbra Collaboration Suite TAR Path Traversal Exploit, [packetstorm] Zimbra Collaboration Suite TAR Path Traversal, [metasploit] TAR Path Traversal in Zimbra (CVE-2022-41352))
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-7207 was patched at 2024-05-15

ubuntu: CVE-2023-7207 was patched at 2024-04-29

1532. Elevation of Privilege - Linux Kernel (CVE-2022-2961) - Medium [385]

Description: A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2961 was patched at 2024-05-15

1533. Remote Code Execution - ImageMagick (CVE-2007-0770) - Medium [385]

Description: Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0770 was patched at 2024-05-15

1534. Remote Code Execution - Jetty (CVE-2022-41678) - Medium [385]

Description: Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution.  In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest can be invoked through refection. This could lead to RCE through via various mbeans. One example is unrestricted deserialization in jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Jetty is a Java based web server and servlet engine
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-41678 was patched at 2024-05-15

1535. Remote Code Execution - Perl (CVE-2007-0002) - Medium [385]

Description: Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0002 was patched at 2024-05-15

1536. Remote Code Execution - Perl (CVE-2008-1109) - Medium [385]

Description: Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1109 was patched at 2024-05-15

1537. Remote Code Execution - Perl (CVE-2008-3971) - Medium [385]

Description: Heap-based buffer overflow in the open_man_file function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion. NOTE: another overflow was reported using a configuration file, but that vector does not have a scenario that crosses privilege boundaries.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3971 was patched at 2024-05-15

1538. Remote Code Execution - Python (CVE-2024-23346) - Medium [385]

Description: Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23346 was patched at 2024-05-15

1539. Remote Code Execution - Redis (CVE-2021-29478) - Medium [385]

Description: Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29478 was patched at 2024-05-15

1540. Remote Code Execution - Redis (CVE-2021-32625) - Medium [385]

Description: Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32625 was patched at 2024-05-15

1541. Remote Code Execution - Wireshark (CVE-2014-4174) - Medium [385]

Description: wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file that includes a large packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4174 was patched at 2024-05-15

1542. Unknown Vulnerability Type - Perl (CVE-2008-1804) - Medium [385]

Description: {'vulners_cve_data_all': 'preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Snort碎片重组TTL值导致漏报漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1804 was patched at 2024-05-15

1543. Unknown Vulnerability Type - Perl (CVE-2009-0667) - Medium [385]

Description: {'vulners_cve_data_all': 'Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OCS Inventory NG代理Backend.pm Perl模块处理代码执行漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0667 was patched at 2024-05-15

1544. Unknown Vulnerability Type - Perl (CVE-2010-1192) - Medium [385]

Description: {'vulners_cve_data_all': 'libESMTP, probably 1.0.4 and earlier, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Mozilla Firefox NULL字符CA SSL证书验证安全绕过漏洞, [seebug] Randombit Botan Library X509 Certificate Validation Bypass Vulnerability(CVE-2017-2801), [seebug] mozilla-thunderbird多个安全漏洞, [exploitdb] Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1192 was patched at 2024-05-15

1545. Unknown Vulnerability Type - Perl (CVE-2011-0447) - Medium [385]

Description: {'vulners_cve_data_all': 'Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged (1) AJAX or (2) API requests that leverage "combinations of browser plugins and HTTP redirects," a related issue to CVE-2011-0696.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Ruby on Rails跨站脚本执行及跨站请求伪造漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0447 was patched at 2024-05-15

1546. Unknown Vulnerability Type - Perl (CVE-2011-0696) - Medium [385]

Description: {'vulners_cve_data_all': 'Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via forged AJAX requests that leverage a "combination of browser plugins and redirects," a related issue to CVE-2011-0447.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Ruby on Rails跨站脚本执行及跨站请求伪造漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0696 was patched at 2024-05-15

1547. Unknown Vulnerability Type - Perl (CVE-2011-2507) - Medium [385]

Description: {'vulners_cve_data_all': 'libraries/server_synchronize.lib.php in the Synchronize implementation in phpMyAdmin 3.x before 3.3.10.2 and 3.4.x before 3.4.3.1 does not properly quote regular expressions, which allows remote authenticated users to inject a PCRE e (aka PREG_REPLACE_EVAL) modifier, and consequently execute arbitrary PHP code, by leveraging the ability to modify the SESSION superglobal array.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([dsquare] Phpmyadmin 3.x RCE, [seebug] phpMyAdmin 3.x 多个安全漏洞, [seebug] phpMyAdmin 3.x Multiple Remote Code Executions, [packetstorm] phpMyAdmin 3.x Remote Code Execution)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2507 was patched at 2024-05-15

1548. Arbitrary File Writing - Unknown Product (CVE-2005-3011) - Medium [383]

Description: {'vulners_cve_data_all': 'The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2007-005多个安全漏洞)
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3011 was patched at 2024-05-15

1549. Cross Site Scripting - PHP (CVE-2007-2865) - Medium [383]

Description: Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2865 was patched at 2024-05-15

1550. Remote Code Execution - PHP (CVE-2008-5621) - Medium [383]

Description: Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tbl_structure.php with a modified table parameter. NOTE: other unspecified pages are also reachable, but they have the same root cause. NOTE: this can be leveraged to conduct SQL injection attacks and execute arbitrary code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5621 was patched at 2024-05-15

1551. Unknown Vulnerability Type - OpenSSH (CVE-2007-2768) - Medium [383]

Description: {'vulners_cve_data_all': 'OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwords (OTP), a similar issue to CVE-2007-2243.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] OpenSSH s/key Weakness)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2768 was patched at 2024-05-15

1552. Unknown Vulnerability Type - OpenSSL (CVE-2009-0050) - Medium [383]

Description: {'vulners_cve_data_all': 'Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenSSL 'EVP_VerifyFinal'函数签名验证漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0050 was patched at 2024-05-15

1553. Unknown Vulnerability Type - PHP (CVE-2005-3348) - Medium [383]

Description: {'vulners_cve_data_all': 'HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Hardened-PHP Project Security Advisory 2005-21.81)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3348 was patched at 2024-05-15

1554. Unknown Vulnerability Type - PHP (CVE-2016-10148) - Medium [383]

Description: {'vulners_cve_data_all': 'The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([metasploit] WordPress Traversal Directory DoS, [exploitpack] WordPress 4.5.3 - Directory Traversal Denial of Service, [zdt] WordPress 4.5.3 - Directory Traversal / Denial of Service, [exploitdb] WordPress Core 4.5.3 - Directory Traversal / Denial of Service)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10148 was patched at 2024-05-15

1555. Unknown Vulnerability Type - PHP (CVE-2017-5930) - Medium [383]

Description: {'vulners_cve_data_all': 'The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins to delete protected aliases via the delete parameter to delete.php, involving a missing permission check.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild1.018Exploitation in the wild is mentioned on Vulners (AttackerKB object) website
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 2.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5930 was patched at 2024-05-15

1556. Unknown Vulnerability Type - Safari (CVE-2009-1681) - Medium [383]

Description: {'vulners_cve_data_all': 'WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1681 was patched at 2024-05-15

1557. Unknown Vulnerability Type - Safari (CVE-2009-1700) - Medium [383]

Description: {'vulners_cve_data_all': 'The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1700 was patched at 2024-05-15

1558. Authentication Bypass - Perl (CVE-2009-3232) - Medium [382]

Description: pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3232 was patched at 2024-05-15

1559. Security Feature Bypass - Linux Kernel (CVE-2021-46911) - Medium [382]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nch_ktls: Fix kernel panic\n\nTaking page refcount is not ideal and causes kernel panic\nsometimes. It's better to take tx_ctx lock for the complete\nskb transmit, to avoid page cleanup if ACK received in middle.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46911 was patched at 2024-05-15

redos: CVE-2021-46911 was patched at 2024-04-18

1560. Security Feature Bypass - Linux Kernel (CVE-2021-46913) - Medium [382]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nftables: clone set element expression template\n\nmemcpy() breaks when using connlimit in set elements. Use\nnft_expr_clone() to initialize the connlimit expression list, otherwise\nconnlimit garbage collector crashes when walking on the list head copy.\n\n[ 493.064656] Workqueue: events_power_efficient nft_rhash_gc [nf_tables]\n[ 493.064685] RIP: 0010:find_or_evict+0x5a/0x90 [nf_conncount]\n[ 493.064694] Code: 2b 43 40 83 f8 01 77 0d 48 c7 c0 f5 ff ff ff 44 39 63 3c 75 df 83 6d 18 01 48 8b 43 08 48 89 de 48 8b 13 48 8b 3d ee 2f 00 00 <48> 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 48 89 03 48 83\n[ 493.064699] RSP: 0018:ffffc90000417dc0 EFLAGS: 00010297\n[ 493.064704] RAX: 0000000000000000 RBX: ffff888134f38410 RCX: 0000000000000000\n[ 493.064708] RDX: 0000000000000000 RSI: ffff888134f38410 RDI: ffff888100060cc0\n[ 493.064711] RBP: ffff88812ce594a8 R08: ffff888134f38438 R09: 00000000ebb9025c\n[ 493.064714] R10: ffffffff8219f838 R11: 0000000000000017 R12: 0000000000000001\n[ 493.064718] R13: ffffffff82146740 R14: ffff888134f38410 R15: 0000000000000000\n[ 493.064721] FS: 0000000000000000(0000) GS:ffff88840e440000(0000) knlGS:0000000000000000\n[ 493.064725] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 493.064729] CR2: 0000000000000008 CR3: 00000001330aa002 CR4: 00000000001706e0\n[ 493.064733] Call Trace:\n[ 493.064737] nf_conncount_gc_list+0x8f/0x150 [nf_conncount]\n[ 493.064746] nft_rhash_gc+0x106/0x390 [nf_tables]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46913 was patched at 2024-05-15

redos: CVE-2021-46913 was patched at 2024-04-18

1561. Security Feature Bypass - Linux Kernel (CVE-2021-46919) - Medium [382]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix wq size store permission state\n\nWQ size can only be changed when the device is disabled. Current code\nallows change when device is enabled but wq is disabled. Change the check\nto detect device state.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46919 was patched at 2024-05-15

redos: CVE-2021-46919 was patched at 2024-04-18

1562. Security Feature Bypass - Linux Kernel (CVE-2021-46920) - Medium [382]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback\n\nCurrent code blindly writes over the SWERR and the OVERFLOW bits. Write\nback the bits actually read instead so the driver avoids clobbering the\nOVERFLOW bit that comes after the register is read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46920 was patched at 2024-05-15

redos: CVE-2021-46920 was patched at 2024-04-18

1563. Security Feature Bypass - Linux Kernel (CVE-2023-0615) - Medium [382]

Description: {'vulners_cve_data_all': 'A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0615 was patched at 2024-05-15

1564. Security Feature Bypass - Linux Kernel (CVE-2024-26603) - Medium [382]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/fpu: Stop relying on userspace for info to fault in xsave buffer\n\nBefore this change, the expected size of the user space buffer was\ntaken from fx_sw->xstate_size. fx_sw->xstate_size can be changed\nfrom user-space, so it is possible construct a sigreturn frame where:\n\n * fx_sw->xstate_size is smaller than the size required by valid bits in\n fx_sw->xfeatures.\n * user-space unmaps parts of the sigrame fpu buffer so that not all of\n the buffer required by xrstor is accessible.\n\nIn this case, xrstor tries to restore and accesses the unmapped area\nwhich results in a fault. But fault_in_readable succeeds because buf +\nfx_sw->xstate_size is within the still mapped area, so it goes back and\ntries xrstor again. It will spin in this loop forever.\n\nInstead, fault in the maximum size which can be touched by XRSTOR (taken\nfrom fpstate->user_size).\n\n[ dhansen: tweak subject / changelog ]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26603 was patched at 2024-06-05

debian: CVE-2024-26603 was patched at 2024-05-15

oraclelinux: CVE-2024-26603 was patched at 2024-06-05

redhat: CVE-2024-26603 was patched at 2024-06-05

ubuntu: CVE-2024-26603 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

1565. Information Disclosure - Linux Kernel (CVE-2023-6240) - Medium [381]

Description: {'vulners_cve_data_all': 'A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-6240 was patched at 2024-06-05

debian: CVE-2023-6240 was patched at 2024-05-15

oraclelinux: CVE-2023-6240 was patched at 2024-05-08, 2024-06-05

redhat: CVE-2023-6240 was patched at 2024-04-18, 2024-05-28, 2024-06-05

1566. Information Disclosure - Linux Kernel (CVE-2024-0564) - Medium [381]

Description: {'vulners_cve_data_all': 'A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's "max page share". Through these operations, the attacker can leak the victim's page.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-0564 was patched at 2024-05-15

1567. Command Injection - Python (CVE-2020-13124) - Medium [380]

Description: SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13124 was patched at 2024-05-15

1568. Cross Site Scripting - Unknown Product (CVE-2009-0359) - Medium [380]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Samizdat 0.6.1 Cross Site Scripting)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0359 was patched at 2024-05-15

1569. Cross Site Scripting - Unknown Product (CVE-2009-3581) - Medium [380]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts Payable menu item for Add Transaction, or the name field in (3) the Customers menu item for Add Customer or (4) the Vendor menu item for Add Vendor.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] SQL-Ledger ERP多个输入验证和绕过安全限制漏洞, [packetstorm] SQL-Ledger XSS / XSRF / SQL Injection / LFI)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3581 was patched at 2024-05-15

1570. Cross Site Scripting - Unknown Product (CVE-2011-1058) - Medium [380]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) parser in parser/text_rst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Moinmoin Cross Site Scripting)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1058 was patched at 2024-05-15

1571. Cross Site Scripting - Unknown Product (CVE-2011-1401) - Medium [380]

Description: {'vulners_cve_data_all': 'ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber plugin is enabled during processing of the "meta stylesheet" directive, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences in (1) the default stylesheet or (2) an alternate stylesheet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ikiwiki 'htmlscrubber'插件跨站脚本漏洞)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1401 was patched at 2024-05-15

1572. Cross Site Scripting - Unknown Product (CVE-2012-4037) - Medium [380]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Transmission BitTorrent Cross Site Scripting)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4037 was patched at 2024-05-15

1573. Remote Code Execution - Cacti (CVE-2017-12065) - Medium [380]

Description: spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12065 was patched at 2024-05-15

1574. Remote Code Execution - TLS (CVE-2016-1000030) - Medium [380]

Description: Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514TLS
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1000030 was patched at 2024-05-15

1575. Remote Code Execution - TLS (CVE-2019-11873) - Medium [380]

Description: wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length, total extensions length, PSK extension length, total identity length, and identity length contain their maximum value which is 2^16. The identity data field of the PSK extension of the packet contains the attack data, to be stored in the undefined memory (RAM) of the server. The size of the data is about 65 kB. Possibly the attacker can perform a remote code execution attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514TLS
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11873 was patched at 2024-05-15

1576. Security Feature Bypass - Unknown Product (CVE-2013-7426) - Medium [380]

Description: {'vulners_cve_data_all': 'Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7426 was patched at 2024-05-15

1577. Unknown Vulnerability Type - Cacti (CVE-2023-37543) - Medium [380]

Description: {'vulners_cve_data_all': 'Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-37543 was patched at 2024-05-15

1578. Unknown Vulnerability Type - GDI (CVE-2005-0116) - Medium [380]

Description: {'vulners_cve_data_all': 'AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] AWStats configdir Remote Command Execution, [saint] AWStats configdir parameter command execution, [saint] AWStats configdir parameter command execution, [saint] AWStats configdir parameter command execution, [saint] AWStats configdir parameter command execution)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514GDI
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0116 was patched at 2024-05-15

1579. Unknown Vulnerability Type - HID (CVE-2008-1926) - Medium [380]

Description: {'vulners_cve_data_all': 'Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the login name, aka "audit log injection."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] util-linux-ng登录远程日志注入漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514HID
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1926 was patched at 2024-05-15

1580. Unknown Vulnerability Type - HID (CVE-2021-27211) - Medium [380]

Description: {'vulners_cve_data_all': 'steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) in Steghide Project Steghide)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514HID
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-27211 was patched at 2024-05-15

1581. Unknown Vulnerability Type - TLS (CVE-2022-38152) - Medium [380]

Description: {'vulners_cve_data_all': 'An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL's compatibility layer and is not enabled by default. It is not part of wolfSSL's native API.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] wolfSSL 5.5.0 Session Resumption Denial Of Service Vulnerability)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-38152 was patched at 2024-05-15

1582. Security Feature Bypass - Bouncy Castle (CVE-2018-1000613) - Medium [379]

Description: {'vulners_cve_data_all': 'Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Bouncy Castle is a collection of APIs used in cryptography
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000613 was patched at 2024-05-15

1583. Remote Code Execution - FFmpeg (CVE-2011-3362) - Medium [378]

Description: Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3362 was patched at 2024-05-15

1584. Remote Code Execution - FFmpeg (CVE-2011-3929) - Medium [378]

Description: The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3929 was patched at 2024-05-15

1585. Remote Code Execution - FFmpeg (CVE-2011-3947) - Medium [378]

Description: Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MJPEG-B file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3947 was patched at 2024-05-15

1586. Remote Code Execution - FFmpeg (CVE-2011-3951) - Medium [378]

Description: The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3951 was patched at 2024-05-15

1587. Remote Code Execution - FFmpeg (CVE-2011-3952) - Medium [378]

Description: The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large palette size in a KMVC encoded file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3952 was patched at 2024-05-15

1588. Remote Code Execution - FFmpeg (CVE-2011-4364) - Medium [378]

Description: Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9 and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VMD file, related to corrupted streams.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4364 was patched at 2024-05-15

1589. Remote Code Execution - FFmpeg (CVE-2012-0851) - Medium [378]

Description: The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted H.264 file, related to the chroma_format_idc value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0851 was patched at 2024-05-15

1590. Remote Code Execution - FFmpeg (CVE-2012-0852) - Medium [378]

Description: The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg before 0.9.1 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an ADPCM file with the number of channels not equal to two.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0852 was patched at 2024-05-15

1591. Remote Code Execution - FFmpeg (CVE-2012-0853) - Medium [378]

Description: The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in libavcodec in FFmpeg 0.7.x before 0.7.12, and 0.8.x before 0.8.11; and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (infinite loop and crash) and possibly execute arbitrary code via a large component count in an Atrac 3 file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0853 was patched at 2024-05-15

1592. Remote Code Execution - FFmpeg (CVE-2012-0858) - Medium [378]

Description: The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Shorten file, related to an "invalid free".

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0858 was patched at 2024-05-15

1593. Remote Code Execution - MediaWiki (CVE-2013-2114) - Medium [378]

Description: Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2114 was patched at 2024-05-15

1594. Remote Code Execution - QEMU (CVE-2007-5729) - Medium [378]

Description: The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" heap overflow. NOTE: some sources have used CVE-2007-1321 to refer to this issue as part of "NE2000 network driver and the socket code," but this is the correct identifier for the mtu overflow vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5729 was patched at 2024-05-15

1595. Remote Code Execution - QEMU (CVE-2020-35506) - Medium [378]

Description: A use-after-free vulnerability was found in the am53c974 SCSI host bus adapter emulation of QEMU in versions before 6.0.0 during the handling of the 'Information Transfer' command (CMD_TI). This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service or potential code execution with the privileges of the QEMU process.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35506 was patched at 2024-05-15

1596. Remote Code Execution - iOS (CVE-2011-2903) - Medium [378]

Description: Heap-based buffer overflow in tcptrack before 1.4.2 might allow attackers to execute arbitrary code via a long command line argument. NOTE: this is only a vulnerability in limited scenarios in which tcptrack is "configured as a handler for other applications." This issue might not qualify for inclusion in CVE.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2903 was patched at 2024-05-15

1597. Unknown Vulnerability Type - Apache Tomcat (CVE-2024-21733) - Medium [378]

Description: {'vulners_cve_data_all': 'Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.\n\nUsers are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Apache Tomcat 8.5.63 / 9.0.43 HTTP Response Smuggling, [zdt] Apache Tomcat 8.5.63 / 9.0.43 HTTP Response Smuggling Vulnerability)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-21733 was patched at 2024-05-15

1598. Unknown Vulnerability Type - MediaWiki (CVE-2010-1189) - Medium [378]

Description: {'vulners_cve_data_all': 'MediaWiki before 1.15.2 does not prevent wiki editors from linking to images from other web sites in wiki pages, which allows editors to obtain IP addresses and other information of wiki users by adding a link to an image on an attacker-controlled web site, aka "CSS validation issue."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MediaWiki >= 1.5 CSS验证信息泄露漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1189 was patched at 2024-05-15

1599. Unknown Vulnerability Type - vim (CVE-2002-1377) - Medium [378]

Description: {'vulners_cve_data_all': 'vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Vim 8.1.1365 Neovim 0.3.6 - Arbitrary Code Execution, [exploitdb] Vim < 8.1.1365 / Neovim < 0.3.6 - Arbitrary Code Execution)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Vim is a free and open-source, screen-based text editor program
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1377 was patched at 2024-05-15

1600. Command Injection - Node.js (CVE-2023-28155) - Medium [377]

Description: The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-28155 was patched at 2024-05-15

1601. Command Injection - RPC (CVE-2013-0235) - Medium [377]

Description: The XMLRPC API in WordPress before 3.5.1 allows remote attackers to send HTTP requests to intranet servers, and conduct port-scanning attacks, by specifying a crafted source URL for a pingback, related to a Server-Side Request Forgery (SSRF) issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0235 was patched at 2024-05-15

1602. Denial of Service - PHP (CVE-2008-6767) - Medium [377]

Description: wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6767 was patched at 2024-05-15

1603. Denial of Service - Safari (CVE-2017-17821) - Medium [377]

Description: WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17821 was patched at 2024-05-15

1604. Security Feature Bypass - Google Chrome (CVE-2021-30580) - Medium [377]

Description: Insufficient policy enforcement in Android intents in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious application to obtain potentially sensitive information via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30580 was patched at 2024-05-15

1605. Security Feature Bypass - Google Chrome (CVE-2021-30582) - Medium [377]

Description: Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30582 was patched at 2024-05-15

1606. Security Feature Bypass - Google Chrome (CVE-2021-30583) - Medium [377]

Description: Insufficient policy enforcement in image handling in iOS in Google Chrome on iOS prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30583 was patched at 2024-05-15

1607. Security Feature Bypass - Samba (CVE-2018-16857) - Medium [377]

Description: {'vulners_cve_data_all': 'Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16857 was patched at 2024-05-15

1608. Arbitrary File Reading - PHP (CVE-2008-0194) - Medium [376]

Description: Directory traversal vulnerability in wp-db-backup.php in WordPress 2.0.3 and earlier allows remote attackers to read arbitrary files, delete arbitrary files, and cause a denial of service via a .. (dot dot) in the backup parameter in a wp-db-backup.php action to wp-admin/edit.php. NOTE: this might be the same as CVE-2006-5705.1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0194 was patched at 2024-05-15

1609. Information Disclosure - APT (CVE-2023-50781) - Medium [376]

Description: {'vulners_cve_data_all': 'A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50781 was patched at 2024-05-15

redos: CVE-2023-50781 was patched at 2024-05-21

1610. Information Disclosure - Netty (CVE-2015-2156) - Medium [376]

Description: Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Netty is a non-blocking I/O client-server framework for the development of Java network applications such as protocol servers and clients
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2156 was patched at 2024-05-15

1611. Information Disclosure - Node.js (CVE-2021-32050) - Medium [376]

Description: {'vulners_cve_data_all': 'Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed.\n\nWithout due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default).\n\nThis issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0).\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32050 was patched at 2024-05-15

1612. Unknown Vulnerability Type - Git (CVE-2022-1996) - Medium [376]

Description: {'vulners_cve_data_all': 'Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1996 was patched at 2024-05-15

1613. Unknown Vulnerability Type - Linux Kernel (CVE-2013-1958) - Medium [376]

Description: {'vulners_cve_data_all': 'The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Linux内核scm_check_creds安全绕过漏洞(CVE-2013-1958))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1958 was patched at 2024-05-15

1614. Authentication Bypass - iOS (CVE-2019-5061) - Medium [375]

Description: {'vulners_cve_data_all': 'An exploitable denial-of-service vulnerability exists in the hostapd 2.6, where an attacker could trigger AP to send IAPP location updates for stations, before the required authentication process has completed. This could lead to different denial of service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby Aps of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5061 was patched at 2024-05-15

1615. Denial of Service - Kerberos (CVE-2018-5710) - Medium [375]

Description: An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-5710 was patched at 2024-05-15

1616. Denial of Service - Unknown Product (CVE-2007-6718) - Medium [375]

Description: {'vulners_cve_data_all': 'MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of service (SIGSEGV and application crash) via (1) a malformed MP3 file, as demonstrated by lol-mplayer.mp3; (2) a malformed Ogg Vorbis file, as demonstrated by lol-mplayer.ogg; (3) a malformed MPEG-1 file, as demonstrated by lol-mplayer.mpg; (4) a malformed MPEG-2 file, as demonstrated by lol-mplayer.m2v; (5) a malformed MPEG-4 AVI file, as demonstrated by lol-mplayer.avi; (6) a malformed FLAC file, as demonstrated by lol-mplayer.flac; (7) a malformed Ogg Theora file, as demonstrated by lol-mplayer.ogm; (8) a malformed WMV file, as demonstrated by lol-mplayer.wmv; or (9) a malformed AAC file, as demonstrated by lol-mplayer.aac. NOTE: vector 5 might overlap CVE-2007-4938, and vector 6 might overlap CVE-2008-0486.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MPlayer demux_audio.c远程栈溢出漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6718 was patched at 2024-05-15

1617. Denial of Service - Unknown Product (CVE-2008-1387) - Medium [375]

Description: {'vulners_cve_data_all': 'ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ClamAV ARJ文件解析拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1387 was patched at 2024-05-15

1618. Denial of Service - Unknown Product (CVE-2008-1531) - Medium [375]

Description: {'vulners_cve_data_all': 'The connection_state_machine function (connections.c) in lighttpd 1.4.19 and earlier, and 1.5.x before 1.5.0, allows remote attackers to cause a denial of service (active SSL connection loss) by triggering an SSL error, such as disconnecting before a download has finished, which causes all active SSL connections to be lost.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Lighttpd SSL错误拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1531 was patched at 2024-05-15

1619. Denial of Service - Unknown Product (CVE-2008-1897) - Medium [375]

Description: {'vulners_cve_data_all': 'The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, 1.2.x before 1.2.28, and 1.4.x before 1.4.19.1; Business Edition A.x.x, B.x.x before B.2.5.2, and C.x.x before C.1.8.1; AsteriskNOW before 1.0.3; Appliance Developer Kit 0.x.x; and s800i before 1.1.0.3, when configured to allow unauthenticated calls, does not verify that an ACK response contains a call number matching the server's reply to a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed ACK response that does not complete a 3-way handshake. NOTE: this issue exists because of an incomplete fix for CVE-2008-1923.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Asterisk IAX2报文放大远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1897 was patched at 2024-05-15

1620. Denial of Service - Unknown Product (CVE-2008-2119) - Medium [375]

Description: {'vulners_cve_data_all': 'Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Asterisk SIP通道驱动远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2119 was patched at 2024-05-15

1621. Denial of Service - Unknown Product (CVE-2008-5514) - Medium [375]

Description: {'vulners_cve_data_all': 'Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service (crash) via an e-mail message that triggers a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] UW-IMAP c-client库单字节溢出漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5514 was patched at 2024-05-15

1622. Denial of Service - Unknown Product (CVE-2009-1789) - Medium [375]

Description: {'vulners_cve_data_all': 'mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Eggdrop servmsg.c远程拒绝服务漏洞, [seebug] Eggdrop/Windrop 1.6.19 ctcpbuf Remote Crash Vulnerability, [packetstorm] Eggdrop/Windrop 1.6.19 Denial Of Service, [exploitpack] EggdropWindrop 1.6.19 - ctcpbuf Remote Crash, [exploitdb] Eggdrop/Windrop 1.6.19 - ctcpbuf Remote Crash)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1789 was patched at 2024-05-15

1623. Denial of Service - Unknown Product (CVE-2009-2286) - Medium [375]

Description: {'vulners_cve_data_all': 'Buffer overflow in compface 1.5.2 and earlier allows user-assisted attackers to cause a denial of service (crash) via a long declaration in a .xbm file. NOTE: this issue only affects compface on distributions that used a certain patch.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Compface '.xbm'文件缓冲区溢出漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2286 was patched at 2024-05-15

1624. Denial of Service - Unknown Product (CVE-2009-3627) - Medium [375]

Description: {'vulners_cve_data_all': 'The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] libhtml-parser-perl vulnerability USN-855-1)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3627 was patched at 2024-05-15

1625. Denial of Service - Unknown Product (CVE-2011-1922) - Medium [375]

Description: {'vulners_cve_data_all': 'daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Unbound DNS Resolver远程拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1922 was patched at 2024-05-15

1626. Denial of Service - Unknown Product (CVE-2011-2713) - Medium [375]

Description: {'vulners_cve_data_all': 'oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenOffice Microsoft Word文件格式输入程序多个安全漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2713 was patched at 2024-05-15

1627. Denial of Service - Unknown Product (CVE-2011-3594) - Medium [375]

Description: {'vulners_cve_data_all': 'The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Pidgin "silc_private_message()"拒绝服务漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3594 was patched at 2024-05-15

1628. Denial of Service - Unknown Product (CVE-2012-3236) - Medium [375]

Description: {'vulners_cve_data_all': 'fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] GIMP 2.8.0 - .FIT File Format Denial of Service, [seebug] GIMP 2.8.0 FIT File Format DoS, [exploitdb] GIMP 2.8.0 - '.FIT' File Format Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3236 was patched at 2024-05-15

1629. Denial of Service - Unknown Product (CVE-2012-5470) - Medium [375]

Description: {'vulners_cve_data_all': 'libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] VLC Media Player 读访问冲突任意代码执行漏洞(CVE-2012-5470))
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5470 was patched at 2024-05-15

1630. Denial of Service - Unknown Product (CVE-2014-1684) - Medium [375]

Description: {'vulners_cve_data_all': 'The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1684 was patched at 2024-05-15

1631. Incorrect Calculation - Kerberos (CVE-2007-5902) - Medium [375]

Description: Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5902 was patched at 2024-05-15

1632. Memory Corruption - Unknown Product (CVE-2007-2835) - Medium [375]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Unicon-imc2环境变量本地缓冲区溢出漏洞)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2835 was patched at 2024-05-15

1633. Memory Corruption - Unknown Product (CVE-2019-20005) - Medium [375]

Description: {'vulners_cve_data_all': 'An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\\0' character (where the processing of a string was finished).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20005 was patched at 2024-05-15

1634. Memory Corruption - Unknown Product (CVE-2019-20199) - Medium [375]

Description: {'vulners_cve_data_all': 'An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20199 was patched at 2024-05-15

1635. Memory Corruption - Unknown Product (CVE-2019-6129) - Medium [375]

Description: {'vulners_cve_data_all': 'png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6129 was patched at 2024-05-15

1636. Memory Corruption - Unknown Product (CVE-2019-6442) - Medium [375]

Description: {'vulners_cve_data_all': 'An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6442 was patched at 2024-05-15

1637. Memory Corruption - Unknown Product (CVE-2020-21050) - Medium [375]

Description: {'vulners_cve_data_all': 'Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21050 was patched at 2024-05-15

1638. Memory Corruption - Unknown Product (CVE-2020-24119) - Medium [375]

Description: {'vulners_cve_data_all': 'A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24119 was patched at 2024-05-15

1639. Memory Corruption - Unknown Product (CVE-2021-21417) - Medium [375]

Description: {'vulners_cve_data_all': 'fluidsynth is a software synthesizer based on the SoundFont 2 specifications. A use after free violation was discovered in fluidsynth, that can be triggered when loading an invalid SoundFont file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-21417 was patched at 2024-05-15

1640. Memory Corruption - Unknown Product (CVE-2021-26194) - Medium [375]

Description: {'vulners_cve_data_all': 'An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_is_lexical_environment in the ecma-helpers.c file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26194 was patched at 2024-05-15

1641. Memory Corruption - Unknown Product (CVE-2021-26198) - Medium [375]

Description: {'vulners_cve_data_all': 'An issue was discovered in JerryScript 2.4.0. There is a SEVG in ecma_deref_bigint in ecma-helpers.c file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26198 was patched at 2024-05-15

1642. Memory Corruption - Unknown Product (CVE-2021-26199) - Medium [375]

Description: {'vulners_cve_data_all': 'An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecma_bytecode_ref in ecma-helpers.c file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26199 was patched at 2024-05-15

1643. Memory Corruption - Unknown Product (CVE-2021-42716) - Medium [375]

Description: {'vulners_cve_data_all': 'An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42716 was patched at 2024-05-15

1644. Memory Corruption - Unknown Product (CVE-2022-30045) - Medium [375]

Description: {'vulners_cve_data_all': 'An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-30045 was patched at 2024-05-15

1645. Memory Corruption - Unknown Product (CVE-2023-4969) - Medium [375]

Description: {'vulners_cve_data_all': 'A GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-4969 was patched at 2024-05-15

1646. Remote Code Execution - Unknown Product (CVE-2023-44451) - Medium [375]

Description: {'vulners_cve_data_all': 'Linux Mint Xreader EPUB File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Mint Xreader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EPUB files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-21897.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

redos: CVE-2023-44451 was patched at 2024-04-18

1647. Arbitrary File Writing - PHP (CVE-2006-5705) - Medium [374]

Description: Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5705 was patched at 2024-05-15

1648. Information Disclosure - Unknown Product (CVE-2008-1033) - Medium [374]

Description: {'vulners_cve_data_all': 'The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2008-003更新修复多个安全漏洞)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1033 was patched at 2024-05-15

1649. Command Injection - iOS (CVE-2020-6581) - Medium [373]

Description: Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.710CVSS Base Score is 7.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-6581 was patched at 2024-05-15

1650. Remote Code Execution - Exim (CVE-2004-0399) - Medium [373]

Description: Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Exim is a mail transfer agent (MTA) used on Unix-like operating systems
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0399 was patched at 2024-05-15

1651. Remote Code Execution - Exim (CVE-2004-0400) - Medium [373]

Description: Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Exim is a mail transfer agent (MTA) used on Unix-like operating systems
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0400 was patched at 2024-05-15

1652. Remote Code Execution - Exim (CVE-2004-2571) - Medium [373]

Description: Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary code via the (1) parseQmailFromBytesLine, (2) parseQmailToRemoteLine, (3) parseQmailToLocalLine, (4) parseSendmailFromBytesLine, (5) parseSendmailToLine, (6) parseEximFromBytesLine, and (7) parseEximToLine functions in Parser.c; allow local users to execute arbitrary code via the (8) lowercase and (9) check_syslog_date functions in Parser.c, and (10) unspecified functions in Dir.c; and allow unspecified attackers to execute arbitrary code via the (11) loadconfig and (12) removespaces functions in loadconfig.c, the (13) loadLang function in LangCfg.c, and (14) unspecified functions in Html.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Exim is a mail transfer agent (MTA) used on Unix-like operating systems
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2571 was patched at 2024-05-15

1653. Remote Code Execution - Exim (CVE-2011-1407) - Medium [373]

Description: The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Exim is a mail transfer agent (MTA) used on Unix-like operating systems
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1407 was patched at 2024-05-15

1654. Remote Code Execution - Exim (CVE-2011-1764) - Medium [373]

Description: Format string vulnerability in the dkim_exim_verify_finish function in src/dkim.c in Exim before 4.76 might allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in data used in DKIM logging, as demonstrated by an identity field containing a % (percent) character.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Exim is a mail transfer agent (MTA) used on Unix-like operating systems
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1764 was patched at 2024-05-15

1655. Remote Code Execution - ImageMagick (CVE-2004-0827) - Medium [373]

Description: Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0827 was patched at 2024-05-15

1656. Remote Code Execution - ImageMagick (CVE-2005-0005) - Medium [373]

Description: Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0005 was patched at 2024-05-15

1657. Remote Code Execution - ImageMagick (CVE-2005-0397) - Medium [373]

Description: Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0397 was patched at 2024-05-15

1658. Remote Code Execution - ImageMagick (CVE-2005-0762) - Medium [373]

Description: Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0762 was patched at 2024-05-15

1659. Remote Code Execution - ImageMagick (CVE-2006-2440) - Medium [373]

Description: Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2440 was patched at 2024-05-15

1660. Remote Code Execution - ImageMagick (CVE-2006-3376) - Medium [373]

Description: Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3376 was patched at 2024-05-15

1661. Remote Code Execution - ImageMagick (CVE-2010-2233) - Medium [373]

Description: tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used in ImageMagick, does not properly perform vertical flips, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF image, related to "downsampled OJPEG input."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2233 was patched at 2024-05-15

1662. Remote Code Execution - ImageMagick (CVE-2012-1185) - Medium [373]

Description: Multiple integer overflows in (1) magick/profile.c or (2) magick/property.c in ImageMagick 6.7.5 and earlier allow remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset value in the ResolutionUnit tag in the EXIF IFD0 of an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0247.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1185 was patched at 2024-05-15

1663. Remote Code Execution - Perl (CVE-2002-0916) - Medium [373]

Description: Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0916 was patched at 2024-05-15

1664. Remote Code Execution - Perl (CVE-2002-1174) - Medium [373]

Description: Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1174 was patched at 2024-05-15

1665. Remote Code Execution - Perl (CVE-2002-1200) - Medium [373]

Description: Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1200 was patched at 2024-05-15

1666. Remote Code Execution - Perl (CVE-2002-1277) - Medium [373]

Description: Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1277 was patched at 2024-05-15

1667. Remote Code Execution - Perl (CVE-2002-1371) - Medium [373]

Description: filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1371 was patched at 2024-05-15

1668. Remote Code Execution - Perl (CVE-2003-0212) - Medium [373]

Description: handleAccept in rinetd before 0.62 does not properly resize the connection list when it becomes full and sets an array index incorrectly, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of connections.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0212 was patched at 2024-05-15

1669. Remote Code Execution - Perl (CVE-2003-0323) - Medium [373]

Description: Multiple buffer overflows in ircII 20020912 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via responses that are not properly fed to the my_strcat function by (1) ctcp_buffer, (2) cannot_join_channel, (3) status_make_printable for Statusbar drawing, (4) create_server_list, and possibly other functions.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0323 was patched at 2024-05-15

1670. Remote Code Execution - Perl (CVE-2003-0324) - Medium [373]

Description: Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long replies that are not properly handled by the (1) userhost_cmd_returned function, or (2) Statusbar capability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0324 was patched at 2024-05-15

1671. Remote Code Execution - Perl (CVE-2003-0826) - Medium [373]

Description: lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0826 was patched at 2024-05-15

1672. Remote Code Execution - Perl (CVE-2005-0687) - Medium [373]

Description: Format string vulnerability in Hashcash 1.16 allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via format string specifiers in a reply address, which is not properly handled when printing the header.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0687 was patched at 2024-05-15

1673. Remote Code Execution - Perl (CVE-2005-2550) - Medium [373]

Description: Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2550 was patched at 2024-05-15

1674. Remote Code Execution - Perl (CVE-2005-2772) - Medium [373]

Description: Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via (1) a long "+VIEWS:" reply, which is not properly handled in the VIfromLine function, and (2) certain arguments when launching third party programs such as a web browser from a web link, which is not properly handled in the FIOgetargv function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2772 was patched at 2024-05-15

1675. Remote Code Execution - Perl (CVE-2005-3487) - Medium [373]

Description: Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, (4) a long command that is not properly handled in ComsMessageHandler.cpp when generating an error message, (5) a long UniqueID value in Logger.cpp, and possibly other unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3487 was patched at 2024-05-15

1676. Remote Code Execution - Perl (CVE-2006-3355) - Medium [373]

Description: Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3355 was patched at 2024-05-15

1677. Remote Code Execution - Perl (CVE-2006-4251) - Medium [373]

Description: Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query that prevents Recursor from properly calculating the TCP DNS query length.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4251 was patched at 2024-05-15

1678. Remote Code Execution - Perl (CVE-2007-2459) - Medium [373]

Description: Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2459 was patched at 2024-05-15

1679. Remote Code Execution - Perl (CVE-2007-4766) - Medium [373]

Description: Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4766 was patched at 2024-05-15

1680. Remote Code Execution - Perl (CVE-2008-5695) - Medium [373]

Description: wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_options and upload_files capabilities to execute arbitrary code by uploading a PHP script and adding this script's pathname to active_plugins.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 8.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5695 was patched at 2024-05-15

1681. Remote Code Execution - Perl (CVE-2010-2628) - Medium [373]

Description: The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 does not properly check the return values of snprintf calls, which allows remote attackers to execute arbitrary code via crafted (1) certificate or (2) identity data that triggers buffer overflows.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2628 was patched at 2024-05-15

1682. Remote Code Execution - Perl (CVE-2012-5854) - Medium [373]

Description: Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows remote attackers to cause a denial of service (crash or hang) and possibly execute arbitrary code via crafted IRC colors that are not properly decoded.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5854 was patched at 2024-05-15

1683. Remote Code Execution - Perl (CVE-2013-1768) - Medium [373]

Description: The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1768 was patched at 2024-05-15

1684. Remote Code Execution - Perl (CVE-2016-1866) - Medium [373]

Description: Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1866 was patched at 2024-05-15

1685. Remote Code Execution - Python (CVE-2005-2491) - Medium [373]

Description: Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2491 was patched at 2024-05-15

1686. Remote Code Execution - Python (CVE-2011-4357) - Medium [373]

Description: Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4357 was patched at 2024-05-15

1687. Remote Code Execution - Python (CVE-2018-7889) - Medium [373]

Description: gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7889 was patched at 2024-05-15

1688. Remote Code Execution - Python (CVE-2023-41334) - Medium [373]

Description: Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the `TranformGraph().to_dot_graph` function. A malicious user can provide a command or a script file as a value to the `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`. Although an error will be raised, the command or script will be executed successfully. Version 5.3.3 fixes this issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 8.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-41334 was patched at 2024-05-15

1689. Remote Code Execution - Python (CVE-2023-45805) - Medium [373]

Description: pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious `pdm.lock` file that could allow e.g. an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project `foo` can be targeted by creating the project `foo-2` and uploading the file `foo-2-2.tar.gz` to pypi.org. PyPI will see this as project `foo-2` version `2`, while PDM will see this as project `foo` version `2-2`. The version must only be `parseable as a version` and the filename must be a prefix of the project name, but it's not verified to match the version being installed. Version `2-2` is also not a valid normalized version per PEP 440. Matching the project name exactly (not just prefix) would fix the issue. When installing dependencies with PDM, what's actually installed could differ from what's listed in `pyproject.toml` (including arbitrary code execution on install). It could also be used for downgrade attacks by only changing the version. This issue has been addressed in commit `6853e2642df` which is included in release version `2.9.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45805 was patched at 2024-05-15

1690. Remote Code Execution - Wireshark (CVE-2012-4297) - Medium [373]

Description: Buffer overflow in the dissect_gsm_rlcmac_downlink function in epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC MAC dissector in Wireshark 1.6.x before 1.6.10 and 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 8.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4297 was patched at 2024-05-15

1691. Remote Code Execution - ownCloud (CVE-2021-44537) - Medium [373]

Description: ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614ownCloud is an open-source software product for sharing and syncing of files in distributed and federated enterprise scenarios
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44537 was patched at 2024-05-15

1692. Unknown Vulnerability Type - Perl (CVE-2009-3639) - Medium [373]

Description: {'vulners_cve_data_all': 'The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 client certificate, which allows remote attackers to bypass intended client-hostname restrictions via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ProFTPD mod_tls模块CA SSL证书验证漏洞, [seebug] Mozilla Firefox NULL字符CA SSL证书验证安全绕过漏洞, [seebug] Randombit Botan Library X509 Certificate Validation Bypass Vulnerability(CVE-2017-2801), [seebug] mozilla-thunderbird多个安全漏洞, [exploitdb] Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3639 was patched at 2024-05-15

1693. Unknown Vulnerability Type - Perl (CVE-2011-2719) - Medium [373]

Description: {'vulners_cve_data_all': 'libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before 3.3.10.3 and 3.4.x before 3.4.3.2 does not properly manage sessions associated with Swekey authentication, which allows remote attackers to modify the SESSION superglobal array, other superglobal arrays, and certain swekey.auth.lib.php local variables via a crafted query string, a related issue to CVE-2011-2505.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin3 remote code execute exploit [Not jilei(chicken\'s ribs)], [seebug] phpMyAdmin3 (pma3) Remote Code Execution Exploit, [seebug] phpMyAdmin 3.x Swekey Remote Code Injection Exploit, [seebug] phpMyAdmin 3.x Multiple Remote Code Executions, [seebug] phpMyAdmin 3.x 多个安全漏洞, [exploitpack] phpMyAdmin 3.x - Swekey Remote Code Injection, [exploitpack] phpMyAdmin3 (pma3) - Remote Code Execution, [packetstorm] phpMyAdmin 3.x Swekey Remote Code Injection, [packetstorm] phpMyAdmin3 Remote Code Execution, [packetstorm] phpMyAdmin 3.x Remote Code Execution, [dsquare] Phpmyadmin 3.x RCE, [exploitdb] phpMyAdmin 3.x - Swekey Remote Code Injection, [exploitdb] phpMyAdmin3 (pma3) - Remote Code Execution)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2719 was patched at 2024-05-15

1694. Unknown Vulnerability Type - Perl (CVE-2013-0155) - Medium [373]

Description: {'vulners_cve_data_all': 'Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Ruby on Rails不安全查询生成漏洞, [seebug] Ruby on Rails嵌套参数SQL注入漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0155 was patched at 2024-05-15

1695. Unknown Vulnerability Type - Perl (CVE-2013-2503) - Medium [373]

Description: {'vulners_cve_data_all': 'Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and Proxy-Authorization headers in the client-server data stream, which makes it easier for remote HTTP servers to spoof the intended proxy service via a 407 (aka Proxy Authentication Required) HTTP status code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Privoxy 3.0.20-1 Credential Exposure)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2503 was patched at 2024-05-15

1696. Unknown Vulnerability Type - Perl (CVE-2013-4729) - Medium [373]

Description: {'vulners_cve_data_all': 'import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] phpMyAdmin <= 4.0.4.1 import.php GLOBALS变量注入漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4729 was patched at 2024-05-15

1697. Unknown Vulnerability Type - Python (CVE-2008-4099) - Medium [373]

Description: {'vulners_cve_data_all': 'PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] BIND 9.4.1-9.4.2 - Remote DNS Cache Poisoning Flaw Exploit (meta), [seebug] BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py), [seebug] BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (meta), [seebug] BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c), [seebug] BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (py), [exploitpack] BIND 9.x - Remote DNS Cache Poisoning, [exploitpack] BIND 9.4.1 9.4.2 - Remote DNS Cache Poisoning (Metasploit), [exploitpack] BIND 9.x - Remote DNS Cache Poisoning (Python), [packetstorm] bind9x-poison.txt, [packetstorm] bailiwicked_domain.rb.txt, [packetstorm] bailiwicked_host.rb.txt)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4099 was patched at 2024-05-15

1698. Unknown Vulnerability Type - Python (CVE-2008-4126) - Medium [373]

Description: {'vulners_cve_data_all': 'PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4099.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] BIND 9.4.1-9.4.2 - Remote DNS Cache Poisoning Flaw Exploit (meta), [seebug] BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py), [seebug] BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (meta), [seebug] BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c), [seebug] BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (py), [exploitpack] BIND 9.x - Remote DNS Cache Poisoning, [exploitpack] BIND 9.4.1 9.4.2 - Remote DNS Cache Poisoning (Metasploit), [exploitpack] BIND 9.x - Remote DNS Cache Poisoning (Python), [packetstorm] bind9x-poison.txt, [packetstorm] bailiwicked_domain.rb.txt, [packetstorm] bailiwicked_host.rb.txt)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4126 was patched at 2024-05-15

1699. Security Feature Bypass - BIND (CVE-2021-3127) - Medium [372]

Description: NATS Server 2.x before 2.2.0 and JWT library before 2.0.1 have Incorrect Access Control because Import Token bindings are mishandled.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3127 was patched at 2024-05-15

1700. Security Feature Bypass - FFmpeg (CVE-2015-8219) - Medium [372]

Description: {'vulners_cve_data_all': 'The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8219 was patched at 2024-05-15

1701. Security Feature Bypass - Kubernetes (CVE-2022-0759) - Medium [372]

Description: {'vulners_cve_data_all': 'A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate (it wrongly returns VERIFY_NONE). Ruby applications that leverage kubeclient to parse kubeconfig files are susceptible to Man-in-the-middle attacks (MITM).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-0759 was patched at 2024-05-15

1702. Remote Code Execution - APT (CVE-2012-2942) - Medium [371]

Description: Buffer overflow in the trash buffer in the header capture functionality in HAProxy before 1.4.21, when global.tune.bufsize is set to a value greater than the default and header rewriting is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2942 was patched at 2024-05-15

1703. Remote Code Execution - Binutils (CVE-2005-1704) - Medium [371]

Description: Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1704 was patched at 2024-05-15

1704. Remote Code Execution - GNOME desktop (CVE-2002-0838) - Medium [371]

Description: Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0838 was patched at 2024-05-15

1705. Remote Code Execution - Mozilla Firefox (CVE-2006-0297) - Medium [371]

Description: Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0297 was patched at 2024-05-15

1706. Remote Code Execution - Mozilla Firefox (CVE-2006-2778) - Medium [371]

Description: The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2778 was patched at 2024-05-15

1707. Remote Code Execution - Mozilla Firefox (CVE-2006-3803) - Medium [371]

Description: Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3803 was patched at 2024-05-15

1708. Remote Code Execution - Mozilla Firefox (CVE-2006-5633) - Medium [371]

Description: Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5633 was patched at 2024-05-15

1709. Remote Code Execution - Mozilla Firefox (CVE-2006-5748) - Medium [371]

Description: Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5748 was patched at 2024-05-15

1710. Remote Code Execution - PHP (CVE-2007-4840) - Medium [371]

Description: PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4840 was patched at 2024-05-15

1711. Remote Code Execution - PHP (CVE-2008-0782) - Medium [371]

Description: Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0782 was patched at 2024-05-15

1712. Remote Code Execution - Samba (CVE-2005-0022) - Medium [371]

Description: Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0022 was patched at 2024-05-15

1713. Remote Code Execution - Zoom (CVE-2005-3178) - Medium [371]

Description: Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow user-assisted attackers to execute arbitrary code via a long title name in a NIFF file, which triggers the overflow during (1) zoom, (2) reduce, or (3) rotate operations.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Zoom is the leader in modern enterprise video communications
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3178 was patched at 2024-05-15

1714. Unknown Vulnerability Type - Safari (CVE-2009-1710) - Medium [371]

Description: {'vulners_cve_data_all': 'WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Safari 4.0多个安全漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1710 was patched at 2024-05-15

1715. Authentication Bypass - Oracle Java SE (CVE-2018-2941) - Medium [370]

Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u181, 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.614Oracle Java SE
CVSS Base Score0.810CVSS Base Score is 8.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-2941 was patched at 2024-05-15

1716. Authentication Bypass - Oracle Java SE (CVE-2018-3209) - Medium [370]

Description: Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). The supported version that is affected is Java SE: 8u182. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.614Oracle Java SE
CVSS Base Score0.810CVSS Base Score is 8.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-3209 was patched at 2024-05-15

1717. Authentication Bypass - Oracle Java SE (CVE-2020-14664) - Medium [370]

Description: Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.614Oracle Java SE
CVSS Base Score0.810CVSS Base Score is 8.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-14664 was patched at 2024-05-15

1718. Authentication Bypass - Perl (CVE-2011-2766) - Medium [370]

Description: The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2766 was patched at 2024-05-15

1719. Authentication Bypass - Perl (CVE-2013-2120) - Medium [370]

Description: The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 8.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2120 was patched at 2024-05-15

1720. Authentication Bypass - wpa_supplicant (CVE-2019-9496) - Medium [370]

Description: {'vulners_cve_data_all': 'An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.614wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation) and Haiku
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9496 was patched at 2024-05-15

1721. Denial of Service - Apache HTTP Server (CVE-2007-0086) - Medium [370]

Description: The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0086 was patched at 2024-05-15

1722. Denial of Service - Apache HTTP Server (CVE-2018-8011) - Medium [370]

Description: By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-8011 was patched at 2024-05-15

1723. Denial of Service - GNU Bash (CVE-2012-6711) - Medium [370]

Description: A heap-based buffer overflow exists in GNU Bash before 4.3 when wide characters, not supported by the current locale set in the LC_CTYPE environment variable, are printed through the echo built-in function. A local attacker, who can provide data to print through the "echo -e" built-in function, may use this flaw to crash a script or execute code with the privileges of the bash process. This occurs because ansicstr() in lib/sh/strtrans.c mishandles u32cconv().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Bash is the shell, or command language interpreter, for the GNU operating system
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6711 was patched at 2024-05-15

1724. Denial of Service - HTTP/2 (CVE-2017-10908) - Medium [370]

Description: H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-10908 was patched at 2024-05-15

1725. Denial of Service - HTTP/2 (CVE-2021-41524) - Medium [370]

Description: While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41524 was patched at 2024-05-15

1726. Denial of Service - Linux Kernel (CVE-2012-6703) - Medium [370]

Description: Integer overflow in the snd_compr_allocate_buffer function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel before 3.6-rc6-next-20120917 allows local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6703 was patched at 2024-05-15

1727. Denial of Service - Linux Kernel (CVE-2013-7445) - Medium [370]

Description: The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7445 was patched at 2024-05-15

1728. Denial of Service - Linux Kernel (CVE-2014-9914) - Medium [370]

Description: Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect expectations about locking during multithreaded access to internal data structures for IPv4 UDP sockets.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9914 was patched at 2024-05-15

1729. Denial of Service - Linux Kernel (CVE-2015-8961) - Medium [370]

Description: The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8961 was patched at 2024-05-15

1730. Denial of Service - Linux Kernel (CVE-2016-10153) - Medium [370]

Description: The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging reliance on earlier net/ceph/crypto.c code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10153 was patched at 2024-05-15

1731. Denial of Service - Linux Kernel (CVE-2016-2070) - Medium [370]

Description: The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2070 was patched at 2024-05-15

1732. Denial of Service - Linux Kernel (CVE-2016-9120) - Medium [370]

Description: Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9120 was patched at 2024-05-15

1733. Denial of Service - Linux Kernel (CVE-2016-9313) - Medium [370]

Description: security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9313 was patched at 2024-05-15

1734. Denial of Service - Linux Kernel (CVE-2016-9777) - Medium [370]

Description: KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of-bounds array access and host OS crash) via a crafted interrupt request, related to arch/x86/kvm/ioapic.c and arch/x86/kvm/ioapic.h.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9777 was patched at 2024-05-15

1735. Denial of Service - Linux Kernel (CVE-2017-14497) - Medium [370]

Description: The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14497 was patched at 2024-05-15

1736. Denial of Service - Linux Kernel (CVE-2017-17852) - Medium [370]

Description: kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17852 was patched at 2024-05-15

1737. Denial of Service - Linux Kernel (CVE-2017-17853) - Medium [370]

Description: kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17853 was patched at 2024-05-15

1738. Denial of Service - Linux Kernel (CVE-2017-17854) - Medium [370]

Description: kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17854 was patched at 2024-05-15

1739. Denial of Service - Linux Kernel (CVE-2017-17855) - Medium [370]

Description: kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17855 was patched at 2024-05-15

1740. Denial of Service - Linux Kernel (CVE-2017-17856) - Medium [370]

Description: kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17856 was patched at 2024-05-15

1741. Denial of Service - Linux Kernel (CVE-2017-17857) - Medium [370]

Description: The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17857 was patched at 2024-05-15

1742. Denial of Service - Linux Kernel (CVE-2017-5547) - Medium [370]

Description: drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5547 was patched at 2024-05-15

1743. Denial of Service - Linux Kernel (CVE-2017-5548) - Medium [370]

Description: drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5548 was patched at 2024-05-15

1744. Denial of Service - Linux Kernel (CVE-2017-8061) - Medium [370]

Description: drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8061 was patched at 2024-05-15

1745. Denial of Service - Linux Kernel (CVE-2017-8062) - Medium [370]

Description: drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10.x before 4.10.4 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8062 was patched at 2024-05-15

1746. Denial of Service - Linux Kernel (CVE-2017-8063) - Medium [370]

Description: drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8063 was patched at 2024-05-15

1747. Denial of Service - Linux Kernel (CVE-2017-8066) - Medium [370]

Description: drivers/net/can/usb/gs_usb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.2 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8066 was patched at 2024-05-15

1748. Denial of Service - Linux Kernel (CVE-2017-8067) - Medium [370]

Description: drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8067 was patched at 2024-05-15

1749. Denial of Service - Linux Kernel (CVE-2017-8068) - Medium [370]

Description: drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8068 was patched at 2024-05-15

1750. Denial of Service - Linux Kernel (CVE-2017-8069) - Medium [370]

Description: drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8069 was patched at 2024-05-15

1751. Denial of Service - Linux Kernel (CVE-2017-8070) - Medium [370]

Description: drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8070 was patched at 2024-05-15

1752. Denial of Service - Linux Kernel (CVE-2017-9986) - Medium [370]

Description: The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9986 was patched at 2024-05-15

1753. Denial of Service - Linux Kernel (CVE-2019-12615) - Medium [370]

Description: An issue was discovered in get_vdev_port_node_info in arch/sparc/kernel/mdesc.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup_const of node_info->vdev_port.name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12615 was patched at 2024-05-15

1754. Denial of Service - Linux Kernel (CVE-2019-12881) - Medium [370]

Description: i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact via crafted ioctl calls to /dev/dri/card0.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12881 was patched at 2024-05-15

1755. Denial of Service - Linux Kernel (CVE-2019-18807) - Medium [370]

Description: Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel before 5.3.5 allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() failures, aka CID-68501df92d11.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-18807 was patched at 2024-05-15

1756. Denial of Service - Linux Kernel (CVE-2019-18812) - Medium [370]

Description: A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-18812 was patched at 2024-05-15

1757. Denial of Service - Linux Kernel (CVE-2019-19070) - Medium [370]

Description: A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19070 was patched at 2024-05-15

1758. Denial of Service - Linux Kernel (CVE-2021-20226) - Medium [370]

Description: A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not incrementing the file reference counter while in use. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-20226 was patched at 2024-05-15

1759. Denial of Service - Linux Kernel (CVE-2021-26934) - Medium [370]

Description: {'vulners_cve_data_all': 'An issue was discovered in the Linux kernel 4.18 through 5.10.16, as used by Xen. The backend allocation (aka be-alloc) mode of the drm_xen_front drivers was not meant to be a supported configuration, but this wasn't stated accordingly in its support status entry.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26934 was patched at 2024-05-15

1760. Denial of Service - Windows LDAP (CVE-2011-4082) - Medium [370]

Description: A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4082 was patched at 2024-05-15

1761. Denial of Service - Windows LDAP (CVE-2017-17740) - Medium [370]

Description: contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17740 was patched at 2024-05-15

1762. Path Traversal - Windows LDAP (CVE-2009-4427) - Medium [370]

Description: Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4427 was patched at 2024-05-15

1763. Security Feature Bypass - Apache HTTP Server (CVE-2019-17567) - Medium [370]

Description: {'vulners_cve_data_all': 'Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17567 was patched at 2024-05-15

1764. Security Feature Bypass - GitLab (CVE-2019-19260) - Medium [370]

Description: GitLab Community Edition (CE) and Enterprise Edition (EE) through 12.5 has Incorrect Access Control (issue 2 of 2).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914GitLab is a DevOps software package that combines the ability to develop, secure, and operate software in a single application
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19260 was patched at 2024-05-15

1765. Security Feature Bypass - Linux Kernel (CVE-2013-6380) - Medium [370]

Description: {'vulners_cve_data_all': 'The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6380 was patched at 2024-05-15

1766. Security Feature Bypass - Windows Kernel (CVE-2023-45284) - Medium [370]

Description: {'vulners_cve_data_all': 'On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45284 was patched at 2024-05-15

1767. Arbitrary File Writing - QEMU (CVE-2008-4553) - Medium [369]

Description: qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4553 was patched at 2024-05-15

1768. Information Disclosure - Intel(R) Processor (CVE-2023-38575) - Medium [369]

Description: Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914Intel's processors from the pioneering 4-bit 4004 (1971) to the present high-end offerings
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38575 was patched at 2024-05-15

ubuntu: CVE-2023-38575 was patched at 2024-05-29

1769. Information Disclosure - Linux Kernel (CVE-2011-4916) - Medium [369]

Description: {'vulners_cve_data_all': 'Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4916 was patched at 2024-05-15

1770. Information Disclosure - Linux Kernel (CVE-2011-4917) - Medium [369]

Description: In the Linux kernel through 3.1 there is an information disclosure issue via /proc/stat.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4917 was patched at 2024-05-15

1771. Information Disclosure - Linux Kernel (CVE-2014-9892) - Medium [369]

Description: The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9892 was patched at 2024-05-15

1772. Information Disclosure - Linux Kernel (CVE-2015-8950) - Medium [369]

Description: arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory by triggering a dma_mmap call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8950 was patched at 2024-05-15

1773. Information Disclosure - Linux Kernel (CVE-2017-13693) - Medium [369]

Description: The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-13693 was patched at 2024-05-15

1774. Information Disclosure - Linux Kernel (CVE-2017-13694) - Medium [369]

Description: The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-13694 was patched at 2024-05-15

1775. Information Disclosure - Linux Kernel (CVE-2021-20320) - Medium [369]

Description: {'vulners_cve_data_all': 'A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-20320 was patched at 2024-05-15

1776. Information Disclosure - Linux Kernel (CVE-2021-3736) - Medium [369]

Description: {'vulners_cve_data_all': 'A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3736 was patched at 2024-05-15

1777. Information Disclosure - Linux Kernel (CVE-2021-4023) - Medium [369]

Description: {'vulners_cve_data_all': 'A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4023 was patched at 2024-05-15

1778. Information Disclosure - Linux Kernel (CVE-2021-46906) - Medium [369]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nHID: usbhid: fix info leak in hid_submit_ctrl\n\nIn hid_submit_ctrl(), the way of calculating the report length doesn't\ntake into account that report->size can be zero. When running the\nsyzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to\ncalculate transfer_buffer_length as 16384. When this urb is passed to\nthe usb core layer, KMSAN reports an info leak of 16384 bytes.\n\nTo fix this, first modify hid_report_len() to account for the zero\nreport size case by using DIV_ROUND_UP for the division. Then, call it\nfrom hid_submit_ctrl().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46906 was patched at 2024-05-15

1779. Information Disclosure - Linux Kernel (CVE-2021-46917) - Medium [369]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: fix wq cleanup of WQCFG registers\n\nA pre-release silicon erratum workaround where wq reset does not clear\nWQCFG registers was leaked into upstream code. Use wq reset command\ninstead of blasting the MMIO region. This also address an issue where\nwe clobber registers in future devices.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46917 was patched at 2024-05-15

redos: CVE-2021-46917 was patched at 2024-04-18

1780. Information Disclosure - Windows Kernel (CVE-2024-0075) - Medium [369]

Description: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user may cause a NULL-pointer dereference by accessing passed parameters the validity of which has not been checked. A successful exploit of this vulnerability may lead to denial of service and limited information disclosure.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-0075 was patched at 2024-05-15

1781. Remote Code Execution - Cacti (CVE-2020-7058) - Medium [369]

Description: data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated "This is a false alarm.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7058 was patched at 2024-05-15

1782. Remote Code Execution - Cacti (CVE-2020-7237) - Medium [369]

Description: Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7237 was patched at 2024-05-15

1783. Remote Code Execution - Libarchive (CVE-2007-3641) - Medium [369]

Description: archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Multi-format archive and compression library
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3641 was patched at 2024-05-15

1784. Remote Code Execution - Scripting Engine (CVE-2018-1999023) - Medium [369]

Description: The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Scripting Engine
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1999023 was patched at 2024-05-15

1785. Remote Code Execution - TRIE (CVE-2020-17354) - Medium [369]

Description: LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, safe mode is removed, and the product no longer tries to block code execution when external files are used.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.910CVSS Base Score is 8.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-17354 was patched at 2024-05-15

1786. Unknown Vulnerability Type - nginx (CVE-2009-4487) - Medium [369]

Description: {'vulners_cve_data_all': 'nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Nginx, Varnish, Cherokee, etc Log Injection)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4487 was patched at 2024-05-15

1787. Code Injection - Perl (CVE-2005-0436) - Medium [368]

Description: Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0436 was patched at 2024-05-15

1788. XXE Injection - Perl (CVE-2016-4434) - Medium [368]

Description: Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4434 was patched at 2024-05-15

1789. XXE Injection - Python (CVE-2021-29421) - Medium [368]

Description: models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29421 was patched at 2024-05-15

1790. XXE Injection - Python (CVE-2023-45139) - Medium [368]

Description: fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem fontTools is running on or make web requests from the host system. This vulnerability has been patched in version 4.43.0.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45139 was patched at 2024-05-15

1791. XXE Injection - ownCloud (CVE-2014-2055) - Medium [368]

Description: SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common0.614ownCloud is an open-source software product for sharing and syncing of files in distributed and federated enterprise scenarios
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2055 was patched at 2024-05-15

1792. Authentication Bypass - PHP (CVE-2010-4481) - Medium [367]

Description: phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4481 was patched at 2024-05-15

1793. Information Disclosure - Perl (CVE-2007-2488) - Medium [367]

Description: The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does not properly null terminate data, which allows remote attackers to trigger loss of transmitted data, and possibly obtain sensitive information (memory contents) or cause a denial of service (application crash), by sending a frame that lacks a 0 byte.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2488 was patched at 2024-05-15

1794. Information Disclosure - wpa_supplicant (CVE-2022-23303) - Medium [367]

Description: {'vulners_cve_data_all': 'The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation) and Haiku
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-23303 was patched at 2024-05-15

1795. Information Disclosure - wpa_supplicant (CVE-2022-23304) - Medium [367]

Description: {'vulners_cve_data_all': 'The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation) and Haiku
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-23304 was patched at 2024-05-15

1796. Security Feature Bypass - Perl (CVE-2021-22573) - Medium [367]

Description: {'vulners_cve_data_all': 'The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.910CVSS Base Score is 8.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-22573 was patched at 2024-05-15

1797. Security Feature Bypass - Python (CVE-2019-13611) - Medium [367]

Description: {'vulners_cve_data_all': 'An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server by using a victim's credentials, because the Origin header is not restricted.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-13611 was patched at 2024-05-15

1798. Command Injection - RPC (CVE-2019-15164) - Medium [366]

Description: rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15164 was patched at 2024-05-15

1799. Remote Code Execution - .NET and Visual Studio (CVE-2024-30045) - Medium [366]

Description: .NET and Visual Studio Remote Code Execution Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714.NET and Visual Studio
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-30045 was patched at 2024-05-14, 2024-05-15, 2024-05-23

oraclelinux: CVE-2024-30045 was patched at 2024-05-14, 2024-05-29

redhat: CVE-2024-30045 was patched at 2024-05-14, 2024-05-15, 2024-05-23

ubuntu: CVE-2024-30045 was patched at 2024-05-16

1800. Remote Code Execution - Confluence (CVE-2022-1231) - Medium [366]

Description: XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714Confluence is a web-based corporate wiki
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1231 was patched at 2024-05-15

1801. Remote Code Execution - SQLite (CVE-2021-20227) - Medium [366]

Description: A flaw was found in SQLite's SELECT query functionality (src/select.c). This flaw allows an attacker who is capable of running SQL queries locally on the SQLite database to cause a denial of service or possible code execution by triggering a use-after-free. The highest threat from this vulnerability is to system availability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714SQLite is a database engine written in the C programming language
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-20227 was patched at 2024-05-15

1802. Remote Code Execution - iOS (CVE-2012-0219) - Medium [366]

Description: Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READLINE address.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0219 was patched at 2024-05-15

1803. Denial of Service - Google Chrome (CVE-2011-0480) - Medium [365]

Description: Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted WebM file, related to buffers for (1) the channel floor and (2) the channel residue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0480 was patched at 2024-05-15

1804. Denial of Service - Mozilla Firefox (CVE-2006-1737) - Medium [365]

Description: Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1737 was patched at 2024-05-15

1805. Denial of Service - Safari (CVE-2018-4214) - Medium [365]

Description: An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to cause a denial of service (memory corruption and Safari crash) or possibly have unspecified other impact via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-4214 was patched at 2024-05-15

1806. Path Traversal - PHP (CVE-2008-4769) - Medium [365]

Description: Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4769 was patched at 2024-05-15

1807. Security Feature Bypass - APT (CVE-2014-3607) - Medium [365]

Description: DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3607 was patched at 2024-05-15

1808. Security Feature Bypass - OpenSSL (CVE-2016-2390) - Medium [365]

Description: {'vulners_cve_data_all': 'The FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2390 was patched at 2024-05-15

1809. Security Feature Bypass - OpenSSL (CVE-2018-0733) - Medium [365]

Description: {'vulners_cve_data_all': 'Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of tries lower than that guaranteed by the security claims of the scheme. The module can only be compiled by the HP-UX assembler, so that only HP-UX PA-RISC targets are affected. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-0733 was patched at 2024-05-15

1810. Cross Site Scripting - Windows LDAP (CVE-2012-1114) - Medium [364]

Description: A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1114 was patched at 2024-05-15

1811. Cross Site Scripting - Windows LDAP (CVE-2012-1115) - Medium [364]

Description: A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1115 was patched at 2024-05-15

1812. Information Disclosure - Chromium (CVE-2021-30615) - Medium [364]

Description: {'vulners_cve_data_all': 'Chromium: CVE-2021-30615 Cross-origin data leak in Navigation', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30615 was patched at 2024-05-15

1813. Information Disclosure - PHP (CVE-2007-1599) - Medium [364]

Description: wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1599 was patched at 2024-05-15

1814. Information Disclosure - PHP (CVE-2023-49006) - Medium [364]

Description: Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49006 was patched at 2024-05-15

1815. Information Disclosure - Safari (CVE-2016-4743) - Medium [364]

Description: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption and application crash) via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4743 was patched at 2024-05-15

1816. Information Disclosure - Safari (CVE-2016-7598) - Medium [364]

Description: An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7598 was patched at 2024-05-15

1817. Information Disclosure - Safari (CVE-2017-2424) - Medium [364]

Description: An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2424 was patched at 2024-05-15

1818. Remote Code Execution - Azure (CVE-2024-21646) - Medium [364]

Description: Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Azure
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-21646 was patched at 2024-05-15

1819. Remote Code Execution - Azure (CVE-2024-27099) - Medium [364]

Description: The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Azure
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27099 was patched at 2024-05-15

1820. Remote Code Execution - GPAC (CVE-2021-28300) - Medium [364]

Description: NULL Pointer Dereference in the "isomedia/track.c" module's "MergeTrack()" function of GPAC v0.5.2 allows attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28300 was patched at 2024-05-15

1821. Remote Code Execution - Git (CVE-2016-7794) - Medium [364]

Description: sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Git
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7794 was patched at 2024-05-15

1822. Remote Code Execution - Git (CVE-2021-3028) - Medium [364]

Description: git-big-picture before 1.0.0 mishandles ' characters in a branch name, leading to code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Git
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3028 was patched at 2024-05-15

1823. Remote Code Execution - Git (CVE-2022-1212) - Medium [364]

Description: Use-After-Free in str_escape in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Git
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1212 was patched at 2024-05-15

1824. Remote Code Execution - Git (CVE-2022-1286) - Medium [364]

Description: heap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Git
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1286 was patched at 2024-05-15

1825. Remote Code Execution - Git (CVE-2023-49569) - Medium [364]

Description: A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS  or in-memory filesystems are not affected by this issue. This is a go-git implementation issue and does not affect the upstream git cli.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Git
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49569 was patched at 2024-05-15

redhat: CVE-2023-49569 was patched at 2024-05-01

1826. Denial of Service - Unknown Product (CVE-2006-4573) - Medium [363]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apple Mac OS X 2007-005多个安全漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4573 was patched at 2024-05-15

1827. Denial of Service - Unknown Product (CVE-2020-14354) - Medium [363]

Description: {'vulners_cve_data_all': 'A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-14354 was patched at 2024-05-15

1828. Denial of Service - Unknown Product (CVE-2020-18974) - Medium [363]

Description: {'vulners_cve_data_all': 'Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18974 was patched at 2024-05-15

1829. Elevation of Privilege - BIND (CVE-2018-9465) - Medium [363]

Description: In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69164715 References: Upstream kernel.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-9465 was patched at 2024-05-15

1830. Memory Corruption - Unknown Product (CVE-2017-15046) - Medium [363]

Description: {'vulners_cve_data_all': 'LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpack_read_samples in frontend/get_audio.c, a different vulnerability than CVE-2017-9412.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] LAME 3.99.5 - Multiple Vulnerabilities, [zdt] LAME 3.99.5 - Multiple Vulnerabilities, [exploitdb] LAME 3.99.5 - Multiple Vulnerabilities)
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15046 was patched at 2024-05-15

1831. Memory Corruption - Unknown Product (CVE-2018-19517) - Medium [363]

Description: {'vulners_cve_data_all': 'An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memset call, as demonstrated by sadf.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19517 was patched at 2024-05-15

1832. Memory Corruption - Unknown Product (CVE-2023-24056) - Medium [363]

Description: {'vulners_cve_data_all': 'In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-24056 was patched at 2024-05-15

1833. Memory Corruption - Unknown Product (CVE-2023-42365) - Medium [363]

Description: {'vulners_cve_data_all': 'A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-42365 was patched at 2024-05-15

1834. Memory Corruption - Unknown Product (CVE-2023-42366) - Medium [363]

Description: {'vulners_cve_data_all': 'A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-42366 was patched at 2024-05-15

1835. Memory Corruption - Unknown Product (CVE-2023-45897) - Medium [363]

Description: {'vulners_cve_data_all': 'exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-45897 was patched at 2024-04-30

debian: CVE-2023-45897 was patched at 2024-05-15

oraclelinux: CVE-2023-45897 was patched at 2024-05-02

redhat: CVE-2023-45897 was patched at 2024-04-30

redos: CVE-2023-45897 was patched at 2024-04-18

1836. Remote Code Execution - Unknown Product (CVE-2023-27349) - Medium [363]

Description: {'vulners_cve_data_all': 'BlueZ Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.\n\nThe specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19908.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-27349 was patched at 2024-05-15

ubuntu: CVE-2023-27349 was patched at 2024-06-05

1837. Remote Code Execution - Unknown Product (CVE-2023-44431) - Medium [363]

Description: {'vulners_cve_data_all': 'BlueZ Audio Profile AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.\n\nThe specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19909.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-44431 was patched at 2024-05-15

1838. Remote Code Execution - Unknown Product (CVE-2023-50230) - Medium [363]

Description: {'vulners_cve_data_all': 'BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.\n\nThe specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20938.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50230 was patched at 2024-05-15

1839. Remote Code Execution - Unknown Product (CVE-2023-51596) - Medium [363]

Description: {'vulners_cve_data_all': 'BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.\n\nThe specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20939.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51596 was patched at 2024-05-15

1840. Command Injection - iOS (CVE-2020-28168) - Medium [361]

Description: Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28168 was patched at 2024-05-15

1841. Remote Code Execution - Exim (CVE-2002-1381) - Medium [361]

Description: Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Exim is a mail transfer agent (MTA) used on Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1381 was patched at 2024-05-15

1842. Remote Code Execution - Exim (CVE-2005-0021) - Medium [361]

Description: Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Exim is a mail transfer agent (MTA) used on Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0021 was patched at 2024-05-15

1843. Remote Code Execution - Exim (CVE-2012-5671) - Medium [361]

Description: Heap-based buffer overflow in the dkim_exim_query_dns_txt function in dkim.c in Exim 4.70 through 4.80, when DKIM support is enabled and acl_smtp_connect and acl_smtp_rcpt are not set to "warn control = dkim_disable_verify," allows remote attackers to execute arbitrary code via an email from a malicious DNS server.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Exim is a mail transfer agent (MTA) used on Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5671 was patched at 2024-05-15

1844. Remote Code Execution - Exim (CVE-2014-2957) - Medium [361]

Description: The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Exim is a mail transfer agent (MTA) used on Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2957 was patched at 2024-05-15

1845. Remote Code Execution - Perl (CVE-2004-0548) - Medium [361]

Description: Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0548 was patched at 2024-05-15

1846. Remote Code Execution - Perl (CVE-2007-1463) - Medium [361]

Description: Format string vulnerability in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a URI, which is not properly handled by certain dialogs.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1463 was patched at 2024-05-15

1847. Remote Code Execution - Perl (CVE-2007-4091) - Medium [361]

Description: Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4091 was patched at 2024-05-15

1848. Remote Code Execution - Perl (CVE-2007-4768) - Medium [361]

Description: Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4768 was patched at 2024-05-15

1849. Remote Code Execution - Perl (CVE-2010-0402) - Medium [361]

Description: OpenTTD before 1.0.1 does not properly validate index values of certain items, which allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted in-game command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0402 was patched at 2024-05-15

1850. Remote Code Execution - Perl (CVE-2010-2253) - Medium [361]

Description: lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2253 was patched at 2024-05-15

1851. Remote Code Execution - Perl (CVE-2010-4652) - Medium [361]

Description: Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly handled during construction of an SQL query.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4652 was patched at 2024-05-15

1852. Remote Code Execution - Perl (CVE-2012-6035) - Medium [361]

Description: The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly validate pool ids, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6035 was patched at 2024-05-15

1853. Remote Code Execution - Python (CVE-2008-4863) - Medium [361]

Description: Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4863 was patched at 2024-05-15

1854. Remote Code Execution - Python (CVE-2013-7489) - Medium [361]

Description: The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7489 was patched at 2024-05-15

1855. Remote Code Execution - Python (CVE-2014-3429) - Medium [361]

Description: IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3429 was patched at 2024-05-15

1856. Unknown Vulnerability Type - Apache ActiveMQ (CVE-2015-6524) - Medium [361]

Description: {'vulners_cve_data_all': 'The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Apache ActiveMQ 5.0.0 - 5.10.0 JAAS LDAPLoginModule empty password authentication Vulnerability)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-6524 was patched at 2024-05-15

1857. Unknown Vulnerability Type - Perl (CVE-2002-1165) - Medium [361]

Description: {'vulners_cve_data_all': 'Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] idefense.smrsh.txt)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1165 was patched at 2024-05-15

1858. Unknown Vulnerability Type - Perl (CVE-2005-0758) - Medium [361]

Description: {'vulners_cve_data_all': 'zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Mac OS X 2007-007更新修复多个安全漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0758 was patched at 2024-05-15

1859. Unknown Vulnerability Type - Perl (CVE-2006-2447) - Medium [361]

Description: {'vulners_cve_data_all': 'SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([saint] SpamAssassin spamd vpopmail user vulnerability, [saint] SpamAssassin spamd vpopmail user vulnerability, [saint] SpamAssassin spamd vpopmail user vulnerability, [saint] SpamAssassin spamd vpopmail user vulnerability, [exploitpack] SpamAssassin spamd 3.1.3 - Command Injection (Metasploit), [seebug] SpamAssassin spamd <= 3.1.3 Command Injection, [seebug] SpamAssassin spamd <= 3.1.3 - Command Injection, [seebug] SpamAssassin spamd Remote Command Execution, [metasploit] SpamAssassin spamd Remote Command Execution, [packetstorm] SpamAssassin spamd Remote Command Execution, [exploitdb] SpamAssassin spamd - Remote Command Execution (Metasploit), [exploitdb] SpamAssassin spamd 3.1.3 - Command Injection (Metasploit))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2447 was patched at 2024-05-15

1860. Unknown Vulnerability Type - Perl (CVE-2008-2827) - Medium [361]

Description: {'vulners_cve_data_all': 'The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Perl rmtree()函数本地不安全权限漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2827 was patched at 2024-05-15

1861. Unknown Vulnerability Type - Perl (CVE-2008-6123) - Medium [361]

Description: {'vulners_cve_data_all': 'The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Net-snmp TCP Wrapper远程信息泄露漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6123 was patched at 2024-05-15

1862. Unknown Vulnerability Type - Perl (CVE-2009-0361) - Medium [361]

Description: {'vulners_cve_data_all': 'Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files by setting the KRB5CCNAME environment variable, and then launching a setuid application that performs certain pam_setcred operations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] pam-krb5 KRB5CCNAME环境变量本地权限提升漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0361 was patched at 2024-05-15

1863. Unknown Vulnerability Type - Perl (CVE-2011-1496) - Medium [361]

Description: {'vulners_cve_data_all': 'tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] tmux 1.31.4 - -S Option Incorrect SetGID Privilege Escalation, [seebug] tmux '-S' Option Incorrect SetGID Privilege Escalation Vulnerability, [packetstorm] tmux 1.3 / 1.4 Privilege Escalation, [exploitdb] tmux 1.3/1.4 - '-S' Option Incorrect SetGID Privilege Escalation)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1496 was patched at 2024-05-15

1864. Unknown Vulnerability Type - Perl (CVE-2013-0282) - Medium [361]

Description: {'vulners_cve_data_all': 'OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenStack Keystone 验证绕过漏洞(CVE-2013-0282))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0282 was patched at 2024-05-15

1865. Unknown Vulnerability Type - Perl (CVE-2023-0842) - Medium [361]

Description: {'vulners_cve_data_all': 'xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0842 was patched at 2024-05-15

1866. Arbitrary File Writing - Kerberos (CVE-2003-1294) - Medium [360]

Description: Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-1294 was patched at 2024-05-15

1867. Denial of Service - Curl (CVE-2017-8818) - Medium [360]

Description: curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8818 was patched at 2024-05-15

1868. Denial of Service - FFmpeg (CVE-2008-4869) - Medium [360]

Description: FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4869 was patched at 2024-05-15

1869. Denial of Service - iOS (CVE-2018-13410) - Medium [360]

Description: Info-ZIP Zip 3.0, when the -T and -TT command-line options are used, allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value, given that the entire purpose of -TT is execution of arbitrary commands

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-13410 was patched at 2024-05-15

1870. Information Disclosure - MediaWiki (CVE-2013-1817) - Medium [360]

Description: MediaWiki before 1.19.4 and 1.20.x before 1.20.3 contains an error in the api.php script which allows remote attackers to obtain sensitive information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1817 was patched at 2024-05-15

1871. Information Disclosure - MediaWiki (CVE-2016-6332) - Medium [360]

Description: MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6332 was patched at 2024-05-15

1872. Information Disclosure - MediaWiki (CVE-2016-6335) - Medium [360]

Description: MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6335 was patched at 2024-05-15

1873. Information Disclosure - MediaWiki (CVE-2017-0361) - Medium [360]

Description: Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0361 was patched at 2024-05-15

1874. Security Feature Bypass - FFmpeg (CVE-2015-8218) - Medium [360]

Description: {'vulners_cve_data_all': 'The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted CCITT FAX data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8218 was patched at 2024-05-15

1875. Cross Site Scripting - Mozilla Firefox (CVE-2006-3810) - Medium [359]

Description: Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3810 was patched at 2024-05-15

1876. Cross Site Scripting - Mozilla Firefox (CVE-2006-6503) - Medium [359]

Description: Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6503 was patched at 2024-05-15

1877. Cross Site Scripting - PHP (CVE-2004-1055) - Medium [359]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1055 was patched at 2024-05-15

1878. Cross Site Scripting - PHP (CVE-2006-2418) - Medium [359]

Description: Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2418 was patched at 2024-05-15

1879. Cross Site Scripting - PHP (CVE-2006-6808) - Medium [359]

Description: Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6808 was patched at 2024-05-15

1880. Cross Site Scripting - PHP (CVE-2006-6942) - Medium [359]

Description: Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db parameter to (b) db_create.php, (3) the newname parameter to db_operations.php, the (4) query_history_latest, (5) query_history_latest_db, and (6) querydisplay_tab parameters to (c) querywindow.php, and (7) the pos parameter to (d) sql.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6942 was patched at 2024-05-15

1881. Cross Site Scripting - PHP (CVE-2007-0204) - Medium [359]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0204 was patched at 2024-05-15

1882. Cross Site Scripting - PHP (CVE-2007-1244) - Medium [359]

Description: Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1244 was patched at 2024-05-15

1883. Cross Site Scripting - PHP (CVE-2007-2245) - Medium [359]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2245 was patched at 2024-05-15

1884. Cross Site Scripting - PHP (CVE-2007-2627) - Medium [359]

Description: Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, when custom 404 pages that call get_sidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF), a different vulnerability than CVE-2007-1622.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2627 was patched at 2024-05-15

1885. Cross Site Scripting - PHP (CVE-2012-2128) - Medium [359]

Description: Cross-site request forgery (CSRF) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129: "the exploit code simply uses the XSS hole to extract a valid CSRF token."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2128 was patched at 2024-05-15

1886. Remote Code Execution - GNOME desktop (CVE-2007-0235) - Medium [359]

Description: Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in its address space, which triggers the overflow in gnome-system-monitor.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0235 was patched at 2024-05-15

1887. Remote Code Execution - GNOME desktop (CVE-2012-3355) - Medium [359]

Description: (1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3355 was patched at 2024-05-15

1888. Remote Code Execution - OpenSSL (CVE-2010-2939) - Medium [359]

Description: Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2939 was patched at 2024-05-15

1889. Unknown Vulnerability Type - GNOME desktop (CVE-2007-6389) - Medium [359]

Description: {'vulners_cve_data_all': 'The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 might allow local users to read the clipboard contents and X selection data for a locked session by using ctrl-V.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Gnome Screensaver本地信息泄漏漏洞, [seebug] Gnome屏保程序本地信息泄露漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6389 was patched at 2024-05-15

1890. Unknown Vulnerability Type - Samba (CVE-2008-3789) - Medium [359]

Description: {'vulners_cve_data_all': 'Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Samba group_mapping.tdb/group_mapping.ldb创建不安全文件漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3789 was patched at 2024-05-15

1891. Command Injection - Git (CVE-2023-3432) - Medium [358]

Description: Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.414Git
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-3432 was patched at 2024-05-15

debian: CVE-2023-34320 was patched at 2024-05-15

debian: CVE-2023-34321 was patched at 2024-05-15

debian: CVE-2023-34322 was patched at 2024-05-15

debian: CVE-2023-34323 was patched at 2024-05-15

debian: CVE-2023-34325 was patched at 2024-05-15

debian: CVE-2023-34326 was patched at 2024-05-15

debian: CVE-2023-34327 was patched at 2024-05-15

debian: CVE-2023-34328 was patched at 2024-05-15

1892. Denial of Service - Intel(R) Processor (CVE-2023-39368) - Medium [358]

Description: Protection mechanism failure of bus lock regulator for some Intel(R) Processors may allow an unauthenticated user to potentially enable denial of service via network access.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Intel's processors from the pioneering 4-bit 4004 (1971) to the present high-end offerings
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39368 was patched at 2024-05-15

ubuntu: CVE-2023-39368 was patched at 2024-05-29

1893. Denial of Service - Linux Kernel (CVE-2013-4254) - Medium [358]

Description: The validate_event function in arch/arm/kernel/perf_event.c in the Linux kernel before 3.10.8 on the ARM platform allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by adding a hardware event to an event group led by a software event.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4254 was patched at 2024-05-15

1894. Denial of Service - Linux Kernel (CVE-2013-4563) - Medium [358]

Description: The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4563 was patched at 2024-05-15

1895. Denial of Service - Linux Kernel (CVE-2016-6516) - Medium [358]

Description: Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6516 was patched at 2024-05-15

1896. Denial of Service - Linux Kernel (CVE-2017-6874) - Medium [358]

Description: Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction between put_ucounts and get_ucounts.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6874 was patched at 2024-05-15

1897. Denial of Service - Linux Kernel (CVE-2020-35499) - Medium [358]

Description: A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35499 was patched at 2024-05-15

1898. Denial of Service - Linux Kernel (CVE-2021-28039) - Medium [358]

Description: {'vulners_cve_data_all': 'An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28039 was patched at 2024-05-15

1899. Denial of Service - Linux Kernel (CVE-2023-1193) - Medium [358]

Description: A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-1193 was patched at 2024-05-15

1900. Denial of Service - Linux Kernel (CVE-2023-3397) - Medium [358]

Description: A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-3397 was patched at 2024-05-15

debian: CVE-2023-33970 was patched at 2024-05-15

1901. Denial of Service - Linux Kernel (CVE-2023-4389) - Medium [358]

Description: A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-4389 was patched at 2024-05-15

debian: CVE-2023-43898 was patched at 2024-05-15

1902. Denial of Service - Linux Kernel (CVE-2023-4394) - Medium [358]

Description: {'vulners_cve_data_all': 'A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-4394 was patched at 2024-05-15

1903. Denial of Service - Windows Kernel (CVE-2022-28185) - Medium [358]

Description: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-28185 was patched at 2024-05-15

1904. Denial of Service - Windows Kernel (CVE-2022-34665) - Medium [358]

Description: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-34665 was patched at 2024-05-15

1905. Denial of Service - Windows Kernel (CVE-2022-34666) - Medium [358]

Description: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-34666 was patched at 2024-05-15

1906. Denial of Service - Windows Kernel (CVE-2023-0181) - Medium [358]

Description: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0181 was patched at 2024-05-15

1907. Denial of Service - Windows Kernel (CVE-2023-0191) - Medium [358]

Description: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0191 was patched at 2024-05-15

1908. Denial of Service - Windows Kernel (CVE-2024-0078) - Medium [358]

Description: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest can cause a NULL-pointer dereference in the host, which may lead to denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-0078 was patched at 2024-05-15

1909. Memory Corruption - Linux Kernel (CVE-2012-6712) - Medium [358]

Description: In the Linux kernel before 3.4, a buffer overflow occurs in drivers/net/wireless/iwlwifi/iwl-agn-sta.c, which will cause at least memory corruption.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6712 was patched at 2024-05-15

1910. Memory Corruption - Linux Kernel (CVE-2019-10125) - Medium [358]

Description: An issue was discovered in aio_poll() in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aio_poll_wake() if an expected event is triggered immediately (e.g., by the close of a pair of pipes) after the return of vfs_poll(), and this will cause a use-after-free.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10125 was patched at 2024-05-15

1911. Memory Corruption - Linux Kernel (CVE-2022-47939) - Medium [358]

Description: An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-47939 was patched at 2024-05-15

1912. Memory Corruption - nghttp2 (CVE-2015-8659) - Medium [358]

Description: The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8659 was patched at 2024-05-15

1913. Path Traversal - Linux Kernel (CVE-2020-29373) - Medium [358]

Description: {'vulners_cve_data_all': 'An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-29373 was patched at 2024-05-15

1914. Arbitrary File Reading - Windows LDAP (CVE-2005-2792) - Medium [357]

Description: Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the custom_welcome_page parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2792 was patched at 2024-05-15

1915. Information Disclosure - Apache HTTP Server (CVE-2020-25073) - Medium [357]

Description: FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection. This affects both the freedombox and plinth packages of some Linux distributions, but only if the Apache mod_status module is enabled.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25073 was patched at 2024-05-15

1916. Information Disclosure - Linux Kernel (CVE-2013-3237) - Medium [357]

Description: The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-3237 was patched at 2024-05-15

1917. Information Disclosure - Linux Kernel (CVE-2013-4515) - Medium [357]

Description: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4515 was patched at 2024-05-15

1918. Information Disclosure - Linux Kernel (CVE-2013-4516) - Medium [357]

Description: The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4516 was patched at 2024-05-15

1919. Information Disclosure - Linux Kernel (CVE-2013-7264) - Medium [357]

Description: The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7264 was patched at 2024-05-15

1920. Information Disclosure - Linux Kernel (CVE-2013-7267) - Medium [357]

Description: The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7267 was patched at 2024-05-15

1921. Information Disclosure - Linux Kernel (CVE-2013-7268) - Medium [357]

Description: The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7268 was patched at 2024-05-15

1922. Information Disclosure - Linux Kernel (CVE-2013-7269) - Medium [357]

Description: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7269 was patched at 2024-05-15

1923. Information Disclosure - Linux Kernel (CVE-2013-7271) - Medium [357]

Description: The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7271 was patched at 2024-05-15

1924. Information Disclosure - Linux Kernel (CVE-2013-7281) - Medium [357]

Description: The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7281 was patched at 2024-05-15

1925. Remote Code Execution - 7-Zip (CVE-2018-10115) - Medium [357]

Description: Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514KeePass is a free open source password manager, which helps you to manage your passwords in a secure way
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10115 was patched at 2024-05-15

1926. Remote Code Execution - 7-Zip (CVE-2018-5996) - Medium [357]

Description: Insufficient exception handling in the method NCompress::NRar3::CDecoder::Code of 7-Zip before 18.00 and p7zip can lead to multiple memory corruptions within the PPMd code, allows remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514KeePass is a free open source password manager, which helps you to manage your passwords in a secure way
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-5996 was patched at 2024-05-15

1927. Remote Code Execution - 7-Zip (CVE-2023-40481) - Medium [357]

Description: 7-Zip SquashFS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SQFS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18589.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514KeePass is a free open source password manager, which helps you to manage your passwords in a secure way
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-40481 was patched at 2024-05-15

1928. Remote Code Execution - KeePass (CVE-2016-5119) - Medium [357]

Description: The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.5147-Zip is a file archiver with a high compression ratio
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5119 was patched at 2024-05-15

1929. Remote Code Execution - TLS (CVE-2021-21373) - Medium [357]

Description: Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-21373 was patched at 2024-05-15

1930. Remote Code Execution - TRIE (CVE-2006-3251) - Medium [357]

Description: Heap-based buffer overflow in the array_push function in hashcash.c for Hashcash before 1.21 might allow attackers to execute arbitrary code via crafted entries.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3251 was patched at 2024-05-15

1931. Remote Code Execution - TRIE (CVE-2007-4938) - Medium [357]

Description: Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4938 was patched at 2024-05-15

1932. Remote Code Execution - TRIE (CVE-2007-5740) - Medium [357]

Description: The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5740 was patched at 2024-05-15

1933. Remote Code Execution - TRIE (CVE-2022-36113) - Medium [357]

Description: Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the root of the extracted source code once it extracted all the files. It was discovered that Cargo allowed packages to contain a .cargo-ok symbolic link, which Cargo would extract. Then, when Cargo attempted to write "ok" into .cargo-ok, it would actually replace the first two bytes of the file the symlink pointed to with ok. This would allow an attacker to corrupt one file on the machine using Cargo to extract the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. Mitigations We recommend users of alternate registries to exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to exercise care in choosing their dependencies though, as remote code execution is allowed by design there as well.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-36113 was patched at 2024-05-15

1934. Remote Code Execution - Werkzeug (CVE-2024-34069) - Medium [357]

Description: Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it allows access to the debugger even if it is only running on localhost. This also requires the attacker to guess a URL in the developer's application that will trigger the debugger. This vulnerability is fixed in 3.0.3.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Werkzeug is a comprehensive WSGI web application library
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-34069 was patched at 2024-05-15

ubuntu: CVE-2024-34069 was patched at 2024-05-29

1935. Remote Code Execution - Xrdp (CVE-2008-5902) - Medium [357]

Description: Buffer overflow in the xrdp_bitmap_invalidate function in xrdp/xrdp_bitmap.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via a crafted request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514xrdp is an open source remote desktop protocol server
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5902 was patched at 2024-05-15

1936. Remote Code Execution - Xrdp (CVE-2008-5903) - Medium [357]

Description: Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via vectors that manipulate the value of the edit_pos structure member.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514xrdp is an open source remote desktop protocol server
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5903 was patched at 2024-05-15

1937. Security Feature Bypass - Unknown Product (CVE-2023-4233) - Medium [357]

Description: {'vulners_cve_data_all': 'A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the sms_decode_address_field() function during the SMS PDU decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-4233 was patched at 2024-05-15

1938. Unknown Vulnerability Type - ntopng (CVE-2015-8368) - Medium [357]

Description: {'vulners_cve_data_all': 'ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] ntop-ng 2.0.151021 - Privilege Escalation, [packetstorm] ntop-ng 2.0.15102 Privilege Escalation, [zdt] ntop-ng 2.0.151021 - Privilege Escalation Vulnerability, [exploitdb] ntop-ng 2.0.151021 - Privilege Escalation)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514ntopng is an open-source computer software for monitoring traffic on a computer network
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8368 was patched at 2024-05-15

1939. Command Injection - Perl (CVE-2012-3523) - Medium [356]

Description: The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3523 was patched at 2024-05-15

1940. Command Injection - Python (CVE-2022-36069) - Medium [356]

Description: Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as `git clone`. These commands are constructed using user input (e.g. the repository URL). When building the commands, Poetry correctly avoids Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated as an optional argument instead of a positional one. This can lead to Code Execution because some of the commands have options that can be leveraged to run arbitrary executables. If a developer is exploited, the attacker could steal credentials or persist their access. If the exploit happens on a server, the attackers could use their access to attack other internal systems. Since this vulnerability requires a fair amount of user interaction, it is not as dangerous as a remotely exploitable one. However, it still puts developers at risk when dealing with untrusted files in a way they think is safe, because the exploit still works when the victim tries to make sure nothing can happen, e.g. by vetting any Git or Poetry config files that might be present in the directory. Versions 1.1.9 and 1.2.0b1 contain patches for this issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 7.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-36069 was patched at 2024-05-15

1941. XXE Injection - Perl (CVE-2016-9181) - Medium [356]

Description: perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9181 was patched at 2024-05-15

1942. XXE Injection - libxml2 (CVE-2013-0339) - Medium [356]

Description: libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common0.614libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0339 was patched at 2024-05-15

1943. Arbitrary File Writing - Windows Encrypting File System (CVE-2008-1832) - Medium [355]

Description: lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite arbitrary files via a symlink attack on the csvers temporary file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.914Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1832 was patched at 2024-05-15

1944. Authentication Bypass - OpenSSH (CVE-2021-36368) - Medium [355]

Description: An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is "this is not an authentication bypass, since nothing is being bypassed.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-36368 was patched at 2024-05-15

1945. Security Feature Bypass - Perl (CVE-2006-6678) - Medium [355]

Description: The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6678 was patched at 2024-05-15

1946. Security Feature Bypass - Perl (CVE-2007-0262) - Medium [355]

Description: WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify that the m parameter value has the string data type, which allows remote attackers to obtain sensitive information via an invalid m[] parameter, as demonstrated by obtaining the path, and obtaining certain SQL information such as the table prefix.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0262 was patched at 2024-05-15

1947. Security Feature Bypass - Perl (CVE-2009-3602) - Medium [355]

Description: Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3602 was patched at 2024-05-15

1948. Security Feature Bypass - Perl (CVE-2019-12209) - Medium [355]

Description: Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM configuration, part of the file contents of a symlink target will be logged, possibly revealing sensitive information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12209 was patched at 2024-05-15

1949. Security Feature Bypass - Perl (CVE-2021-36770) - Medium [355]

Description: {'vulners_cve_data_all': 'Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-36770 was patched at 2024-05-15

1950. Security Feature Bypass - Perl (CVE-2021-41611) - Medium [355]

Description: {'vulners_cve_data_all': 'An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41611 was patched at 2024-05-15

1951. Security Feature Bypass - Python (CVE-2021-32677) - Medium [355]

Description: {'vulners_cve_data_all': 'FastAPI is a web framework for building APIs with Python 3.6+ based on standard Python type hints. FastAPI versions lower than 0.65.2 that used cookies for authentication in path operations that received JSON payloads sent by browsers were vulnerable to a Cross-Site Request Forgery (CSRF) attack. In versions lower than 0.65.2, FastAPI would try to read the request payload as JSON even if the content-type header sent was not set to application/json or a compatible JSON media type (e.g. application/geo+json). A request with a content type of text/plain containing JSON data would be accepted and the JSON data would be extracted. Requests with content type text/plain are exempt from CORS preflights, for being considered Simple requests. The browser will execute them right away including cookies, and the text content could be a JSON string that would be parsed and accepted by the FastAPI application. This is fixed in FastAPI 0.65.2. The request data is now parsed as JSON only if the content-type header is application/json or another JSON compatible media type like application/geo+json. It's best to upgrade to the latest FastAPI, but if updating is not possible then a middleware or a dependency that checks the content-type header and aborts the request if it is not application/json or another JSON compatible content type can act as a mitigating workaround.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32677 was patched at 2024-05-15

1952. Remote Code Execution - BIND (CVE-2013-4370) - Medium [354]

Description: The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors that trigger a (1) use-after-free or (2) double free.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4370 was patched at 2024-05-15

1953. Unknown Vulnerability Type - BIND (CVE-2013-5572) - Medium [354]

Description: {'vulners_cve_data_all': 'Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Zabbix 2.0.5 Password Disclosure, [zdt] Zabbix 2.0.5 - Cleartext ldap_bind_password Password Disclosure (MSF) Exploit, [exploitpack] Zabbix 2.0.5 - Cleartext ldap_bind_Password Password Disclosure (Metasploit), [exploitdb] Zabbix 2.0.5 - Cleartext ldap_bind_Password Password Disclosure (Metasploit))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-5572 was patched at 2024-05-15

1954. Authentication Bypass - Cacti (CVE-2004-1737) - Medium [353]

Description: SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1737 was patched at 2024-05-15

1955. Authentication Bypass - Docker (CVE-2020-8907) - Medium [353]

Description: {'vulners_cve_data_all': 'A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "docker" user from the OS Login entry.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.514Docker
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-8907 was patched at 2024-05-15

1956. Authentication Bypass - HID (CVE-2023-50291) - Medium [353]

Description: {'vulners_cve_data_all': 'Insufficiently Protected Credentials vulnerability in Apache Solr.\n\nThis issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0.\nOne of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties that had "password" contained in the name.\nThere are a number of sensitive system properties, such as "basicauth" and "aws.secretKey" do not contain "password", thus their values were published via the "/admin/info/properties" endpoint.\nThis endpoint populates the list of System Properties on the home screen of the Solr Admin page, making the exposed credentials visible in the UI.\n\nThis /admin/info/properties endpoint is protected under the "config-read" permission.\nTherefore, Solr Clouds with Authorization enabled will only be vulnerable through logged-in users that have the "config-read" permission.\nUsers are recommended to upgrade to version 9.3.0 or 8.11.3, which fixes the issue.\nA single option now controls hiding Java system property for all endpoints, "-Dsolr.hiddenSysProps".\nBy default all known sensitive properties are hidden (including "-Dbasicauth"), as well as any property with a name containing "secret" or "password".\n\nUsers who cannot upgrade can also use the following Java system property to fix the issue:\n\xa0 '-Dsolr.redaction.system.pattern=.*(password|secret|basicauth).*'\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.514HID
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50291 was patched at 2024-05-15

1957. Authentication Bypass - TLS (CVE-2022-4967) - Medium [353]

Description: strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be contained in the client's certificate. So clients can authenticate with any trusted certificate and claim an arbitrary IKE/EAP identity as their own. This is problematic if the identity is used to make policy decisions. A fix was released in strongSwan version 5.9.6 in August 2022 (e4b4aabc4996fc61c37deab7858d07bc4d220136).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-4967 was patched at 2024-06-15

ubuntu: CVE-2022-4967 was patched at 2024-05-14

1958. Denial of Service - APT (CVE-2017-12136) - Medium [353]

Description: Race condition in the grant table code in Xen 4.6.x through 4.9.x allows local guest OS administrators to cause a denial of service (free list corruption and host crash) or gain privileges on the host via vectors involving maptrack free list handling.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12136 was patched at 2024-05-15

1959. Denial of Service - APT (CVE-2020-5243) - Medium [353]

Description: uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request to maliciously crafted long strings. This has been patched in uap-core 0.7.3.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5243 was patched at 2024-05-15

1960. Denial of Service - APT (CVE-2022-44566) - Medium [353]

Description: A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-44566 was patched at 2024-05-15

1961. Denial of Service - APT (CVE-2023-38321) - Medium [353]

Description: OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38321 was patched at 2024-05-15

1962. Denial of Service - Binutils (CVE-2017-14729) - Medium [353]

Description: The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, do not ensure a unique PLT entry for a symbol, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14729 was patched at 2024-05-15

1963. Denial of Service - Binutils (CVE-2017-14745) - Medium [353]

Description: The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, interpret a -1 value as a sorting count instead of an error flag, which allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14745 was patched at 2024-05-15

1964. Denial of Service - Binutils (CVE-2017-7303) - Medium [353]

Description: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 4) because of missing a check (in the find_link function) for null headers before attempting to match them. This vulnerability causes Binutils utilities like strip to crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7303 was patched at 2024-05-15

1965. Denial of Service - Binutils (CVE-2017-7304) - Medium [353]

Description: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7304 was patched at 2024-05-15

1966. Denial of Service - Binutils (CVE-2017-9043) - Medium [353]

Description: readelf.c in GNU Binutils 2017-04-12 has a "shift exponent too large for type unsigned long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9043 was patched at 2024-05-15

1967. Denial of Service - Binutils (CVE-2017-9743) - Medium [353]

Description: The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU Binutils 2.28 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during "objdump -D" execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9743 was patched at 2024-05-15

1968. Denial of Service - Binutils (CVE-2021-3530) - Medium [353]

Description: A flaw was discovered in GNU libiberty within demangle_path() in rust-demangle.c, as distributed in GNU Binutils version 2.36. A crafted symbol can cause stack memory to be exhausted leading to a crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3530 was patched at 2024-05-15

1969. Denial of Service - GNOME desktop (CVE-2018-12016) - Medium [353]

Description: libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12016 was patched at 2024-05-15

1970. Denial of Service - Google Chrome (CVE-2011-3892) - Medium [353]

Description: Double free vulnerability in the Theora decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3892 was patched at 2024-05-15

1971. Denial of Service - Google Chrome (CVE-2011-3895) - Medium [353]

Description: Heap-based buffer overflow in the Vorbis decoder in Google Chrome before 15.0.874.120 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3895 was patched at 2024-05-15

1972. Denial of Service - Google Chrome (CVE-2012-5127) - Medium [353]

Description: Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5127 was patched at 2024-05-15

1973. Denial of Service - Google Chrome (CVE-2012-5129) - Medium [353]

Description: Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS before 23.0.1271.94 allows remote attackers to cause a denial of service (GPU process crash) or possibly have unspecified other impact via unknown vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5129 was patched at 2024-05-15

1974. Denial of Service - Google Chrome (CVE-2012-5150) - Medium [353]

Description: Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5150 was patched at 2024-05-15

1975. Denial of Service - Google Chrome (CVE-2013-0894) - Medium [353]

Description: Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0894 was patched at 2024-05-15

1976. Denial of Service - ICMP (CVE-2023-31628) - Medium [353]

Description: An issue in the stricmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to diagnose network communication issues
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31628 was patched at 2024-05-15

ubuntu: CVE-2023-31628 was patched at 2024-06-13

1977. Denial of Service - Netty (CVE-2016-4970) - Medium [353]

Description: handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Netty is a non-blocking I/O client-server framework for the development of Java network applications such as protocol servers and clients
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4970 was patched at 2024-05-15

1978. Denial of Service - Node.js (CVE-2015-7384) - Medium [353]

Description: Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7384 was patched at 2024-05-15

1979. Denial of Service - Node.js (CVE-2015-8027) - Medium [353]

Description: Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8027 was patched at 2024-05-15

1980. Denial of Service - Node.js (CVE-2015-8854) - Medium [353]

Description: The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8854 was patched at 2024-05-15

1981. Denial of Service - Node.js (CVE-2016-10539) - Medium [353]

Description: negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for "Accept-Language", when parsed by negotiator 0.6.0 and earlier is vulnerable to Regular Expression Denial of Service via a specially crafted string.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10539 was patched at 2024-05-15

1982. Denial of Service - Node.js (CVE-2016-10542) - Medium [353]

Description: ws is a "simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455". By sending an overly long websocket payload to a `ws` server, it is possible to crash the node process. This affects ws 1.1.0 and earlier.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10542 was patched at 2024-05-15

1983. Denial of Service - Node.js (CVE-2018-7158) - Medium [353]

Description: The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `'path'` module for the various path parsing functions, including `path.dirname()`, `path.extname()` and `path.parse()` was structured in such a way as to allow an attacker to craft a string, that when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7158 was patched at 2024-05-15

1984. Denial of Service - Node.js (CVE-2018-7162) - Medium [353]

Description: All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7162 was patched at 2024-05-15

1985. Denial of Service - Node.js (CVE-2018-7164) - Medium [353]

Description: Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7164 was patched at 2024-05-15

1986. Denial of Service - Node.js (CVE-2019-5739) - Medium [353]

Description: Keep-alive HTTP and HTTPS connections can remain open and inactive for up to 2 minutes in Node.js 6.16.0 and earlier. Node.js 8.0.0 introduced a dedicated server.keepAliveTimeout which defaults to 5 seconds. The behavior in Node.js 6.16.0 and earlier is a potential Denial of Service (DoS) attack vector. Node.js 6.17.0 introduces server.keepAliveTimeout and the 5-second default.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5739 was patched at 2024-05-15

1987. Denial of Service - Node.js (CVE-2021-29469) - Medium [353]

Description: Node-redis is a Node.js Redis client. Before version 3.1.1, when a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. The issue is patched in version 3.1.1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29469 was patched at 2024-05-15

1988. Denial of Service - OpenSSH (CVE-2006-4924) - Medium [353]

Description: sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4924 was patched at 2024-05-15

1989. Denial of Service - OpenSSH (CVE-2016-8858) - Medium [353]

Description: The kex_input_kexinit function in kex.c in OpenSSH 6.x and 7.x through 7.3 allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate KEXINIT requests. NOTE: a third party reports that "OpenSSH upstream does not consider this as a security issue."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-8858 was patched at 2024-05-15

1990. Denial of Service - OpenSSL (CVE-2004-0079) - Medium [353]

Description: The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0079 was patched at 2024-05-15

1991. Denial of Service - PHP (CVE-2014-0236) - Medium [353]

Description: file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0236 was patched at 2024-05-15

1992. Denial of Service - PHP (CVE-2016-9863) - Medium [353]

Description: An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9863 was patched at 2024-05-15

1993. Denial of Service - PHP (CVE-2023-49316) - Medium [353]

Description: In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49316 was patched at 2024-05-15

1994. Denial of Service - RPC (CVE-2019-15163) - Medium [353]

Description: rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15163 was patched at 2024-05-15

1995. Denial of Service - RPC (CVE-2020-13949) - Medium [353]

Description: In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13949 was patched at 2024-05-15

1996. Denial of Service - RPC (CVE-2020-7219) - Medium [353]

Description: HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 1.6.3.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7219 was patched at 2024-05-15

1997. Denial of Service - RPC (CVE-2021-37146) - Medium [353]

Description: An infinite loop in Open Robotics ros_comm XMLRPC server in ROS Melodic through 1.4.11 and ROS Noetic through1.15.11 allows remote attackers to cause a Denial of Service in ros_comm via a crafted XMLRPC call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37146 was patched at 2024-05-15

1998. Denial of Service - RPC (CVE-2023-4785) - Medium [353]

Description: Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. 

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-4785 was patched at 2024-05-15

1999. Denial of Service - Windows NTFS (CVE-2018-11737) - Medium [353]

Description: An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_dent.cpp which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The default file system of the Windows NT family
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11737 was patched at 2024-05-15

2000. Denial of Service - Windows NTFS (CVE-2018-11738) - Medium [353]

Description: An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The default file system of the Windows NT family
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11738 was patched at 2024-05-15

2001. Security Feature Bypass - ASP.NET (CVE-2006-6104) - Medium [353]

Description: The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814An open-source, server-side web-application framework designed for web development
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6104 was patched at 2024-05-15

2002. Arbitrary File Writing - Python (CVE-2008-4108) - Medium [352]

Description: Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4108 was patched at 2024-05-15

2003. Cross Site Scripting - Windows LDAP (CVE-2020-35132) - Medium [352]

Description: An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35132 was patched at 2024-05-15

2004. Information Disclosure - Node.js (CVE-2012-2330) - Medium [352]

Description: The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2330 was patched at 2024-05-15

2005. Information Disclosure - Node.js (CVE-2019-14939) - Medium [352]

Description: {'vulners_cve_data_all': 'An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14939 was patched at 2024-05-15

2006. Information Disclosure - PHP (CVE-2008-1567) - Medium [352]

Description: phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) password, and the (3) Blowfish secret key, in cleartext in a Session file under /tmp, which allows local users to obtain sensitive information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1567 was patched at 2024-05-15

2007. Information Disclosure - PHP (CVE-2012-6634) - Medium [352]

Description: wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6634 was patched at 2024-05-15

2008. Information Disclosure - PHP (CVE-2017-12870) - Medium [352]

Description: SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12870 was patched at 2024-05-15

2009. Information Disclosure - Windows NTFS (CVE-2018-11727) - Medium [352]

Description: The libfsntfs_attribute_read_from_mft function in libfsntfs_attribute.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814The default file system of the Windows NT family
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11727 was patched at 2024-05-15

2010. Information Disclosure - Windows NTFS (CVE-2018-11728) - Medium [352]

Description: The libfsntfs_reparse_point_values_read_data function in libfsntfs_reparse_point_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814The default file system of the Windows NT family
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11728 was patched at 2024-05-15

2011. Information Disclosure - Windows NTFS (CVE-2018-11729) - Medium [352]

Description: The libfsntfs_mft_entry_read_header function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814The default file system of the Windows NT family
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11729 was patched at 2024-05-15

2012. Information Disclosure - Windows NTFS (CVE-2018-11731) - Medium [352]

Description: The libfsntfs_mft_entry_read_attributes function in libfsntfs_mft_entry.c in libfsntfs through 2018-04-20 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814The default file system of the Windows NT family
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11731 was patched at 2024-05-15

2013. Remote Code Execution - Git (CVE-2007-3316) - Medium [352]

Description: Multiple format string vulnerabilities in plugins in VideoLAN VLC Media Player before 0.8.6c allow remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in (1) an Ogg/Vorbis file, (2) an Ogg/Theora file, (3) a CDDB entry for a CD Digital Audio (CDDA) file, or (4) Service Announce Protocol (SAP) multicast packets.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Git
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3316 was patched at 2024-05-15

2014. Remote Code Execution - Git (CVE-2016-7793) - Medium [352]

Description: sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Git
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7793 was patched at 2024-05-15

2015. Remote Code Execution - Git (CVE-2018-1000021) - Medium [352]

Description: GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Git
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000021 was patched at 2024-05-15

2016. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52654) - Medium [352]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/af_unix: disable sending io_uring over sockets\n\nFile reference cycles have caused lots of problems for io_uring\nin the past, and it still doesn't work exactly right and races with\nunix_stream_read_generic(). The safest fix would be to completely\ndisallow sending io_uring files via sockets via SCM_RIGHT, so there\nare no possible cycles invloving registered files and thus rendering\nSCM accounting on the io_uring side unnecessary.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for CVE-2023-52654)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52654 was patched at 2024-05-15

2017. Denial of Service - Kerberos (CVE-2003-0058) - Medium [351]

Description: MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0058 was patched at 2024-05-15

2018. Denial of Service - Kerberos (CVE-2003-0072) - Medium [351]

Description: The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0072 was patched at 2024-05-15

2019. Denial of Service - Kerberos (CVE-2003-0082) - Medium [351]

Description: The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0082 was patched at 2024-05-15

2020. Denial of Service - Kerberos (CVE-2004-0112) - Medium [351]

Description: The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0112 was patched at 2024-05-15

2021. Denial of Service - Kerberos (CVE-2004-0644) - Medium [351]

Description: The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0644 was patched at 2024-05-15

2022. Denial of Service - Kerberos (CVE-2005-1174) - Medium [351]

Description: MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1174 was patched at 2024-05-15

2023. Denial of Service - Kerberos (CVE-2006-5989) - Medium [351]

Description: Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5989 was patched at 2024-05-15

2024. Denial of Service - Kerberos (CVE-2010-0628) - Medium [351]

Description: The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0628 was patched at 2024-05-15

2025. Denial of Service - Unknown Product (CVE-2008-3889) - Medium [351]

Description: {'vulners_cve_data_all': 'Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Postfix < 2.4.9 2.5.5 2.6-20080902 (.forward) Local DoS Exploit, [seebug] Postfix < 2.4.9, 2.5.5, 2.6-20080902 (.forward) Local DoS Exploit, [seebug] Postfix < 2.4.9, 2.5.5, 2.6-20080902 - (.forward) Local DoS Exploit, [exploitpack] Postfix 2.4.92.5.52.6-20080902 - .forward Local Denial of Service, [exploitdb] Postfix < 2.4.9/2.5.5/2.6-20080902 - '.forward' Local Denial of Service)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3889 was patched at 2024-05-15

2026. Denial of Service - Unknown Product (CVE-2014-0019) - Medium [351]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] socat PROXY-CONNECT地址栈缓冲区溢出漏洞)
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0019 was patched at 2024-05-15

2027. Elevation of Privilege - BIND (CVE-2019-2213) - Medium [351]

Description: In binder_free_transaction of binder.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-133758011References: Upstream kernel

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-2213 was patched at 2024-05-15

2028. Elevation of Privilege - BIND (CVE-2020-0030) - Medium [351]

Description: In binder_thread_release of binder.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-145286050References: Upstream kernel

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-0030 was patched at 2024-05-15

2029. Elevation of Privilege - SQLite (CVE-2020-12050) - Medium [351]

Description: SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.714SQLite is a database engine written in the C programming language
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-12050 was patched at 2024-05-15

2030. Elevation of Privilege - VMware Tools (CVE-2015-5191) - Medium [351]

Description: VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.714VMware Tools is a set of services and modules that enable several features in VMware products for better management of, and seamless user interactions with, guests operating systems
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5191 was patched at 2024-05-15

2031. Incorrect Calculation - Unknown Product (CVE-2019-25043) - Medium [351]

Description: {'vulners_cve_data_all': 'ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index out of range" error and worker-process crash for a "Cookie: =abc" header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-25043 was patched at 2024-05-15

2032. Memory Corruption - Unknown Product (CVE-2021-34557) - Medium [351]

Description: {'vulners_cve_data_all': 'XScreenSaver 5.45 can be bypassed if the machine has more than ten disconnectable video outputs. A buffer overflow in update_screen_layout() allows an attacker to bypass the standard screen lock authentication mechanism by crashing XScreenSaver. The attacker must physically disconnect many video outputs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-34557 was patched at 2024-05-15

2033. Security Feature Bypass - HID (CVE-2024-1019) - Medium [351]

Description: {'vulners_cve_data_all': 'ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514HID
CVSS Base Score0.910CVSS Base Score is 8.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-1019 was patched at 2024-05-15

2034. Arbitrary File Writing - OpenSSH (CVE-2004-0175) - Medium [350]

Description: Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0175 was patched at 2024-05-15

2035. Information Disclosure - Unknown Product (CVE-2024-22513) - Medium [350]

Description: {'vulners_cve_data_all': 'djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Django REST Framework SimpleJWT 5.3.1 Information Disclosure, [zdt] djangorestframework-simplejwt 5.3.1 - Information Disclosure Exploit, [exploitdb] djangorestframework-simplejwt 5.3.1 - Information Disclosure)
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22513 was patched at 2024-05-15

2036. Remote Code Execution - Perl (CVE-2011-2709) - Medium [350]

Description: libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2709 was patched at 2024-05-15

2037. Remote Code Execution - Perl (CVE-2019-10178) - Medium [350]

Description: It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10178 was patched at 2024-05-15

2038. Remote Code Execution - Perl (CVE-2023-28439) - Medium [350]

Description: CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages on a web page with missing proper Content Security Policy configuration; initializing the editor on an element and using an element other than `<textarea>` as a base; and destroying the editor instance. This vulnerability might affect a small percentage of integrators that depend on dynamic editor initialization/destroy mechanism. A fix is available in CKEditor4 version 4.21.0. In some rare cases, a security fix may be considered a breaking change. Starting from version 4.21.0, the Iframe Dialog plugin applies the `sandbox` attribute by default, which restricts JavaScript code execution in the iframe element. To change this behavior, configure the `config.iframe_attributes` option. Also starting from version 4.21.0, the Media Embed plugin regenerates the entire content of the embed widget by default. To change this behavior, configure the `config.embed_keepOriginalContent` option. Those who choose to enable either of the more permissive options or who cannot upgrade to a patched version should properly configure Content Security Policy to avoid any potential security issues that may arise from embedding iframe elements on their web page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-28439 was patched at 2024-05-15

2039. Remote Code Execution - Wireshark (CVE-2012-0043) - Medium [350]

Description: Buffer overflow in the reassemble_message function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a series of fragmented RLC packets.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0043 was patched at 2024-05-15

2040. Remote Code Execution - Wireshark (CVE-2012-4294) - Medium [350]

Description: Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4294 was patched at 2024-05-15

2041. Unknown Vulnerability Type - Perl (CVE-2009-2700) - Medium [350]

Description: {'vulners_cve_data_all': 'src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Mozilla Firefox NULL字符CA SSL证书验证安全绕过漏洞, [seebug] Randombit Botan Library X509 Certificate Validation Bypass Vulnerability(CVE-2017-2801), [exploitdb] Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2700 was patched at 2024-05-15

2042. Unknown Vulnerability Type - Perl (CVE-2011-0633) - Medium [350]

Description: {'vulners_cve_data_all': 'The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof servers via man-in-the-middle (MITM) attacks involving hostnames that are not properly validated. NOTE: it could be argued that this is a design limitation of the Net::HTTPS API, and separate implementations should be independently assigned CVE identifiers for not working around this limitation. However, because this API was modified within LWP, a single CVE identifier has been assigned.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Perl libwww-perl (LWP)模块SSL证书验证安全策略绕过漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0633 was patched at 2024-05-15

2043. Unknown Vulnerability Type - Perl (CVE-2013-6426) - Medium [350]

Description: {'vulners_cve_data_all': 'The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenStack Heat CFN策略安全绕过漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6426 was patched at 2024-05-15

2044. Denial of Service - FFmpeg (CVE-2016-2327) - Medium [348]

Description: libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes in certain row calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .avi file, related to the apng_encode_frame and encode_apng functions.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2327 was patched at 2024-05-15

2045. Denial of Service - FFmpeg (CVE-2016-2329) - Medium [348]

Description: libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate RowsPerStrip values and YCbCr chrominance subsampling factors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted TIFF file, related to the tiff_decode_tag and decode_frame functions.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2329 was patched at 2024-05-15

2046. Denial of Service - FFmpeg (CVE-2016-2330) - Medium [348]

Description: libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a buffer size, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .tga file, related to the gif_image_write_image, gif_encode_init, and gif_encode_close functions.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2330 was patched at 2024-05-15

2047. Denial of Service - FFmpeg (CVE-2018-9841) - Medium [348]

Description: The export function in libavfilter/vf_signature.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via a long filename.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-9841 was patched at 2024-05-15

2048. Denial of Service - Kubernetes (CVE-2023-3676) - Medium [348]

Description: {'vulners_cve_data_all': 'A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-3676 was patched at 2024-05-15

2049. Denial of Service - Kubernetes (CVE-2023-3893) - Medium [348]

Description: {'vulners_cve_data_all': 'A security issue was discovered in Kubernetes where a user that can \ncreate pods on Windows nodes running kubernetes-csi-proxy may be able to\n escalate to admin privileges on those nodes. Kubernetes clusters are \nonly affected if they include Windows nodes running \nkubernetes-csi-proxy.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-3893 was patched at 2024-05-15

2050. Denial of Service - Kubernetes (CVE-2023-3955) - Medium [348]

Description: {'vulners_cve_data_all': 'A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-3955 was patched at 2024-05-15

2051. Denial of Service - Windows Security Center (CVE-2016-2328) - Medium [348]

Description: libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate certain height values, which allows remote attackers to cause a denial of service (out-of-bounds array read access) or possibly have unspecified other impact via a crafted .cine file, related to the bayer_to_rgb24_wrapper and bayer_to_yv12_wrapper functions.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714Windows Security Center (WSC) is a comprehensive reporting tool that helps users establish and maintain a protective security layer around their computer systems
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2328 was patched at 2024-05-15

2052. Information Disclosure - Struts (CVE-2009-1275) - Medium [348]

Description: Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714Apache Struts is a free, open-source, MVC framework for creating elegant, modern Java web applications. It favors convention over configuration, is extensible using a plugin architecture, and ships with plugins to support REST, AJAX and JSON
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1275 was patched at 2024-05-15

2053. Information Disclosure - macOS (CVE-2023-49284) - Medium [348]

Description: fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than transforming them into a safe internal representation. While this may cause unexpected behavior with direct input (for example, echo \UFDD2HOME has the same output as echo $HOME), this may become a minor security problem if the output is being fed from an external program into a command substitution where this output may not be expected. This design flaw was introduced in very early versions of fish, predating the version control system, and is thought to be present in every version of fish released in the last 15 years or more, although with different characters. Code execution does not appear to be possible, but denial of service (through large brace expansion) or information disclosure (such as variable expansion) is potentially possible under certain circumstances. fish shell 3.6.2 has been released to correct this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714macOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.710CVSS Base Score is 6.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49284 was patched at 2024-05-15

2054. Security Feature Bypass - Oracle MySQL (CVE-2024-21015) - Medium [348]

Description: {'vulners_cve_data_all': 'Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714MySQL is an open-source relational database management system
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

redhat: CVE-2024-21015 was patched at 2024-04-30

2055. Code Injection - Git (CVE-2022-24828) - Medium [347]

Description: Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.414Git
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24828 was patched at 2024-05-15

2056. Cross Site Scripting - APT (CVE-2019-7349) - Medium [347]

Description: Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[V4LCapturesPerFrame]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7349 was patched at 2024-05-15

2057. Cross Site Scripting - Mozilla Firefox (CVE-2006-3802) - Medium [347]

Description: Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3802 was patched at 2024-05-15

2058. Cross Site Scripting - Node.js (CVE-2014-3743) - Medium [347]

Description: Multiple cross-site scripting (XSS) vulnerabilities in the Marked module before 0.3.1 for Node.js allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) gfm codeblocks (language) or (2) javascript url's.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3743 was patched at 2024-05-15

2059. Cross Site Scripting - Node.js (CVE-2014-6393) - Medium [347]

Description: The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-6393 was patched at 2024-05-15

2060. Cross Site Scripting - Node.js (CVE-2015-8856) - Medium [347]

Description: Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8856 was patched at 2024-05-15

2061. Cross Site Scripting - Node.js (CVE-2015-8861) - Medium [347]

Description: The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8861 was patched at 2024-05-15

2062. Cross Site Scripting - Node.js (CVE-2015-8862) - Medium [347]

Description: mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8862 was patched at 2024-05-15

2063. Cross Site Scripting - PHP (CVE-2006-3388) - Medium [347]

Description: Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3388 was patched at 2024-05-15

2064. Cross Site Scripting - PHP (CVE-2007-1230) - Medium [347]

Description: Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1230 was patched at 2024-05-15

2065. Cross Site Scripting - PHP (CVE-2007-2423) - Medium [347]

Description: Cross-site scripting (XSS) vulnerability in index.php in MoinMoin 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the do parameter in an AttachFile action, a different vulnerability than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2423 was patched at 2024-05-15

2066. Cross Site Scripting - PHP (CVE-2007-3238) - Medium [347]

Description: Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3238 was patched at 2024-05-15

2067. Cross Site Scripting - PHP (CVE-2013-7351) - Medium [347]

Description: Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7351 was patched at 2024-05-15

2068. Cross Site Scripting - PHP (CVE-2014-9760) - Medium [347]

Description: Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9760 was patched at 2024-05-15

2069. Cross Site Scripting - PHP (CVE-2016-10201) - Medium [347]

Description: Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10201 was patched at 2024-05-15

2070. Cross Site Scripting - PHP (CVE-2016-10202) - Medium [347]

Description: Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10202 was patched at 2024-05-15

2071. Cross Site Scripting - PHP (CVE-2016-5704) - Medium [347]

Description: Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5704 was patched at 2024-05-15

2072. Cross Site Scripting - PHP (CVE-2016-5732) - Medium [347]

Description: Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via crafted table parameters.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5732 was patched at 2024-05-15

2073. Cross Site Scripting - PHP (CVE-2016-5833) - Medium [347]

Description: Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5833 was patched at 2024-05-15

2074. Cross Site Scripting - PHP (CVE-2016-6608) - Medium [347]

Description: XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x versions (prior to 4.6.4) are affected.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6608 was patched at 2024-05-15

2075. Cross Site Scripting - PHP (CVE-2016-9856) - Medium [347]

Description: An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9856 was patched at 2024-05-15

2076. Cross Site Scripting - PHP (CVE-2016-9857) - Medium [347]

Description: An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9857 was patched at 2024-05-15

2077. Cross Site Scripting - PHP (CVE-2017-12583) - Medium [347]

Description: DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12583 was patched at 2024-05-15

2078. Cross Site Scripting - PHP (CVE-2017-12979) - Medium [347]

Description: DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12979 was patched at 2024-05-15

2079. Cross Site Scripting - PHP (CVE-2017-12980) - Medium [347]

Description: DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12980 was patched at 2024-05-15

2080. Cross Site Scripting - PHP (CVE-2017-18343) - Medium [347]

Description: The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-18343 was patched at 2024-05-15

2081. Cross Site Scripting - PHP (CVE-2017-7203) - Medium [347]

Description: A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7203 was patched at 2024-05-15

2082. Cross Site Scripting - PHP (CVE-2019-20378) - Medium [347]

Description: ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20378 was patched at 2024-05-15

2083. Cross Site Scripting - PHP (CVE-2019-20379) - Medium [347]

Description: ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20379 was patched at 2024-05-15

2084. Cross Site Scripting - PHP (CVE-2019-7333) - Medium [347]

Description: Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view download (download.php) because proper filtration is omitted.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7333 was patched at 2024-05-15

2085. Cross Site Scripting - PHP (CVE-2019-7334) - Medium [347]

Description: Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'Exportfile' parameter value in the view export (export.php) because proper filtration is omitted.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7334 was patched at 2024-05-15

2086. Cross Site Scripting - PHP (CVE-2019-7336) - Medium [347]

Description: Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view _monitor_filters.php contains takes in input from the user and saves it into the session, and retrieves it later (insecurely). The values of the MonitorName and Source parameters are being displayed without any output filtration being applied. This relates to the view=cycle value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7336 was patched at 2024-05-15

2087. Cross Site Scripting - PHP (CVE-2019-7339) - Medium [347]

Description: POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'level' parameter value in the view log (log.php) because proper filtration is omitted.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7339 was patched at 2024-05-15

2088. Cross Site Scripting - PHP (CVE-2019-7340) - Medium [347]

Description: POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[Query][terms][0][val]' parameter value in the view filter (filter.php) because proper filtration is omitted.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7340 was patched at 2024-05-15

2089. Cross Site Scripting - PHP (CVE-2019-7341) - Medium [347]

Description: Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[LinkedMonitors]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7341 was patched at 2024-05-15

2090. Cross Site Scripting - PHP (CVE-2019-7342) - Medium [347]

Description: POST - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'filter[AutoExecuteCmd]' parameter value in the view filter (filter.php) because proper filtration is omitted.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7342 was patched at 2024-05-15

2091. Cross Site Scripting - PHP (CVE-2019-7343) - Medium [347]

Description: Reflected - Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'newMonitor[Method]' parameter value in the view monitor (monitor.php) because proper filtration is omitted.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7343 was patched at 2024-05-15

2092. Cross Site Scripting - PHP (CVE-2019-7348) - Medium [347]

Description: Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable 'username' parameter value in the view user (user.php) because proper filtration is omitted.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7348 was patched at 2024-05-15

2093. Cross Site Scripting - PHP (CVE-2019-7352) - Medium [347]

Description: Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'state' (aka Run State) (state.php) does no input validation to the value supplied to the 'New State' (aka newState) field, allowing an attacker to execute HTML or JavaScript code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7352 was patched at 2024-05-15

2094. Cross Site Scripting - PHP (CVE-2019-8425) - Medium [347]

Description: includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-8425 was patched at 2024-05-15

2095. Cross Site Scripting - PHP (CVE-2019-8426) - Medium [347]

Description: skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-8426 was patched at 2024-05-15

2096. Cross Site Scripting - PHP (CVE-2020-25729) - Medium [347]

Description: ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25729 was patched at 2024-05-15

2097. Cross Site Scripting - PHP (CVE-2021-30458) - Medium [347]

Description: An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30458 was patched at 2024-05-15

2098. Cross Site Scripting - PHP (CVE-2021-40926) - Medium [347]

Description: Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40926 was patched at 2024-05-15

2099. Cross Site Scripting - PHP (CVE-2021-40968) - Medium [347]

Description: Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40968 was patched at 2024-05-15

2100. Cross Site Scripting - PHP (CVE-2021-40969) - Medium [347]

Description: Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40969 was patched at 2024-05-15

2101. Cross Site Scripting - PHP (CVE-2021-40970) - Medium [347]

Description: Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40970 was patched at 2024-05-15

2102. Cross Site Scripting - PHP (CVE-2021-40971) - Medium [347]

Description: Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40971 was patched at 2024-05-15

2103. Cross Site Scripting - PHP (CVE-2021-40972) - Medium [347]

Description: Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40972 was patched at 2024-05-15

2104. Cross Site Scripting - PHP (CVE-2021-40973) - Medium [347]

Description: Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40973 was patched at 2024-05-15

2105. Cross Site Scripting - PHP (CVE-2021-43725) - Medium [347]

Description: There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43725 was patched at 2024-05-15

2106. Cross Site Scripting - PHP (CVE-2022-26564) - Medium [347]

Description: HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-26564 was patched at 2024-05-15

2107. Cross Site Scripting - PHP (CVE-2023-46287) - Medium [347]

Description: XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46287 was patched at 2024-05-15

2108. Cross Site Scripting - PHP (CVE-2023-52322) - Medium [347]

Description: ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52322 was patched at 2024-05-15

2109. Cross Site Scripting - Safari (CVE-2017-2549) - Medium [347]

Description: An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with frame loading.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2549 was patched at 2024-05-15

2110. Cross Site Scripting - Safari (CVE-2017-7038) - Medium [347]

Description: A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7038 was patched at 2024-05-15

2111. Cross Site Scripting - Safari (CVE-2017-7059) - Medium [347]

Description: A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7059 was patched at 2024-05-15

2112. Cross Site Scripting - Safari (CVE-2019-6229) - Medium [347]

Description: A logic issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, tvOS 12.1.2, Safari 12.0.3, iTunes 12.9.3 for Windows, iCloud for Windows 7.10. Processing maliciously crafted web content may lead to universal cross site scripting.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6229 was patched at 2024-05-15

2113. Authentication Bypass - Oracle Java SE (CVE-2020-2585) - Medium [346]

Description: {'vulners_cve_data_all': 'Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.614Oracle Java SE
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-2585 was patched at 2024-05-15

2114. Denial of Service - Linux Kernel (CVE-2013-0313) - Medium [346]

Description: The evm_update_evmxattr function in security/integrity/evm/evm_crypto.c in the Linux kernel before 3.7.5, when the Extended Verification Module (EVM) is enabled, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an attempted removexattr operation on an inode of a sockfs filesystem.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0313 was patched at 2024-05-15

2115. Denial of Service - Linux Kernel (CVE-2013-7027) - Medium [346]

Description: The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7027 was patched at 2024-05-15

2116. Denial of Service - Linux Kernel (CVE-2013-7470) - Medium [346]

Description: cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7470 was patched at 2024-05-15

2117. Denial of Service - Linux Kernel (CVE-2015-1339) - Medium [346]

Description: Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1339 was patched at 2024-05-15

2118. Denial of Service - Linux Kernel (CVE-2015-8953) - Medium [346]

Description: fs/overlayfs/copy_up.c in the Linux kernel before 4.2.6 uses an incorrect cleanup code path, which allows local users to cause a denial of service (dentry reference leak) via filesystem operations on a large file in a lower overlayfs layer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8953 was patched at 2024-05-15

2119. Denial of Service - Linux Kernel (CVE-2016-10154) - Medium [346]

Description: The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a scatterlist.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10154 was patched at 2024-05-15

2120. Denial of Service - Linux Kernel (CVE-2016-3695) - Medium [346]

Description: The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3695 was patched at 2024-05-15

2121. Denial of Service - Linux Kernel (CVE-2016-8660) - Medium [346]

Description: The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-8660 was patched at 2024-05-15

2122. Denial of Service - Linux Kernel (CVE-2017-18261) - Medium [346]

Description: The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-18261 was patched at 2024-05-15

2123. Denial of Service - Linux Kernel (CVE-2017-8071) - Medium [346]

Description: drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a spinlock without considering that sleeping is possible in a USB HID request callback, which allows local users to cause a denial of service (deadlock) via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8071 was patched at 2024-05-15

2124. Denial of Service - Linux Kernel (CVE-2017-8106) - Medium [346]

Description: The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel 3.12 through 3.15 allows privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8106 was patched at 2024-05-15

2125. Denial of Service - Linux Kernel (CVE-2017-9059) - Medium [346]

Description: The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9059 was patched at 2024-05-15

2126. Denial of Service - Linux Kernel (CVE-2017-9211) - Medium [346]

Description: The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9211 was patched at 2024-05-15

2127. Denial of Service - Linux Kernel (CVE-2018-12633) - Medium [346]

Description: An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses. This bug can cause a local denial of service and information leakage.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12633 was patched at 2024-05-15

2128. Denial of Service - Linux Kernel (CVE-2019-12455) - Medium [346]

Description: An issue was discovered in sunxi_divs_clk_setup in drivers/clk/sunxi/clk-sunxi.c in the Linux kernel through 5.1.5. There is an unchecked kstrndup of derived_name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This id is disputed as not being an issue because “The memory allocation that was not checked is part of a code that only runs at boot time, before user processes are started. Therefore, there is no possibility for an unprivileged user to control it, and no denial of service.”

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12455 was patched at 2024-05-15

2129. Denial of Service - Linux Kernel (CVE-2019-19080) - Medium [346]

Description: Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19080 was patched at 2024-05-15

2130. Denial of Service - Linux Kernel (CVE-2019-19081) - Medium [346]

Description: A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19081 was patched at 2024-05-15

2131. Denial of Service - Linux Kernel (CVE-2019-9857) - Medium [346]

Description: In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak). Finally, this will cause a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9857 was patched at 2024-05-15

2132. Denial of Service - Linux Kernel (CVE-2021-33135) - Medium [346]

Description: Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33135 was patched at 2024-05-15

2133. Denial of Service - Linux Kernel (CVE-2021-46283) - Medium [346]

Description: nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46283 was patched at 2024-05-15

2134. Denial of Service - Linux Kernel (CVE-2022-47946) - Medium [346]

Description: An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-47946 was patched at 2024-05-15

2135. Denial of Service - Linux Kernel (CVE-2023-3108) - Medium [346]

Description: A flaw was found in the subsequent get_user_pages_fast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipher_recvmsg of crypto/algif_skcipher.c function. This flaw allows a local user to crash the system.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-3108 was patched at 2024-05-15

debian: CVE-2023-31081 was patched at 2024-05-15

debian: CVE-2023-31082 was patched at 2024-05-15

2136. Denial of Service - Linux Kernel (CVE-2023-3357) - Medium [346]

Description: A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-3357 was patched at 2024-05-15

2137. Denial of Service - Linux Kernel (CVE-2024-24861) - Medium [346]

Description: A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-24861 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-24861 was patched at 2024-06-07, 2024-06-11, 2024-06-14

2138. Denial of Service - Linux Kernel (CVE-2024-26606) - Medium [346]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: signal epoll threads of self-work\n\nIn (e)poll mode, threads often depend on I/O events to determine when\ndata is ready for consumption. Within binder, a thread may initiate a\ncommand via BINDER_WRITE_READ without a read buffer and then make use\nof epoll_wait() or similar to consume any responses afterwards.\n\nIt is then crucial that epoll threads are signaled via wakeup when they\nqueue their own work. Otherwise, they risk waiting indefinitely for an\nevent leaving their work unhandled. What is worse, subsequent commands\nwon't trigger a wakeup either as the thread has pending work.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26606 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26606 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

2139. Denial of Service - Windows Encrypting File System (CVE-2020-10812) - Medium [346]

Description: An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5F_get_nrefs() located in H5Fquery.c. It allows an attacker to cause Denial of Service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10812 was patched at 2024-05-15

2140. Denial of Service - Windows Encrypting File System (CVE-2020-21896) - Medium [346]

Description: A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21896 was patched at 2024-05-15

2141. Denial of Service - Windows Kernel (CVE-2023-0187) - Medium [346]

Description: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0187 was patched at 2024-05-15

2142. Denial of Service - Windows Kernel (CVE-2023-0188) - Medium [346]

Description: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0188 was patched at 2024-05-15

2143. Denial of Service - Windows Kernel (CVE-2023-0199) - Medium [346]

Description: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0199 was patched at 2024-05-15

2144. Denial of Service - Windows Kernel (CVE-2023-31022) - Medium [346]

Description: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31022 was patched at 2024-05-15

2145. Memory Corruption - Linux Kernel (CVE-2014-3180) - Medium [346]

Description: In kernel/compat.c in the Linux kernel before 3.17, as used in Google Chrome OS and other products, there is a possible out-of-bounds read. restart_syscall uses uninitialized data when restarting compat_sys_nanosleep. NOTE: this is disputed because the code path is unreachable

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3180 was patched at 2024-05-15

2146. Memory Corruption - Linux Kernel (CVE-2022-47942) - Medium [346]

Description: An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in set_ntacl_dacl, related to use of SMB2_QUERY_INFO_HE after a malformed SMB2_SET_INFO_HE command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-47942 was patched at 2024-05-15

2147. Security Feature Bypass - Git (CVE-2017-1000082) - Medium [346]

Description: {'vulners_cve_data_all': 'systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.414Git
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000082 was patched at 2024-05-15

2148. Arbitrary File Writing - SQLite (CVE-2006-1279) - Medium [345]

Description: CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by (1) Driver::File, (2) Driver::db_file, and possibly (3) Driver::sqlite.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.714SQLite is a database engine written in the C programming language
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1279 was patched at 2024-05-15

2149. Cross Site Scripting - Unknown Product (CVE-2023-6710) - Medium [345]

Description: {'vulners_cve_data_all': 'A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Cross-site Scripting in Modcluster Mod Proxy Cluster, [githubexploit] Exploit for Cross-site Scripting in Modcluster Mod Proxy Cluster)
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-6710 was patched at 2024-04-30

oraclelinux: CVE-2023-6710 was patched at 2024-05-02

redhat: CVE-2023-6710 was patched at 2024-04-30

2150. Information Disclosure - Apache HTTP Server (CVE-2012-0216) - Medium [345]

Description: The default configuration of the apache2 package in Debian GNU/Linux squeeze before 2.2.16-6+squeeze7, wheezy before 2.2.22-4, and sid before 2.2.22-4, when mod_php or mod_rivet is used, provides example scripts under the doc/ URI, which might allow local users to conduct cross-site scripting (XSS) attacks, gain privileges, or obtain sensitive information via vectors involving localhost HTTP requests to the Apache HTTP Server.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0216 was patched at 2024-05-15

2151. Information Disclosure - Linux Kernel (CVE-2016-0823) - Medium [345]

Description: {'vulners_cve_data_all': 'The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-0823 was patched at 2024-05-15

2152. Remote Code Execution - Cacti (CVE-2017-16660) - Medium [345]

Description: Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16660 was patched at 2024-05-15

2153. Remote Code Execution - GDI (CVE-2010-1526) - Medium [345]

Description: Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or (3) a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514GDI
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1526 was patched at 2024-05-15

2154. Remote Code Execution - HID (CVE-2020-7456) - Medium [345]

Description: In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with physical access to a USB port to be able to use a specially crafted USB device to gain kernel or user-space code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514HID
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7456 was patched at 2024-05-15

2155. Remote Code Execution - TLS (CVE-2010-5111) - Medium [345]

Description: Multiple buffer overflows in readline.c in Echoping 6.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted reply in the (1) TLS_readline or (2) SSL_readline function, related to the EchoPingHttps Smokeping probe.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514TLS
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-5111 was patched at 2024-05-15

2156. Remote Code Execution - TRIE (CVE-2010-1620) - Medium [345]

Description: Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a (1) file or (2) socket that provides configuration data with many entries, leading to a heap-based buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1620 was patched at 2024-05-15

2157. Remote Code Execution - TRIE (CVE-2013-1629) - Medium [345]

Description: pip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a "pip install" operation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1629 was patched at 2024-05-15

2158. Remote Code Execution - TRIE (CVE-2022-36114) - Medium [345]

Description: Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size (also known as a "zip bomb"), exhausting the disk space on the machine using Cargo to download the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. We recommend users of alternate registries to excercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as the same concerns about build scripts and procedural macros apply here.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-36114 was patched at 2024-05-15

2159. Remote Code Execution - Word PDF (CVE-2009-3938) - Medium [345]

Description: Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PDF file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Word PDF
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3938 was patched at 2024-05-15

2160. Unknown Vulnerability Type - nginx (CVE-2011-4968) - Medium [345]

Description: {'vulners_cve_data_all': 'nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] nginx 中间人攻击漏洞(CVE-2011-4968))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4968 was patched at 2024-05-15

2161. Authentication Bypass - Node.js (CVE-2024-30261) - Medium [344]

Description: {'vulners_cve_data_all': 'Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-30261 was patched at 2024-05-15

2162. Command Injection - Oracle Java SE (CVE-2023-22043) - Medium [344]

Description: Vulnerability in Oracle Java SE (component: JavaFX). The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.614Oracle Java SE
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22043 was patched at 2024-05-15

redos: CVE-2023-22043 was patched at 2024-05-21

2163. Command Injection - Perl (CVE-2011-1575) - Medium [344]

Description: The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1575 was patched at 2024-05-15

2164. Denial of Service - Perl (CVE-2013-1910) - Medium [344]

Description: yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote repository.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1910 was patched at 2024-05-15

2165. Denial of Service - Perl (CVE-2017-9103) - Medium [344]

Description: An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9103 was patched at 2024-05-15

2166. Denial of Service - Redis (CVE-2017-15047) - Medium [344]

Description: The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows attackers to cause a denial of service (out-of-bounds array index and application crash) or possibly have unspecified other impact by leveraging "limited access to the machine."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15047 was patched at 2024-05-15

2167. Security Feature Bypass - ImageMagick (CVE-2016-10060) - Medium [344]

Description: {'vulners_cve_data_all': 'The ConcatenateImages function in MagickWand/magick-cli.c in ImageMagick before 7.0.1-10 does not check the return value of the fputc function, which allows remote attackers to cause a denial of service (application crash) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10060 was patched at 2024-05-15

2168. Security Feature Bypass - Perl (CVE-2021-34147) - Medium [344]

Description: {'vulners_cve_data_all': 'The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 does not properly handle the reception of a malformed LMP timing accuracy response followed by multiple reconnections to the link slave, allowing attackers to exhaust device BT resources and eventually trigger a crash via multiple attempts of sending a crafted LMP timing accuracy response followed by a sudden reconnection with a random BDAddress.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-34147 was patched at 2024-05-15

2169. Security Feature Bypass - Perl (CVE-2021-34148) - Medium [344]

Description: {'vulners_cve_data_all': 'The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with a greater ACL Length after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-34148 was patched at 2024-05-15

2170. XXE Injection - Microsoft Excel (CVE-2019-12415) - Medium [344]

Description: In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common0.614MS Office product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12415 was patched at 2024-05-15

2171. Arbitrary File Reading - Perl (CVE-2017-16248) - Medium [343]

Description: The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows remote attackers to read arbitrary files if there is a '.' character anywhere in the pathname, which differs from the intended policy of allowing access only when the filename itself has a '.' character.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16248 was patched at 2024-05-15

2172. Arbitrary File Reading - Python (CVE-2023-34457) - Medium [343]

Description: MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a `<input type="file" ...>` inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took very specific (and manual) steps to reset HTML form field values. Version 1.3.0 contains a patch for this issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34457 was patched at 2024-05-15

2173. Information Disclosure - Perl (CVE-2006-5867) - Medium [343]

Description: fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5867 was patched at 2024-05-15

2174. Information Disclosure - Python (CVE-2023-41039) - Medium [343]

Description: RestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to critical information disclosure. With `RestrictedPython`, the format functionality is available via the `format` and `format_map` methods of `str` (and `unicode`) (accessed either via the class or its instances) and via `string.Formatter`. All known versions of `RestrictedPython` are vulnerable. This issue has been addressed in commit `4134aedcff1` which has been included in the 5.4 and 6.2 releases. Users are advised to upgrade. There are no known workarounds for this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 8.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-41039 was patched at 2024-05-15

2175. Information Disclosure - libxml2 (CVE-2021-42522) - Medium [343]

Description: There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' to release the return value of 'xmlGetProp()'.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42522 was patched at 2024-05-15

2176. Cross Site Scripting - MediaWiki (CVE-2004-2185) - Medium [342]

Description: Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2185 was patched at 2024-05-15

2177. Cross Site Scripting - MediaWiki (CVE-2007-1054) - Medium [342]

Description: Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1054 was patched at 2024-05-15

2178. Cross Site Scripting - MediaWiki (CVE-2007-1055) - Medium [342]

Description: Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1055 was patched at 2024-05-15

2179. Remote Code Execution - iOS (CVE-2005-4667) - Medium [342]

Description: Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4667 was patched at 2024-05-15

2180. Arbitrary File Reading - PHP (CVE-2004-0129) - Medium [341]

Description: Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0129 was patched at 2024-05-15

2181. Arbitrary File Reading - PHP (CVE-2004-1148) - Medium [341]

Description: phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1148 was patched at 2024-05-15

2182. Arbitrary File Reading - PHP (CVE-2006-4208) - Medium [341]

Description: Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. (dot dot) in the backup parameter to edit.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4208 was patched at 2024-05-15

2183. Arbitrary File Reading - PHP (CVE-2006-5031) - Medium [341]

Description: Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5031 was patched at 2024-05-15

2184. Arbitrary File Reading - PHP (CVE-2009-1148) - Medium [341]

Description: Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1148 was patched at 2024-05-15

2185. Arbitrary File Reading - PHP (CVE-2009-2166) - Medium [341]

Description: Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2166 was patched at 2024-05-15

2186. Arbitrary File Writing - Perl (CVE-2016-10374) - Medium [341]

Description: perltidy through 20160302, as used by perlcritic, check-all-the-things, and other software, relies on the current working directory for certain output files and does not have a symlink-attack protection mechanism, which allows local users to overwrite arbitrary files by creating a symlink, as demonstrated by creating a perltidy.ERR symlink that the victim cannot delete.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10374 was patched at 2024-05-15

2187. Denial of Service - Binutils (CVE-2018-20712) - Medium [341]

Description: A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20712 was patched at 2024-05-15

2188. Denial of Service - Mozilla Firefox (CVE-2006-6502) - Medium [341]

Description: Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6502 was patched at 2024-05-15

2189. Denial of Service - Node.js (CVE-2024-22025) - Medium [341]

Description: A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-22025 was patched at 2024-05-09, 2024-05-15, 2024-05-20

debian: CVE-2024-22025 was patched at 2024-05-15

oraclelinux: CVE-2024-22025 was patched at 2024-05-09, 2024-05-10, 2024-05-14, 2024-05-16, 2024-05-22

redhat: CVE-2024-22025 was patched at 2024-05-09, 2024-05-15, 2024-05-20

2190. Denial of Service - PHP (CVE-2007-1325) - Medium [341]

Description: The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1325 was patched at 2024-05-15

2191. Denial of Service - PHP (CVE-2019-9085) - Medium [341]

Description: Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to visualizza_contratto.php with invalid arguments (any non-numeric value), as demonstrated by the anno=2019&id_transazione=1&numero_contratto=1&n_file=a query string to visualizza_contratto.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9085 was patched at 2024-05-15

2192. Denial of Service - RPC (CVE-2018-20846) - Medium [341]

Description: Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20846 was patched at 2024-05-15

2193. Denial of Service - Samba (CVE-2018-16852) - Medium [341]

Description: Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS property is set, the server will follow a NULL pointer and terminate. There is no further vulnerability associated with this issue, merely a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16852 was patched at 2024-05-15

2194. Denial of Service - Samba (CVE-2019-12435) - Medium [341]

Description: Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12435 was patched at 2024-05-15

2195. Incorrect Calculation - RPC (CVE-2020-16124) - Medium [341]

Description: Integer Overflow or Wraparound vulnerability in the XML RPC library of OpenRobotics ros_comm communications packages allows unauthenticated network traffic to cause unexpected behavior. This issue affects: OpenRobotics ros_comm communications packages Noetic and prior versions. Fixed in https://github.com/ros/ros_comm/pull/2065.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-16124 was patched at 2024-05-15

2196. Information Disclosure - APT (CVE-2005-2214) - Medium [341]

Description: apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2214 was patched at 2024-05-15

2197. Information Disclosure - PHP (CVE-2004-2664) - Medium [341]

Description: John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2664 was patched at 2024-05-15

2198. Information Disclosure - PHP (CVE-2005-0869) - Medium [341]

Description: phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0869 was patched at 2024-05-15

2199. Information Disclosure - PHP (CVE-2005-2110) - Medium [341]

Description: WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2110 was patched at 2024-05-15

2200. Information Disclosure - PHP (CVE-2005-4463) - Medium [341]

Description: WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes. NOTE: the wp-admin/menu-header.php vector is already covered by CVE-2005-2110. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors were also reported to affect WordPress 2.0.1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4463 was patched at 2024-05-15

2201. Information Disclosure - PHP (CVE-2006-0519) - Medium [341]

Description: SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0519 was patched at 2024-05-15

2202. Information Disclosure - PHP (CVE-2006-0986) - Medium [341]

Description: WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) default-filters.php, (2) template-loader.php, (3) rss-functions.php, (4) locale.php, (5) wp-db.php, and (6) kses.php in the wp-includes/ directory; and (7) edit-form-advanced.php, (8) admin-functions.php, (9) edit-link-form.php, (10) edit-page-form.php, (11) admin-footer.php, and (12) menu.php in the wp-admin directory; and possibly (13) list directory contents of the wp-includes directory. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110. Other vectors might be covered by CVE-2005-1688. NOTE: if the typical installation of WordPress does not list any site-specific files to wp-includes, then vector [13] is not an exposure.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0986 was patched at 2024-05-15

2203. Information Disclosure - PHP (CVE-2006-3389) - Medium [341]

Description: index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3389 was patched at 2024-05-15

2204. Information Disclosure - PHP (CVE-2006-4679) - Medium [341]

Description: DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug".

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4679 was patched at 2024-05-15

2205. Information Disclosure - PHP (CVE-2006-4735) - Medium [341]

Description: Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sensitive information via a direct request for (1) rss_fetch.inc.php or (2) rss_parse.inc.php, which reveals the path in various error messages.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4735 was patched at 2024-05-15

2206. Information Disclosure - PHP (CVE-2006-4743) - Medium [341]

Description: WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4743 was patched at 2024-05-15

2207. Information Disclosure - PHP (CVE-2006-5117) - Medium [341]

Description: phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5117 was patched at 2024-05-15

2208. Information Disclosure - PHP (CVE-2006-6373) - Medium [341]

Description: PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6373 was patched at 2024-05-15

2209. Information Disclosure - PHP (CVE-2007-0095) - Medium [341]

Description: phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0095 was patched at 2024-05-15

2210. Information Disclosure - PHP (CVE-2007-0109) - Medium [341]

Description: wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0109 was patched at 2024-05-15

2211. Information Disclosure - PHP (CVE-2008-0195) - Medium [341]

Description: WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0195 was patched at 2024-05-15

2212. Information Disclosure - PHP (CVE-2009-2432) - Medium [341]

Description: WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2432 was patched at 2024-05-15

2213. Information Disclosure - PHP (CVE-2011-3264) - Medium [341]

Description: Zabbix before 1.8.6 allows remote attackers to obtain sensitive information via an invalid srcfld2 parameter to popup.php, which reveals the installation path in an error message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3264 was patched at 2024-05-15

2214. Information Disclosure - PHP (CVE-2011-3646) - Medium [341]

Description: phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to obtain sensitive information via an array-typed js_frame parameter to phpmyadmin.css.php, which reveals the installation path in an error message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3646 was patched at 2024-05-15

2215. Information Disclosure - PHP (CVE-2011-3699) - Medium [341]

Description: John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/test-active-record.php and certain other files.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3699 was patched at 2024-05-15

2216. Information Disclosure - PHP (CVE-2013-4998) - Medium [341]

Description: phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmd_common.php and other files.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4998 was patched at 2024-05-15

2217. Information Disclosure - PHP (CVE-2013-4999) - Medium [341]

Description: phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4999 was patched at 2024-05-15

2218. Information Disclosure - PHP (CVE-2013-5000) - Medium [341]

Description: phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-5000 was patched at 2024-05-15

2219. Information Disclosure - PHP (CVE-2015-8669) - Medium [341]

Description: libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8669 was patched at 2024-05-15

2220. Information Disclosure - PHP (CVE-2016-2042) - Medium [341]

Description: phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to (1) libraries/phpseclib/Crypt/AES.php or (2) libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2042 was patched at 2024-05-15

2221. Information Disclosure - PHP (CVE-2016-2044) - Medium [341]

Description: libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2044 was patched at 2024-05-15

2222. Information Disclosure - PHP (CVE-2016-5097) - Medium [341]

Description: phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped before external navigation, which allows remote attackers to obtain sensitive information by reading (1) HTTP requests or (2) server logs.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5097 was patched at 2024-05-15

2223. Information Disclosure - PHP (CVE-2016-5730) - Medium [341]

Description: phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving (1) an array value to FormDisplay.php, (2) incorrect data to validate.php, (3) unexpected data to Validator.php, (4) a missing config directory during setup, or (5) an incorrect OpenID identifier data type, which reveals the full path in an error message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5730 was patched at 2024-05-15

2224. Information Disclosure - Safari (CVE-2009-2797) - Medium [341]

Description: The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2797 was patched at 2024-05-15

2225. Information Disclosure - Safari (CVE-2017-7006) - Medium [341]

Description: An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7006 was patched at 2024-05-15

2226. Information Disclosure - Safari (CVE-2017-7142) - Medium [341]

Description: An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7142 was patched at 2024-05-15

2227. Memory Corruption - GNU C Library (CVE-2005-3590) - Medium [341]

Description: The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3590 was patched at 2024-05-15

2228. Memory Corruption - GNU C Library (CVE-2017-8305) - Medium [341]

Description: The UDFclient (before 0.8.8) custom strlcpy implementation has a buffer overflow. UDFclient's strlcpy is used only on systems with a C library (e.g., glibc) that lacks its own strlcpy.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8305 was patched at 2024-05-15

2229. Memory Corruption - GNU C Library (CVE-2018-6551) - Medium [341]

Description: The malloc implementation in the GNU C Library (aka glibc or libc6), from version 2.24 to 2.26 on powerpc, and only in version 2.26 on i386, did not properly handle malloc calls with arguments close to SIZE_MAX and could return a pointer to a heap region that is smaller than requested, eventually leading to heap corruption.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6551 was patched at 2024-05-15

2230. Memory Corruption - RPC (CVE-2017-7860) - Medium [341]

Description: Google gRPC before 2017-02-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the parse_unix function in core/ext/client_channel/parse_address.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7860 was patched at 2024-05-15

2231. Memory Corruption - RPC (CVE-2017-7861) - Medium [341]

Description: Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7861 was patched at 2024-05-15

2232. Memory Corruption - RPC (CVE-2017-8359) - Medium [341]

Description: Google gRPC before 2017-03-29 has an out-of-bounds write caused by a heap-based use-after-free related to the grpc_call_destroy function in core/lib/surface/call.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8359 was patched at 2024-05-15

2233. Memory Corruption - RPC (CVE-2017-9431) - Medium [341]

Description: Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9431 was patched at 2024-05-15

2234. Memory Corruption - RPC (CVE-2019-14200) - Medium [341]

Description: An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14200 was patched at 2024-05-15

2235. Path Traversal - PHP (CVE-2009-4896) - Medium [341]

Description: Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4896 was patched at 2024-05-15

2236. Path Traversal - PHP (CVE-2011-2643) - Medium [341]

Description: Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x before 3.4.3.2, when configuration storage is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a MIME-type transformation parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2643 was patched at 2024-05-15

2237. Security Feature Bypass - Google Chrome (CVE-2021-30587) - Medium [341]

Description: {'vulners_cve_data_all': 'Inappropriate implementation in Compositing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30587 was patched at 2024-05-15

2238. Security Feature Bypass - Google Chrome (CVE-2021-30589) - Medium [341]

Description: Insufficient validation of untrusted input in Sharing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to bypass navigation restrictions via a crafted click-to-call link.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30589 was patched at 2024-05-15

2239. Security Feature Bypass - Google Chrome (CVE-2021-30630) - Medium [341]

Description: Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30630 was patched at 2024-05-15

2240. Cross Site Scripting - Windows Encrypting File System (CVE-2011-5025) - Medium [340]

Description: Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.914Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-5025 was patched at 2024-05-15

2241. Cross Site Scripting - Windows LDAP (CVE-2007-1840) - Medium [340]

Description: lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting (XSS).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1840 was patched at 2024-05-15

2242. Cross Site Scripting - Windows LDAP (CVE-2011-4074) - Medium [340]

Description: Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via an _debug command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4074 was patched at 2024-05-15

2243. Cross Site Scripting - Windows LDAP (CVE-2012-0834) - Medium [340]

Description: Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0834 was patched at 2024-05-15

2244. Cross Site Scripting - Windows LDAP (CVE-2013-4453) - Medium [340]

Description: Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4453 was patched at 2024-05-15

2245. Remote Code Execution - GPAC (CVE-2021-31255) - Medium [340]

Description: Buffer overflow in the abst_box_read function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31255 was patched at 2024-05-15

2246. Remote Code Execution - Git (CVE-2006-2193) - Medium [340]

Description: Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2193 was patched at 2024-05-15

2247. Remote Code Execution - Git (CVE-2016-10075) - Medium [340]

Description: The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10075 was patched at 2024-05-15

2248. Remote Code Execution - Git (CVE-2018-20167) - Medium [340]

Description: Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers unknown file types to the handle_unknown_media() function, which executes xdg-open against the filename specified in the sequence. The use of xdg-open for all unknown file types allows executable file formats with a registered shared MIME type to be executed. An attacker can achieve remote code execution by introducing an executable file and a plain text file containing the control sequence through a fake software project (e.g., in Git or a tarball). When the control sequence is rendered (such as with cat), the executable file will be run.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20167 was patched at 2024-05-15

2249. Remote Code Execution - Git (CVE-2018-7032) - Medium [340]

Description: webcheckout in myrepos through 1.20171231 does not sanitize URLs that are passed to git clone, allowing a malicious website operator or a MitM attacker to take advantage of it for arbitrary code execution, as demonstrated by an "ext::sh -c" attack or an option injection attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7032 was patched at 2024-05-15

2250. Remote Code Execution - Git (CVE-2022-1427) - Medium [340]

Description: Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1427 was patched at 2024-05-15

2251. Remote Code Execution - Git (CVE-2022-1533) - Medium [340]

Description: Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. This vulnerability is capable of arbitrary code execution.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1533 was patched at 2024-05-15

2252. Authentication Bypass - BIND (CVE-2013-2157) - Medium [339]

Description: OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when using LDAP with Anonymous binding, allows remote attackers to bypass authentication via an empty password.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2157 was patched at 2024-05-15

2253. Code Injection - Cacti (CVE-2019-17357) - Medium [339]

Description: {'vulners_cve_data_all': 'Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17357 was patched at 2024-05-15

2254. Code Injection - Cacti (CVE-2023-46490) - Medium [339]

Description: SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46490 was patched at 2024-05-15

2255. Command Injection - nginx (CVE-2014-3556) - Medium [339]

Description: The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.514Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3556 was patched at 2024-05-15

2256. Security Feature Bypass - DNSSEC (CVE-2019-10191) - Medium [339]

Description: {'vulners_cve_data_all': 'A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10191 was patched at 2024-05-15

2257. Security Feature Bypass - TLS (CVE-2016-20011) - Medium [339]

Description: {'vulners_cve_data_all': 'libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-20011 was patched at 2024-05-15

2258. Security Feature Bypass - TLS (CVE-2018-16875) - Medium [339]

Description: {'vulners_cve_data_all': 'The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16875 was patched at 2024-05-15

2259. Security Feature Bypass - TLS (CVE-2019-11499) - Medium [339]

Description: {'vulners_cve_data_all': 'In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11499 was patched at 2024-05-15

2260. Security Feature Bypass - TLS (CVE-2021-32574) - Medium [339]

Description: {'vulners_cve_data_all': 'HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy proxy TLS configuration does not validate destination service identity in the encoded subject alternative name. Fixed in 1.8.14, 1.9.8, and 1.10.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32574 was patched at 2024-05-15

2261. Security Feature Bypass - TRIE (CVE-2022-23853) - Medium [339]

Description: {'vulners_cve_data_all': 'The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-23853 was patched at 2024-05-15

2262. Open Redirect - PHP (CVE-2017-1000013) - Medium [338]

Description: phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.7515Open Redirect
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000013 was patched at 2024-05-15

2263. Open Redirect - PHP (CVE-2018-6520) - Medium [338]

Description: SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.7515Open Redirect
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6520 was patched at 2024-05-15

2264. Remote Code Execution - ImageMagick (CVE-2006-0082) - Medium [338]

Description: Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0082 was patched at 2024-05-15

2265. Remote Code Execution - ImageMagick (CVE-2006-3743) - Medium [338]

Description: Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3743 was patched at 2024-05-15

2266. Remote Code Execution - ImageMagick (CVE-2006-3744) - Medium [338]

Description: Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3744 was patched at 2024-05-15

2267. Remote Code Execution - ImageMagick (CVE-2006-5456) - Medium [338]

Description: Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5456 was patched at 2024-05-15

2268. Remote Code Execution - Microsoft Word (CVE-2006-4513) - Medium [338]

Description: Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Microsoft Word is a widely used commercial word processor developed by Microsoft. It is a component of the Microsoft Office suite of productivity software but can also be purchased as a standalone product.
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4513 was patched at 2024-05-15

2269. Remote Code Execution - Perl (CVE-2005-0667) - Medium [338]

Description: Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0667 was patched at 2024-05-15

2270. Remote Code Execution - Perl (CVE-2005-2972) - Medium [338]

Description: Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2972 was patched at 2024-05-15

2271. Remote Code Execution - Perl (CVE-2006-4262) - Medium [338]

Description: Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) a long -f (aka reffile) command line argument.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4262 was patched at 2024-05-15

2272. Remote Code Execution - Perl (CVE-2007-4767) - Medium [338]

Description: Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4767 was patched at 2024-05-15

2273. Remote Code Execution - Perl (CVE-2011-3170) - Medium [338]

Description: The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3170 was patched at 2024-05-15

2274. Remote Code Execution - Perl (CVE-2013-6457) - Medium [338]

Description: The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6457 was patched at 2024-05-15

2275. Remote Code Execution - Python (CVE-2024-34062) - Medium [338]

Description: tqdm is an open source progress bar for Python and CLI. Any optional non-boolean CLI arguments (e.g. `--delim`, `--buf-size`, `--manpath`) are passed through python's `eval`, allowing arbitrary code execution. This issue is only locally exploitable and had been addressed in release version 4.66.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-34062 was patched at 2024-05-15

2276. Remote Code Execution - Wireshark (CVE-2012-4298) - Medium [338]

Description: Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4298 was patched at 2024-05-15

2277. Unknown Vulnerability Type - Perl (CVE-2013-4278) - Medium [338]

Description: {'vulners_cve_data_all': 'The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenStack Nova安全绕过漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4278 was patched at 2024-05-15

2278. Denial of Service - BIND (CVE-2019-0205) - Medium [336]

Description: {'vulners_cve_data_all': 'In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-0205 was patched at 2024-05-15

2279. Denial of Service - Babel (CVE-2023-3748) - Medium [336]

Description: A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714Babel is a free and open-source JavaScript transcompiler that is mainly used to convert ECMAScript 2015+ code into backwards-compatible JavaScript code that can be run by older JavaScript engines
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-3748 was patched at 2024-05-15

2280. Denial of Service - FFmpeg (CVE-2013-2277) - Medium [336]

Description: The ff_h264_decode_seq_parameter_set function in h264_ps.c in libavcodec in FFmpeg before 1.1.3 does not validate the relationship between luma depth and chroma depth, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted H.264 data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2277 was patched at 2024-05-15

2281. Denial of Service - FFmpeg (CVE-2013-2495) - Medium [336]

Description: The iff_read_header function in iff.c in libavformat in FFmpeg through 1.1.3 does not properly handle data sizes for Interchange File Format (IFF) data during operations involving a CMAP chunk or a video codec, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) or possibly have unspecified other impact via a crafted header.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2495 was patched at 2024-05-15

2282. Denial of Service - FFmpeg (CVE-2013-2496) - Medium [336]

Description: The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in FFmpeg through 1.1.3 does not properly determine certain end pointers, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted Microsoft RLE data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2496 was patched at 2024-05-15

2283. Denial of Service - FFmpeg (CVE-2014-8541) - Medium [336]

Description: libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8541 was patched at 2024-05-15

2284. Denial of Service - FFmpeg (CVE-2014-8545) - Medium [336]

Description: libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8545 was patched at 2024-05-15

2285. Denial of Service - FFmpeg (CVE-2014-8546) - Medium [336]

Description: Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8546 was patched at 2024-05-15

2286. Denial of Service - FFmpeg (CVE-2014-8549) - Medium [336]

Description: libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8549 was patched at 2024-05-15

2287. Denial of Service - FFmpeg (CVE-2014-9602) - Medium [336]

Description: libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted X-Face image data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9602 was patched at 2024-05-15

2288. Denial of Service - FFmpeg (CVE-2014-9603) - Medium [336]

Description: The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.5.2 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9603 was patched at 2024-05-15

2289. Denial of Service - FFmpeg (CVE-2015-6819) - Medium [336]

Description: Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-6819 was patched at 2024-05-15

2290. Denial of Service - FFmpeg (CVE-2016-6920) - Medium [336]

Description: Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6920 was patched at 2024-05-15

2291. Denial of Service - FFmpeg (CVE-2017-9991) - Medium [336]

Description: Heap-based buffer overflow in the xwd_decode_frame function in libavcodec/xwddec.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9991 was patched at 2024-05-15

2292. Denial of Service - FFmpeg (CVE-2017-9996) - Medium [336]

Description: The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 does not exclude the CHUNKY format, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9996 was patched at 2024-05-15

2293. Denial of Service - MediaWiki (CVE-2013-1816) - Medium [336]

Description: MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1816 was patched at 2024-05-15

2294. Denial of Service - SQLite (CVE-2022-21227) - Medium [336]

Description: The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714SQLite is a database engine written in the C programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-21227 was patched at 2024-05-15

2295. Information Disclosure - Curl (CVE-2015-3237) - Medium [336]

Description: The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-3237 was patched at 2024-05-15

2296. Information Disclosure - FFmpeg (CVE-2015-1208) - Medium [336]

Description: Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1208 was patched at 2024-05-15

2297. Information Disclosure - MediaWiki (CVE-2011-1579) - Medium [336]

Description: The checkCss function in includes/Sanitizer.php in the wikitext parser in MediaWiki before 1.16.3 does not properly validate Cascading Style Sheets (CSS) token sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information by using the \2f\2a and \2a\2f hex strings to surround CSS comments.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1579 was patched at 2024-05-15

2298. Security Feature Bypass - .NET (CVE-2022-28352) - Medium [336]

Description: WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects situations where weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user is changed without a WeeChat restart.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714.NET
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-28352 was patched at 2024-05-15

2299. Code Injection - Git (CVE-2022-2054) - Medium [335]

Description: Code Injection in GitHub repository nuitka/nuitka prior to 0.9.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 8.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2054 was patched at 2024-05-15

2300. Cross Site Scripting - PHP (CVE-2016-2043) - Medium [335]

Description: Cross-site scripting (XSS) vulnerability in the goToFinish1NF function in js/normalization.js in phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a table name to the normalization page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2043 was patched at 2024-05-15

2301. Cross Site Scripting - PHP (CVE-2016-2559) - Medium [335]

Description: Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2559 was patched at 2024-05-15

2302. Cross Site Scripting - PHP (CVE-2019-7337) - Medium [335]

Description: Reflected Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3 as the view 'events' (events.php) insecurely displays the limit parameter value, without applying any proper output filtration. This issue exists because of the function sortHeader() in functions.php, which insecurely returns the value of the limit query string parameter without applying any filtration.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7337 was patched at 2024-05-15

2303. Cross Site Scripting - PHP (CVE-2019-7345) - Medium [335]

Description: Self - Stored Cross Site Scripting (XSS) exists in ZoneMinder through 1.32.3, as the view 'options' (options.php) does no input validation for the WEB_TITLE, HOME_URL, HOME_CONTENT, or WEB_CONSOLE_BANNER value, allowing an attacker to execute HTML or JavaScript code. This relates to functions.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7345 was patched at 2024-05-15

2304. Cross Site Scripting - PHP (CVE-2022-24585) - Medium [335]

Description: A stored cross-site scripting (XSS) vulnerability in the component /core/admin/comment.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the author parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24585 was patched at 2024-05-15

2305. Cross Site Scripting - PHP (CVE-2022-24586) - Medium [335]

Description: A stored cross-site scripting (XSS) vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24586 was patched at 2024-05-15

2306. Cross Site Scripting - PHP (CVE-2022-24587) - Medium [335]

Description: A stored cross-site scripting (XSS) vulnerability in the component core/admin/medias.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24587 was patched at 2024-05-15

2307. Cross Site Scripting - PHP (CVE-2023-25727) - Medium [335]

Description: In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-25727 was patched at 2024-05-15

2308. Cross Site Scripting - PHP (CVE-2023-43376) - Medium [335]

Description: A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-43376 was patched at 2024-05-15

2309. Cross Site Scripting - PHP (CVE-2023-43377) - Medium [335]

Description: A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-43377 was patched at 2024-05-15

2310. Unknown Vulnerability Type - Mozilla Firefox (CVE-2024-4367) - Medium [335]

Description: {'vulners_cve_data_all': 'A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for CVE-2024-4367, [githubexploit] Exploit for CVE-2024-4367, [githubexploit] Exploit for CVE-2024-4367)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-4367 was patched at 2024-05-16

debian: CVE-2024-4367 was patched at 2024-05-15, 2024-05-17

oraclelinux: CVE-2024-4367 was patched at 2024-05-16, 2024-05-20, 2024-06-11

redhat: CVE-2024-4367 was patched at 2024-05-16, 2024-05-20, 2024-05-23

ubuntu: CVE-2024-4367 was patched at 2024-05-21, 2024-05-22

2311. Authentication Bypass - Perl (CVE-2007-1859) - Medium [334]

Description: XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1859 was patched at 2024-05-15

2312. Denial of Service - Apache HTTP Server (CVE-2007-6750) - Medium [334]

Description: The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6750 was patched at 2024-05-15

2313. Denial of Service - Apache HTTP Server (CVE-2012-1181) - Medium [334]

Description: fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1181 was patched at 2024-05-15

2314. Denial of Service - Apache HTTP Server (CVE-2012-3526) - Medium [334]

Description: The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3526 was patched at 2024-05-15

2315. Denial of Service - Linux Kernel (CVE-2005-3660) - Medium [334]

Description: Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3660 was patched at 2024-05-15

2316. Denial of Service - Linux Kernel (CVE-2013-2891) - Medium [334]

Description: drivers/hid/hid-steelseries.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_STEELSERIES is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2891 was patched at 2024-05-15

2317. Denial of Service - Linux Kernel (CVE-2013-2894) - Medium [334]

Description: drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2894 was patched at 2024-05-15

2318. Denial of Service - Linux Kernel (CVE-2013-4127) - Medium [334]

Description: Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) via vectors involving powering on a virtual machine.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4127 was patched at 2024-05-15

2319. Denial of Service - Linux Kernel (CVE-2013-4512) - Medium [334]

Description: Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging root privileges for a write operation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4512 was patched at 2024-05-15

2320. Denial of Service - Linux Kernel (CVE-2013-4513) - Medium [334]

Description: Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted write operation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4513 was patched at 2024-05-15

2321. Denial of Service - Linux Kernel (CVE-2013-4514) - Medium [334]

Description: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4514 was patched at 2024-05-15

2322. Denial of Service - Linux Kernel (CVE-2013-6432) - Medium [334]

Description: The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging unspecified privileges to execute a crafted application.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6432 was patched at 2024-05-15

2323. Denial of Service - Linux Kernel (CVE-2013-7026) - Medium [334]

Description: Multiple race conditions in ipc/shm.c in the Linux kernel before 3.12.2 allow local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted application that uses shmctl IPC_RMID operations in conjunction with other shm system calls.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7026 was patched at 2024-05-15

2324. Denial of Service - Linux Kernel (CVE-2013-7348) - Medium [334]

Description: Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via vectors involving an error condition in the aio_setup_ring function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7348 was patched at 2024-05-15

2325. Denial of Service - Linux Kernel (CVE-2014-2889) - Medium [334]

Description: Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges via a long jump after a conditional jump.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2889 was patched at 2024-05-15

2326. Denial of Service - Linux Kernel (CVE-2024-22386) - Medium [334]

Description: A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22386 was patched at 2024-05-15

2327. Denial of Service - Linux Kernel (CVE-2024-23196) - Medium [334]

Description: A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23196 was patched at 2024-05-15

2328. Denial of Service - Linux Kernel (CVE-2024-24859) - Medium [334]

Description: A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-24859 was patched at 2024-05-15

2329. Denial of Service - Linux Kernel (CVE-2024-24864) - Medium [334]

Description: A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-24864 was patched at 2024-05-15

2330. Denial of Service - Windows Kernel (CVE-2023-0194) - Medium [334]

Description: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0194 was patched at 2024-05-15

2331. Denial of Service - Windows LDAP (CVE-2005-2301) - Medium [334]

Description: PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2301 was patched at 2024-05-15

2332. Denial of Service - Windows LDAP (CVE-2015-1546) - Medium [334]

Description: Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1546 was patched at 2024-05-15

2333. Incorrect Calculation - Linux Kernel (CVE-2021-46943) - Medium [334]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: staging/intel-ipu3: Fix set_fmt error handling\n\nIf there in an error during a set_fmt, do not overwrite the previous\nsizes with the invalid config.\n\nWithout this patch, v4l2-compliance ends up allocating 4GiB of RAM and\ncausing the following OOPs\n\n[ 38.662975] ipu3-imgu 0000:00:05.0: swiotlb buffer is full (sz: 4096 bytes)\n[ 38.662980] DMA: Out of SW-IOMMU space for 4096 bytes at device 0000:00:05.0\n[ 38.663010] general protection fault: 0000 [#1] PREEMPT SMP', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46943 was patched at 2024-05-15

2334. Incorrect Calculation - Linux Kernel (CVE-2023-26242) - Medium [334]

Description: afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26242 was patched at 2024-05-15

2335. Incorrect Calculation - Linux Kernel (CVE-2024-23307) - Medium [334]

Description: Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-23307 was patched at 2024-06-05

debian: CVE-2024-23307 was patched at 2024-05-15

oraclelinux: CVE-2024-23307 was patched at 2024-06-05

redhat: CVE-2024-23307 was patched at 2024-06-05

ubuntu: CVE-2024-23307 was patched at 2024-06-07, 2024-06-11, 2024-06-14

2336. Incorrect Calculation - Linux Kernel (CVE-2024-26913) - Medium [334]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue\n\n[why]\nodm calculation is missing for pipe split policy determination\nand cause Underflow/Corruption issue.\n\n[how]\nAdd the odm calculation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26913 was patched at 2024-05-15

2337. Memory Corruption - Linux Kernel (CVE-2016-10907) - Medium [334]

Description: An issue was discovered in drivers/iio/dac/ad5755.c in the Linux kernel before 4.8.6. There is an out of bounds write in the function ad5755_parse_dt.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10907 was patched at 2024-05-15

2338. Memory Corruption - Linux Kernel (CVE-2017-18552) - Medium [334]

Description: An issue was discovered in net/rds/af_rds.c in the Linux kernel before 4.11. There is an out of bounds write and read in the function rds_recv_track_latency.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-18552 was patched at 2024-05-15

2339. Memory Corruption - Linux Kernel (CVE-2017-8240) - Medium [334]

Description: {'vulners_cve_data_all': 'In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8240 was patched at 2024-05-15

2340. Memory Corruption - Linux Kernel (CVE-2018-25015) - Medium [334]

Description: An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-25015 was patched at 2024-05-15

2341. Memory Corruption - Linux Kernel (CVE-2019-25045) - Medium [334]

Description: An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-25045 was patched at 2024-05-15

2342. Memory Corruption - Linux Kernel (CVE-2019-25162) - Medium [334]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: Fix a potential use after free\n\nFree the adap structure only after we are done using it.\nThis patch just moves the put_device() down a bit to avoid the\nuse after free.\n\n[wsa: added comment to the code, added Fixes tag]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2019-25162 was patched at 2024-06-05

debian: CVE-2019-25162 was patched at 2024-05-15

oraclelinux: CVE-2019-25162 was patched at 2024-06-05

redhat: CVE-2019-25162 was patched at 2024-06-05

ubuntu: CVE-2019-25162 was patched at 2024-04-19

2343. Memory Corruption - Linux Kernel (CVE-2020-36387) - Medium [334]

Description: An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36387 was patched at 2024-05-15

2344. Memory Corruption - Linux Kernel (CVE-2021-46936) - Medium [334]

Description: In the Linux kernel, the following vulnerability has been resolved: net: fix use-after-free in tw_timer_handler A real world panic issue was found as follow in Linux 5.4. BUG: unable to handle page fault for address: ffffde49a863de28 PGD 7e6fe62067 P4D 7e6fe62067 PUD 7e6fe63067 PMD f51e064067 PTE 0 RIP: 0010:tw_timer_handler+0x20/0x40 Call Trace: <IRQ> call_timer_fn+0x2b/0x120 run_timer_softirq+0x1ef/0x450 __do_softirq+0x10d/0x2b8 irq_exit+0xc7/0xd0 smp_apic_timer_interrupt+0x68/0x120 apic_timer_interrupt+0xf/0x20 This issue was also reported since 2017 in the thread [1], unfortunately, the issue was still can be reproduced after fixing DCCP. The ipv4_mib_exit_net is called before tcp_sk_exit_batch when a net namespace is destroyed since tcp_sk_ops is registered befrore ipv4_mib_ops, which means tcp_sk_ops is in the front of ipv4_mib_ops in the list of pernet_list. There will be a use-after-free on net->mib.net_statistics in tw_timer_handler after ipv4_mib_exit_net if there are some inflight time-wait timers. This bug is not introduced by commit f2bf415cfed7 ("mib: add net to NET_ADD_STATS_BH") since the net_statistics is a global variable instead of dynamic allocation and freeing. Actually, commit 61a7e26028b9 ("mib: put net statistics on struct net") introduces the bug since it put net statistics on struct net and free it when net namespace is destroyed. Moving init_ipv4_mibs() to the front of tcp_init() to fix this bug and replace pr_crit() with panic() since continuing is meaningless when init_ipv4_mibs() fails. [1] https://groups.google.com/g/syzkaller/c/p1tn-_Kc6l4/m/smuL_FMAAgAJ?pli=1

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46936 was patched at 2024-05-15

ubuntu: CVE-2021-46936 was patched at 2024-04-19

2345. Memory Corruption - Linux Kernel (CVE-2021-46938) - Medium [334]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndm rq: fix double free of blk_mq_tag_set in dev remove after table load fails\n\nWhen loading a device-mapper table for a request-based mapped device,\nand the allocation/initialization of the blk_mq_tag_set for the device\nfails, a following device remove will cause a double free.\n\nE.g. (dmesg):\n device-mapper: core: Cannot initialize queue for request-based dm-mq mapped device\n device-mapper: ioctl: unable to set up device queue for new table.\n Unable to handle kernel pointer dereference in virtual kernel address space\n Failing address: 0305e098835de000 TEID: 0305e098835de803\n Fault in home space mode while using kernel ASCE.\n AS:000000025efe0007 R3:0000000000000024\n Oops: 0038 ilc:3 [#1] SMP\n Modules linked in: ... lots of modules ...\n Supported: Yes, External\n CPU: 0 PID: 7348 Comm: multipathd Kdump: loaded Tainted: G W X 5.3.18-53-default #1 SLE15-SP3\n Hardware name: IBM 8561 T01 7I2 (LPAR)\n Krnl PSW : 0704e00180000000 000000025e368eca (kfree+0x42/0x330)\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3\n Krnl GPRS: 000000000000004a 000000025efe5230 c1773200d779968d 0000000000000000\n 000000025e520270 000000025e8d1b40 0000000000000003 00000007aae10000\n 000000025e5202a2 0000000000000001 c1773200d779968d 0305e098835de640\n 00000007a8170000 000003ff80138650 000000025e5202a2 000003e00396faa8\n Krnl Code: 000000025e368eb8: c4180041e100 lgrl %r1,25eba50b8\n 000000025e368ebe: ecba06b93a55 risbg %r11,%r10,6,185,58\n #000000025e368ec4: e3b010000008 ag %r11,0(%r1)\n >000000025e368eca: e310b0080004 lg %r1,8(%r11)\n 000000025e368ed0: a7110001 tmll %r1,1\n 000000025e368ed4: a7740129 brc 7,25e369126\n 000000025e368ed8: e320b0080004 lg %r2,8(%r11)\n 000000025e368ede: b904001b lgr %r1,%r11\n Call Trace:\n [<000000025e368eca>] kfree+0x42/0x330\n [<000000025e5202a2>] blk_mq_free_tag_set+0x72/0xb8\n [<000003ff801316a8>] dm_mq_cleanup_mapped_device+0x38/0x50 [dm_mod]\n [<000003ff80120082>] free_dev+0x52/0xd0 [dm_mod]\n [<000003ff801233f0>] __dm_destroy+0x150/0x1d0 [dm_mod]\n [<000003ff8012bb9a>] dev_remove+0x162/0x1c0 [dm_mod]\n [<000003ff8012a988>] ctl_ioctl+0x198/0x478 [dm_mod]\n [<000003ff8012ac8a>] dm_ctl_ioctl+0x22/0x38 [dm_mod]\n [<000000025e3b11ee>] ksys_ioctl+0xbe/0xe0\n [<000000025e3b127a>] __s390x_sys_ioctl+0x2a/0x40\n [<000000025e8c15ac>] system_call+0xd8/0x2c8\n Last Breaking-Event-Address:\n [<000000025e52029c>] blk_mq_free_tag_set+0x6c/0xb8\n Kernel panic - not syncing: Fatal exception: panic_on_oops\n\nWhen allocation/initialization of the blk_mq_tag_set fails in\ndm_mq_init_request_queue(), it is uninitialized/freed, but the pointer\nis not reset to NULL; so when dev_remove() later gets into\ndm_mq_cleanup_mapped_device() it sees the pointer and tries to\nuninitialize and free it again.\n\nFix this by setting the pointer to NULL in dm_mq_init_request_queue()\nerror-handling. Also set it to NULL in dm_mq_cleanup_mapped_device().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46938 was patched at 2024-05-15

2346. Memory Corruption - Linux Kernel (CVE-2021-47198) - Medium [334]

Description: In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine An error is detected with the following report when unloading the driver: "KASAN: use-after-free in lpfc_unreg_rpi+0x1b1b" The NLP_REG_LOGIN_SEND nlp_flag is set in lpfc_reg_fab_ctrl_node(), but the flag is not cleared upon completion of the login. This allows a second call to lpfc_unreg_rpi() to proceed with nlp_rpi set to LPFC_RPI_ALLOW_ERROR. This results in a use after free access when used as an rpi_ids array index. Fix by clearing the NLP_REG_LOGIN_SEND nlp_flag in lpfc_mbx_cmpl_fc_reg_login().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47198 was patched at 2024-05-15

2347. Memory Corruption - Linux Kernel (CVE-2022-0400) - Medium [334]

Description: An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-0400 was patched at 2024-05-15

2348. Memory Corruption - Linux Kernel (CVE-2022-3526) - Medium [334]

Description: A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function macvlan_handle_frame of the file drivers/net/macvlan.c of the component skb. The manipulation leads to memory leak. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211024.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3526 was patched at 2024-05-15

2349. Memory Corruption - Linux Kernel (CVE-2022-3541) - Medium [334]

Description: {'vulners_cve_data_all': 'A vulnerability classified as critical has been found in Linux Kernel. This affects the function spl2sw_nvmem_get_mac_address of the file drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211041 was assigned to this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3541 was patched at 2024-05-15

2350. Memory Corruption - Linux Kernel (CVE-2022-47941) - Medium [334]

Description: An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-47941 was patched at 2024-05-15

2351. Memory Corruption - Linux Kernel (CVE-2022-47943) - Medium [334]

Description: An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2_WRITE, when there is a large length in the zero DataOffset case.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-47943 was patched at 2024-05-15

2352. Memory Corruption - Linux Kernel (CVE-2022-48626) - Medium [334]

Description: In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was freed in moxart_remove(), so fix this by saving the base register of the device and using it instead of the pointer dereference.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48626 was patched at 2024-05-15

2353. Memory Corruption - Linux Kernel (CVE-2022-48655) - Medium [334]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Harden accesses to the reset domains\n\nAccessing reset domains descriptors by the index upon the SCMI drivers\nrequests through the SCMI reset operations interface can potentially\nlead to out-of-bound violations if the SCMI driver misbehave.\n\nAdd an internal consistency check before any such domains descriptors\naccesses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48655 was patched at 2024-05-15, 2024-06-02

2354. Memory Corruption - Linux Kernel (CVE-2022-48657) - Medium [334]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: topology: fix possible overflow in amu_fie_setup()\n\ncpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int*,\nwhile freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'.\nMultiplying max frequency by 1000 can potentially result in overflow --\nmultiplying by 1000ULL instead should avoid that...\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE static\nanalysis tool.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48657 was patched at 2024-05-15

2355. Memory Corruption - Linux Kernel (CVE-2022-48670) - Medium [334]

Description: In the Linux kernel, the following vulnerability has been resolved: peci: cpu: Fix use-after-free in adev_release() When auxiliary_device_add() returns an error, auxiliary_device_uninit() is called, which causes refcount for device to be decremented and .release callback will be triggered. Because adev_release() re-calls auxiliary_device_uninit(), it will cause use-after-free: [ 1269.455172] WARNING: CPU: 0 PID: 14267 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15 [ 1269.464007] refcount_t: underflow; use-after-free.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48670 was patched at 2024-05-15

2356. Memory Corruption - Linux Kernel (CVE-2022-48674) - Medium [334]

Description: In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIG_SMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-after-free in __mutex_lock+0xe5/0xc30 Read of size 8 at addr ffff8881094223f8 by task stress/7789 CPU: 0 PID: 7789 Comm: stress Not tainted 6.0.0-rc1-00002-g0d53d2e882f9 #3 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 Call Trace: <TASK> .. __mutex_lock+0xe5/0xc30 .. z_erofs_do_read_page+0x8ce/0x1560 .. z_erofs_readahead+0x31c/0x580 .. Freed by task 7787 kasan_save_stack+0x1e/0x40 kasan_set_track+0x20/0x30 kasan_set_free_info+0x20/0x40 __kasan_slab_free+0x10c/0x190 kmem_cache_free+0xed/0x380 rcu_core+0x3d5/0xc90 __do_softirq+0x12d/0x389 Last potentially related work creation: kasan_save_stack+0x1e/0x40 __kasan_record_aux_stack+0x97/0xb0 call_rcu+0x3d/0x3f0 erofs_shrink_workstation+0x11f/0x210 erofs_shrink_scan+0xdc/0x170 shrink_slab.constprop.0+0x296/0x530 drop_slab+0x1c/0x70 drop_caches_sysctl_handler+0x70/0x80 proc_sys_call_handler+0x20a/0x2f0 vfs_write+0x555/0x6c0 ksys_write+0xbe/0x160 do_syscall_64+0x3b/0x90 The root cause is that erofs_workgroup_unfreeze() doesn't reset to orig_val thus it causes a race that the pcluster reuses unexpectedly before freeing. Since UP platforms are quite rare now, such path becomes unnecessary. Let's drop such specific-designed path directly instead.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48674 was patched at 2024-05-15

2357. Memory Corruption - Linux Kernel (CVE-2023-52452) - Medium [334]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix accesses to uninit stack slots\n\nPrivileged programs are supposed to be able to read uninitialized stack\nmemory (ever since 6715df8d5) but, before this patch, these accesses\nwere permitted inconsistently. In particular, accesses were permitted\nabove state->allocated_stack, but not below it. In other words, if the\nstack was already "large enough", the access was permitted, but\notherwise the access was rejected instead of being allowed to "grow the\nstack". This undesired rejection was happening in two places:\n- in check_stack_slot_within_bounds()\n- in check_stack_range_initialized()\nThis patch arranges for these accesses to be permitted. A bunch of tests\nthat were relying on the old rejection had to change; all of them were\nchanged to add also run unprivileged, in which case the old behavior\npersists. One tests couldn't be updated - global_func16 - because it\ncan't run unprivileged for other reasons.\n\nThis patch also fixes the tracking of the stack size for variable-offset\nreads. This second fix is bundled in the same commit as the first one\nbecause they're inter-related. Before this patch, writes to the stack\nusing registers containing a variable offset (as opposed to registers\nwith fixed, known values) were not properly contributing to the\nfunction's needed stack size. As a result, it was possible for a program\nto verify, but then to attempt to read out-of-bounds data at runtime\nbecause a too small stack had been allocated for it.\n\nEach function tracks the size of the stack it needs in\nbpf_subprog_info.stack_depth, which is maintained by\nupdate_stack_depth(). For regular memory accesses, check_mem_access()\nwas calling update_state_depth() but it was passing in only the fixed\npart of the offset register, ignoring the variable offset. This was\nincorrect; the minimum possible value of that register should be used\ninstead.\n\nThis tracking is now fixed by centralizing the tracking of stack size in\ngrow_stack_state(), and by lifting the calls to grow_stack_state() to\ncheck_stack_access_within_bounds() as suggested by Andrii. The code is\nnow simpler and more convincingly tracks the correct maximum stack size.\ncheck_stack_range_initialized() can now rely on enough stack having been\nallocated for the access; this helps with the fix for the first issue.\n\nA few tests were changed to also check the stack depth computation. The\none that fails without this patch is verifier_var_off:stack_write_priv_vs_unpriv.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52452 was patched at 2024-05-15

ubuntu: CVE-2023-52452 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

2358. Memory Corruption - Linux Kernel (CVE-2023-52474) - Medium [334]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests\n\nhfi1 user SDMA request processing has two bugs that can cause data\ncorruption for user SDMA requests that have multiple payload iovecs\nwhere an iovec other than the tail iovec does not run up to the page\nboundary for the buffer pointed to by that iovec.a\n\nHere are the specific bugs:\n1. user_sdma_txadd() does not use struct user_sdma_iovec->iov.iov_len.\n Rather, user_sdma_txadd() will add up to PAGE_SIZE bytes from iovec\n to the packet, even if some of those bytes are past\n iovec->iov.iov_len and are thus not intended to be in the packet.\n2. user_sdma_txadd() and user_sdma_send_pkts() fail to advance to the\n next iovec in user_sdma_request->iovs when the current iovec\n is not PAGE_SIZE and does not contain enough data to complete the\n packet. The transmitted packet will contain the wrong data from the\n iovec pages.\n\nThis has not been an issue with SDMA packets from hfi1 Verbs or PSM2\nbecause they only produce iovecs that end short of PAGE_SIZE as the tail\niovec of an SDMA request.\n\nFixing these bugs exposes other bugs with the SDMA pin cache\n(struct mmu_rb_handler) that get in way of supporting user SDMA requests\nwith multiple payload iovecs whose buffers do not end at PAGE_SIZE. So\nthis commit fixes those issues as well.\n\nHere are the mmu_rb_handler bugs that non-PAGE_SIZE-end multi-iovec\npayload user SDMA requests can hit:\n1. Overlapping memory ranges in mmu_rb_handler will result in duplicate\n pinnings.\n2. When extending an existing mmu_rb_handler entry (struct mmu_rb_node),\n the mmu_rb code (1) removes the existing entry under a lock, (2)\n releases that lock, pins the new pages, (3) then reacquires the lock\n to insert the extended mmu_rb_node.\n\n If someone else comes in and inserts an overlapping entry between (2)\n and (3), insert in (3) will fail.\n\n The failure path code in this case unpins _all_ pages in either the\n original mmu_rb_node or the new mmu_rb_node that was inserted between\n (2) and (3).\n3. In hfi1_mmu_rb_remove_unless_exact(), mmu_rb_node->refcount is\n incremented outside of mmu_rb_handler->lock. As a result, mmu_rb_node\n could be evicted by another thread that gets mmu_rb_handler->lock and\n checks mmu_rb_node->refcount before mmu_rb_node->refcount is\n incremented.\n4. Related to #2 above, SDMA request submission failure path does not\n check mmu_rb_node->refcount before freeing mmu_rb_node object.\n\n If there are other SDMA requests in progress whose iovecs have\n pointers to the now-freed mmu_rb_node(s), those pointers to the\n now-freed mmu_rb nodes will be dereferenced when those SDMA requests\n complete.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52474 was patched at 2024-05-15

2359. Memory Corruption - Linux Kernel (CVE-2024-21803) - Medium [334]

Description: Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-21803 was patched at 2024-05-15

2360. Memory Corruption - Linux Kernel (CVE-2024-26582) - Medium [334]

Description: In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-after-free in process_rx_list when we try to read from the partially-read skb.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26582 was patched at 2024-05-15

oraclelinux: CVE-2024-26582 was patched at 2024-05-02

redhat: CVE-2024-26582 was patched at 2024-04-18

ubuntu: CVE-2024-26582 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

2361. Memory Corruption - Linux Kernel (CVE-2024-26907) - Medium [334]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mlx5: Fix fortify source warning while accessing Eth segment\n\n ------------[ cut here ]------------\n memcpy: detected field-spanning write (size 56) of single field "eseg->inline_hdr.start" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2)\n WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n Modules linked in: 8021q garp mrp stp llc rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) ib_uverbs(OE) ib_core(OE) mlx5_core(OE) pci_hyperv_intf mlxdevm(OE) mlx_compat(OE) tls mlxfw(OE) psample nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink mst_pciconf(OE) knem(OE) vfio_pci vfio_pci_core vfio_iommu_type1 vfio iommufd irqbypass cuse nfsv3 nfs fscache netfs xfrm_user xfrm_algo ipmi_devintf ipmi_msghandler binfmt_misc crct10dif_pclmul crc32_pclmul polyval_clmulni polyval_generic ghash_clmulni_intel sha512_ssse3 snd_pcsp aesni_intel crypto_simd cryptd snd_pcm snd_timer joydev snd soundcore input_leds serio_raw evbug nfsd auth_rpcgss nfs_acl lockd grace sch_fq_codel sunrpc drm efi_pstore ip_tables x_tables autofs4 psmouse virtio_net net_failover failover floppy\n [last unloaded: mlx_compat(OE)]\n CPU: 0 PID: 293779 Comm: ssh Tainted: G OE 6.2.0-32-generic #32~22.04.1-Ubuntu\n Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\n RIP: 0010:mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n Code: 0c 01 00 a8 01 75 25 48 8b 75 a0 b9 02 00 00 00 48 c7 c2 10 5b fd c0 48 c7 c7 80 5b fd c0 c6 05 57 0c 03 00 01 e8 95 4d 93 da <0f> 0b 44 8b 4d b0 4c 8b 45 c8 48 8b 4d c0 e9 49 fb ff ff 41 0f b7\n RSP: 0018:ffffb5b48478b570 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffb5b48478b628 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffb5b48478b5e8\n R13: ffff963a3c609b5e R14: ffff9639c3fbd800 R15: ffffb5b480475a80\n FS: 00007fc03b444c80(0000) GS:ffff963a3dc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000556f46bdf000 CR3: 0000000006ac6003 CR4: 00000000003706f0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n <TASK>\n ? show_regs+0x72/0x90\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n ? __warn+0x8d/0x160\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n ? report_bug+0x1bb/0x1d0\n ? handle_bug+0x46/0x90\n ? exc_invalid_op+0x19/0x80\n ? asm_exc_invalid_op+0x1b/0x20\n ? mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib]\n mlx5_ib_post_send_nodrain+0xb/0x20 [mlx5_ib]\n ipoib_send+0x2ec/0x770 [ib_ipoib]\n ipoib_start_xmit+0x5a0/0x770 [ib_ipoib]\n dev_hard_start_xmit+0x8e/0x1e0\n ? validate_xmit_skb_list+0x4d/0x80\n sch_direct_xmit+0x116/0x3a0\n __dev_xmit_skb+0x1fd/0x580\n __dev_queue_xmit+0x284/0x6b0\n ? _raw_spin_unlock_irq+0xe/0x50\n ? __flush_work.isra.0+0x20d/0x370\n ? push_pseudo_header+0x17/0x40 [ib_ipoib]\n neigh_connected_output+0xcd/0x110\n ip_finish_output2+0x179/0x480\n ? __smp_call_single_queue+0x61/0xa0\n __ip_finish_output+0xc3/0x190\n ip_finish_output+0x2e/0xf0\n ip_output+0x78/0x110\n ? __pfx_ip_finish_output+0x10/0x10\n ip_local_out+0x64/0x70\n __ip_queue_xmit+0x18a/0x460\n ip_queue_xmit+0x15/0x30\n __tcp_transmit_skb+0x914/0x9c0\n tcp_write_xmit+0x334/0x8d0\n tcp_push_one+0x3c/0x60\n tcp_sendmsg_locked+0x2e1/0xac0\n tcp_sendmsg+0x2d/0x50\n inet_sendmsg+0x43/0x90\n sock_sendmsg+0x68/0x80\n sock_write_iter+0x93/0x100\n vfs_write+0x326/0x3c0\n ksys_write+0xbd/0xf0\n ? do_syscall_64+0x69/0x90\n __x64_sys_write+0x19/0x30\n do_syscall_\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26907 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26907 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

2362. Memory Corruption - Linux Kernel (CVE-2024-26929) - Medium [334]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix double free of fcport\n\nThe server was crashing after LOGO because fcport was getting freed twice.\n\n -----------[ cut here ]-----------\n kernel BUG at mm/slub.c:371!\n invalid opcode: 0000 1 SMP PTI\n CPU: 35 PID: 4610 Comm: bash Kdump: loaded Tainted: G OE --------- - - 4.18.0-425.3.1.el8.x86_64 #1\n Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021\n RIP: 0010:set_freepointer.part.57+0x0/0x10\n RSP: 0018:ffffb07107027d90 EFLAGS: 00010246\n RAX: ffff9cb7e3150000 RBX: ffff9cb7e332b9c0 RCX: ffff9cb7e3150400\n RDX: 0000000000001f37 RSI: 0000000000000000 RDI: ffff9cb7c0005500\n RBP: fffff693448c5400 R08: 0000000080000000 R09: 0000000000000009\n R10: 0000000000000000 R11: 0000000000132af0 R12: ffff9cb7c0005500\n R13: ffff9cb7e3150000 R14: ffffffffc06990e0 R15: ffff9cb7ea85ea58\n FS: 00007ff6b79c2740(0000) GS:ffff9cb8f7ec0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055b426b7d700 CR3: 0000000169c18002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n kfree+0x238/0x250\n qla2x00_els_dcmd_sp_free+0x20/0x230 [qla2xxx]\n ? qla24xx_els_dcmd_iocb+0x607/0x690 [qla2xxx]\n qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx]\n ? qla2x00_issue_logo+0x28c/0x2a0 [qla2xxx]\n ? kernfs_fop_write+0x11e/0x1a0\n\nRemove one of the free calls and add check for valid fcport. Also use\nfunction qla2x00_free_fcport() instead of kfree().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26929 was patched at 2024-05-15

ubuntu: CVE-2024-26929 was patched at 2024-06-07, 2024-06-11, 2024-06-14

2363. Memory Corruption - Linux Kernel (CVE-2024-26930) - Medium [334]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix double free of the ha->vp_map pointer\n\nCoverity scan reported potential risk of double free of the pointer\nha->vp_map. ha->vp_map was freed in qla2x00_mem_alloc(), and again freed\nin function qla2x00_mem_free(ha).\n\nAssign NULL to vp_map and kfree take care of NULL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26930 was patched at 2024-05-15

ubuntu: CVE-2024-26930 was patched at 2024-06-07, 2024-06-11, 2024-06-14

2364. Security Feature Bypass - Linux Kernel (CVE-2012-6539) - Medium [334]

Description: {'vulners_cve_data_all': 'The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6539 was patched at 2024-05-15

2365. Security Feature Bypass - Linux Kernel (CVE-2012-6540) - Medium [334]

Description: {'vulners_cve_data_all': 'The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6540 was patched at 2024-05-15

2366. Security Feature Bypass - Linux Kernel (CVE-2012-6541) - Medium [334]

Description: {'vulners_cve_data_all': 'The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6541 was patched at 2024-05-15

2367. Information Disclosure - Linux Kernel (CVE-2015-2877) - Medium [333]

Description: Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states "Basically if you care about this attack vector, disable deduplication." Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2877 was patched at 2024-05-15

2368. Information Disclosure - Linux Kernel (CVE-2021-38209) - Medium [333]

Description: {'vulners_cve_data_all': 'net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is related to the NF_SYSCTL_CT_MAX, NF_SYSCTL_CT_EXPECT_MAX, and NF_SYSCTL_CT_BUCKETS sysctls.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38209 was patched at 2024-05-15

2369. Remote Code Execution - Docker (CVE-2022-36109) - Medium [333]

Description: Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514Docker
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-36109 was patched at 2024-05-15

2370. Remote Code Execution - spip (CVE-2006-0625) - Medium [333]

Description: Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514SPIP is an open-source software content management system designed for web site publishing, oriented towards online collaborative editing
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0625 was patched at 2024-05-15

2371. Denial of Service - Perl (CVE-2018-18883) - Medium [332]

Description: An issue was discovered in Xen 4.9.x through 4.11.x, on Intel x86 platforms, allowing x86 HVM and PVH guests to cause a host OS denial of service (NULL pointer dereference) or possibly have unspecified other impact because nested VT-x is not properly restricted.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18883 was patched at 2024-05-15

2372. Path Traversal - Python (CVE-2021-34363) - Medium [332]

Description: The thefuck (aka The Fuck) package before 3.31 for Python allows Path Traversal that leads to arbitrary file deletion via the "undo archive operation" feature.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-34363 was patched at 2024-05-15

2373. Security Feature Bypass - Perl (CVE-2011-1428) - Medium [332]

Description: Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1428 was patched at 2024-05-15

2374. Security Feature Bypass - Perl (CVE-2012-4523) - Medium [332]

Description: radsecproxy before 1.6.1 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4523 was patched at 2024-05-15

2375. Security Feature Bypass - Perl (CVE-2012-4566) - Medium [332]

Description: The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4566 was patched at 2024-05-15

2376. Security Feature Bypass - Roundcube (CVE-2011-1492) - Medium [332]

Description: steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cascading Style Sheets (CSS) stylesheet, which allows remote authenticated users to trigger arbitrary outbound TCP connections from the server, and possibly obtain sensitive information, via a crafted request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1492 was patched at 2024-05-15

2377. XXE Injection - Perl (CVE-2014-1626) - Medium [332]

Description: XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1626 was patched at 2024-05-15

2378. XXE Injection - Python (CVE-2013-1665) - Medium [332]

Description: The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex and Folsom, Django, and possibly other products allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1665 was patched at 2024-05-15

2379. Arbitrary File Reading - Roundcube (CVE-2015-5382) - Medium [331]

Description: program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5382 was patched at 2024-05-15

2380. Arbitrary File Reading - Roundcube (CVE-2015-8794) - Medium [331]

Description: Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8794 was patched at 2024-05-15

2381. Information Disclosure - Perl (CVE-2014-2277) - Medium [331]

Description: The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpnam function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2277 was patched at 2024-05-15

2382. Cross Site Scripting - Apache Tomcat (CVE-2022-34305) - Medium [330]

Description: In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-34305 was patched at 2024-05-15

2383. Cross Site Scripting - Apache Traffic Server (CVE-2022-40743) - Medium [330]

Description: Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-40743 was patched at 2024-05-15

2384. Cross Site Scripting - MediaWiki (CVE-2012-4377) - Medium [330]

Description: Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4377 was patched at 2024-05-15

2385. Cross Site Scripting - MediaWiki (CVE-2013-1951) - Medium [330]

Description: A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1951 was patched at 2024-05-15

2386. Cross Site Scripting - MediaWiki (CVE-2013-4303) - Medium [330]

Description: includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4303 was patched at 2024-05-15

2387. Cross Site Scripting - MediaWiki (CVE-2013-6451) - Medium [330]

Description: Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6451 was patched at 2024-05-15

2388. Cross Site Scripting - MediaWiki (CVE-2015-8622) - Medium [330]

Description: Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named "javascript:alert('XSS!')."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8622 was patched at 2024-05-15

2389. Cross Site Scripting - MediaWiki (CVE-2016-6333) - Medium [330]

Description: Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6333 was patched at 2024-05-15

2390. Cross Site Scripting - MediaWiki (CVE-2016-6334) - Medium [330]

Description: Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving replacement of percent encoding in unclosed internal links.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6334 was patched at 2024-05-15

2391. Cross Site Scripting - MediaWiki (CVE-2020-35478) - Medium [330]

Description: MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35478 was patched at 2024-05-15

2392. Arbitrary File Reading - PHP (CVE-2008-5587) - Medium [329]

Description: Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the _language parameter to index.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5587 was patched at 2024-05-15

2393. Arbitrary File Writing - ImageMagick (CVE-2003-0455) - Medium [329]

Description: The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0455 was patched at 2024-05-15

2394. Arbitrary File Writing - Perl (CVE-2003-0606) - Medium [329]

Description: sup 1.8 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0606 was patched at 2024-05-15

2395. Denial of Service - Binutils (CVE-2017-13716) - Medium [329]

Description: The C++ symbol demangler routine in cplus-dem.c in libiberty, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted file, as demonstrated by a call from the Binary File Descriptor (BFD) library (aka libbfd).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-13716 was patched at 2024-05-15

2396. Denial of Service - Binutils (CVE-2017-13757) - Medium [329]

Description: The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the PLT section size, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to elf_i386_get_synthetic_symtab in elf32-i386.c and elf_x86_64_get_synthetic_symtab in elf64-x86-64.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-13757 was patched at 2024-05-15

2397. Denial of Service - Binutils (CVE-2017-14933) - Medium [329]

Description: read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14933 was patched at 2024-05-15

2398. Denial of Service - Binutils (CVE-2017-14934) - Medium [329]

Description: process_debug_info in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (infinite loop) via a crafted ELF file that contains a negative size value in a CU structure.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14934 was patched at 2024-05-15

2399. Denial of Service - Binutils (CVE-2017-14974) - Medium [329]

Description: The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to elf32-i386.c and elf64-x86-64.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14974 was patched at 2024-05-15

2400. Denial of Service - Binutils (CVE-2017-15023) - Medium [329]

Description: read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not properly validate the format count, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ELF file, related to concat_filename.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15023 was patched at 2024-05-15

2401. Denial of Service - Binutils (CVE-2017-9955) - Medium [329]

Description: The get_build_id function in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file in which a certain size field is larger than a corresponding data field, as demonstrated by mishandling within the objdump program.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9955 was patched at 2024-05-15

2402. Denial of Service - Binutils (CVE-2018-6872) - Medium [329]

Description: The elf_parse_notes function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (out-of-bounds read and segmentation violation) via a note with a large alignment.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6872 was patched at 2024-05-15

2403. Denial of Service - Binutils (CVE-2018-7570) - Medium [329]

Description: The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7570 was patched at 2024-05-15

2404. Denial of Service - Binutils (CVE-2023-25586) - Medium [329]

Description: A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-25586 was patched at 2024-05-15

2405. Denial of Service - GNU C Library (CVE-2006-7254) - Medium [329]

Description: The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-7254 was patched at 2024-05-15

2406. Denial of Service - GNU C Library (CVE-2011-5320) - Medium [329]

Description: scanf and related functions in glibc before 2.15 allow local users to cause a denial of service (segmentation fault) via a large string of 0s.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-5320 was patched at 2024-05-15

2407. Denial of Service - GNU C Library (CVE-2015-20109) - Medium [329]

Description: end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-20109 was patched at 2024-05-15

ubuntu: CVE-2015-20109 was patched at 2024-05-02

2408. Denial of Service - GNU C Library (CVE-2015-8985) - Medium [329]

Description: The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8985 was patched at 2024-05-15

2409. Denial of Service - GNU C Library (CVE-2017-15671) - Medium [329]

Description: The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15671 was patched at 2024-05-15

2410. Denial of Service - Mozilla Firefox (CVE-2006-0298) - Medium [329]

Description: The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0298 was patched at 2024-05-15

2411. Denial of Service - Node.js (CVE-2018-7651) - Medium [329]

Description: index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long base64 hash string.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7651 was patched at 2024-05-15

2412. Denial of Service - OpenSSL (CVE-2015-3420) - Medium [329]

Description: The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-3420 was patched at 2024-05-15

2413. Denial of Service - OpenSSL (CVE-2023-33202) - Medium [329]

Description: Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack. (For users of the FIPS Java API: BC-FJA 1.0.2.3 and earlier are affected; BC-FJA 1.0.2.4 is fixed.)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-33202 was patched at 2024-05-15

2414. Denial of Service - PHP (CVE-2016-9860) - Medium [329]

Description: An issue was discovered in phpMyAdmin. An unauthenticated user can execute a denial of service attack when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9860 was patched at 2024-05-15

2415. Denial of Service - Samba (CVE-2004-2546) - Medium [329]

Description: Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2546 was patched at 2024-05-15

2416. Denial of Service - Windows NTFS (CVE-2018-11730) - Medium [329]

Description: The libfsntfs_security_descriptor_values_free function in libfsntfs_security_descriptor_values.c in libfsntfs through 2018-04-20 allows remote attackers to cause a denial of service (double-free) via a crafted ntfs file. NOTE: the vendor has disputed this as described in libyal/libfsntfs issue 8 on GitHub

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The default file system of the Windows NT family
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11730 was patched at 2024-05-15

2417. Denial of Service - libvpx (CVE-2016-3881) - Medium [329]

Description: The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows remote attackers to cause a denial of service (buffer over-read, and device hang or reboot) via a crafted media file, aka internal bug 30013856.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814libvpx is a free software video codec library from Google and the Alliance for Open Media (AOMedia)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3881 was patched at 2024-05-15

2418. Denial of Service - libvpx (CVE-2016-6711) - Medium [329]

Description: A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30593765.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814libvpx is a free software video codec library from Google and the Alliance for Open Media (AOMedia)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6711 was patched at 2024-05-15

2419. Denial of Service - libvpx (CVE-2016-6712) - Medium [329]

Description: A remote denial of service vulnerability in libvpx in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-30593752.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814libvpx is a free software video codec library from Google and the Alliance for Open Media (AOMedia)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6712 was patched at 2024-05-15

2420. Denial of Service - libvpx (CVE-2017-0641) - Medium [329]

Description: A remote denial of service vulnerability in libvpx in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34360591.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814libvpx is a free software video codec library from Google and the Alliance for Open Media (AOMedia)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0641 was patched at 2024-05-15

2421. Information Disclosure - APT (CVE-2011-4927) - Medium [329]

Description: Unspecified vulnerability in the bazaar repository adapter in Redmine 1.0.x before 1.0.5 allows remote authenticated users to obtain sensitive information via unknown vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4927 was patched at 2024-05-15

2422. Information Disclosure - PHP (CVE-2007-3639) - Medium [329]

Description: WordPress before 2.2.2 allows remote attackers to redirect visitors to other websites and potentially obtain sensitive information via (1) the _wp_http_referer parameter to wp-pass.php, related to the wp_get_referer function in wp-includes/functions.php; and possibly other vectors related to (2) wp-includes/pluggable.php and (3) the wp_nonce_ays function in wp-includes/functions.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3639 was patched at 2024-05-15

2423. Information Disclosure - PHP (CVE-2012-3354) - Medium [329]

Description: doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain PHP error levels are set, allows remote attackers to obtain sensitive information via the prefix parameter, which reveals the installation path in an error message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3354 was patched at 2024-05-15

2424. Memory Corruption - Chromium (CVE-2021-30606) - Medium [329]

Description: Chromium: CVE-2021-30606 Use after free in Blink

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30606 was patched at 2024-05-15

2425. Memory Corruption - Chromium (CVE-2021-30607) - Medium [329]

Description: Chromium: CVE-2021-30607 Use after free in Permissions

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30607 was patched at 2024-05-15

2426. Memory Corruption - Chromium (CVE-2021-30608) - Medium [329]

Description: Chromium: CVE-2021-30608 Use after free in Web Share

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30608 was patched at 2024-05-15

2427. Memory Corruption - Chromium (CVE-2021-30609) - Medium [329]

Description: Chromium: CVE-2021-30609 Use after free in Sign-In

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30609 was patched at 2024-05-15

2428. Memory Corruption - Chromium (CVE-2021-30610) - Medium [329]

Description: Chromium: CVE-2021-30610 Use after free in Extensions API

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30610 was patched at 2024-05-15

2429. Memory Corruption - Chromium (CVE-2021-30611) - Medium [329]

Description: Chromium: CVE-2021-30611 Use after free in WebRTC

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30611 was patched at 2024-05-15

2430. Memory Corruption - Chromium (CVE-2021-30612) - Medium [329]

Description: Chromium: CVE-2021-30612 Use after free in WebRTC

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30612 was patched at 2024-05-15

2431. Memory Corruption - Chromium (CVE-2021-30613) - Medium [329]

Description: Chromium: CVE-2021-30613 Use after free in Base internals

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30613 was patched at 2024-05-15

2432. Memory Corruption - Chromium (CVE-2021-30614) - Medium [329]

Description: Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30614 was patched at 2024-05-15

2433. Memory Corruption - Chromium (CVE-2021-30616) - Medium [329]

Description: Chromium: CVE-2021-30616 Use after free in Media

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30616 was patched at 2024-05-15

2434. Memory Corruption - Chromium (CVE-2021-30622) - Medium [329]

Description: Chromium: CVE-2021-30622 Use after free in WebApp Installs

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30622 was patched at 2024-05-15

2435. Memory Corruption - Chromium (CVE-2021-30624) - Medium [329]

Description: Chromium: CVE-2021-30624 Use after free in Autofill

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30624 was patched at 2024-05-15

2436. Memory Corruption - Chromium (CVE-2024-3837) - Medium [329]

Description: Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3837 was patched at 2024-04-20, 2024-05-15

redos: CVE-2024-3837 was patched at 2024-05-03

2437. Memory Corruption - Google Chrome (CVE-2021-30541) - Medium [329]

Description: Use after free in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30541 was patched at 2024-05-15

2438. Memory Corruption - Google Chrome (CVE-2021-30542) - Medium [329]

Description: Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30542 was patched at 2024-05-15

2439. Memory Corruption - Google Chrome (CVE-2021-30543) - Medium [329]

Description: Use after free in Tab Strip in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30543 was patched at 2024-05-15

2440. Memory Corruption - Google Chrome (CVE-2021-30555) - Medium [329]

Description: Use after free in Sharing in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and user gesture.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30555 was patched at 2024-05-15

2441. Memory Corruption - Google Chrome (CVE-2021-30556) - Medium [329]

Description: Use after free in WebAudio in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30556 was patched at 2024-05-15

2442. Memory Corruption - Google Chrome (CVE-2021-30557) - Medium [329]

Description: Use after free in TabGroups in Google Chrome prior to 91.0.4472.114 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30557 was patched at 2024-05-15

2443. Memory Corruption - Google Chrome (CVE-2021-30562) - Medium [329]

Description: Use after free in WebSerial in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30562 was patched at 2024-05-15

2444. Memory Corruption - Google Chrome (CVE-2021-30564) - Medium [329]

Description: Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30564 was patched at 2024-05-15

2445. Memory Corruption - Google Chrome (CVE-2021-30566) - Medium [329]

Description: Stack buffer overflow in Printing in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to potentially exploit stack corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30566 was patched at 2024-05-15

2446. Memory Corruption - Google Chrome (CVE-2021-30567) - Medium [329]

Description: Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to open DevTools to potentially exploit heap corruption via specific user gesture.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30567 was patched at 2024-05-15

2447. Memory Corruption - Google Chrome (CVE-2021-30568) - Medium [329]

Description: Heap buffer overflow in WebGL in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30568 was patched at 2024-05-15

2448. Memory Corruption - Google Chrome (CVE-2021-30569) - Medium [329]

Description: Use after free in sqlite in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30569 was patched at 2024-05-15

2449. Memory Corruption - Google Chrome (CVE-2021-30572) - Medium [329]

Description: Use after free in Autofill in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30572 was patched at 2024-05-15

2450. Memory Corruption - Google Chrome (CVE-2021-30574) - Medium [329]

Description: Use after free in protocol handling in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30574 was patched at 2024-05-15

2451. Memory Corruption - Google Chrome (CVE-2021-30576) - Medium [329]

Description: Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30576 was patched at 2024-05-15

2452. Memory Corruption - Google Chrome (CVE-2021-30578) - Medium [329]

Description: Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30578 was patched at 2024-05-15

2453. Memory Corruption - Google Chrome (CVE-2021-30579) - Medium [329]

Description: Use after free in UI framework in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30579 was patched at 2024-05-15

2454. Memory Corruption - Google Chrome (CVE-2021-30581) - Medium [329]

Description: Use after free in DevTools in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30581 was patched at 2024-05-15

2455. Memory Corruption - Google Chrome (CVE-2021-30585) - Medium [329]

Description: Use after free in sensor handling in Google Chrome on Windows prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30585 was patched at 2024-05-15

2456. Memory Corruption - Google Chrome (CVE-2021-30586) - Medium [329]

Description: Use after free in dialog box handling in Windows in Google Chrome prior to 92.0.4515.107 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30586 was patched at 2024-05-15

2457. Memory Corruption - Google Chrome (CVE-2021-30588) - Medium [329]

Description: Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30588 was patched at 2024-05-15

2458. Memory Corruption - Google Chrome (CVE-2021-30590) - Medium [329]

Description: Heap buffer overflow in Bookmarks in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30590 was patched at 2024-05-15

2459. Memory Corruption - Google Chrome (CVE-2021-30591) - Medium [329]

Description: Use after free in File System API in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30591 was patched at 2024-05-15

2460. Memory Corruption - Google Chrome (CVE-2021-30600) - Medium [329]

Description: Use after free in Printing in Google Chrome prior to 92.0.4515.159 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30600 was patched at 2024-05-15

2461. Memory Corruption - Google Chrome (CVE-2021-30601) - Medium [329]

Description: Use after free in Extensions API in Google Chrome prior to 92.0.4515.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30601 was patched at 2024-05-15

2462. Memory Corruption - Google Chrome (CVE-2021-30604) - Medium [329]

Description: Use after free in ANGLE in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30604 was patched at 2024-05-15

2463. Memory Corruption - Google Chrome (CVE-2021-30625) - Medium [329]

Description: Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30625 was patched at 2024-05-15

2464. Memory Corruption - Google Chrome (CVE-2021-30626) - Medium [329]

Description: Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30626 was patched at 2024-05-15

2465. Memory Corruption - Google Chrome (CVE-2021-30627) - Medium [329]

Description: Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30627 was patched at 2024-05-15

2466. Memory Corruption - Google Chrome (CVE-2021-30628) - Medium [329]

Description: Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30628 was patched at 2024-05-15

2467. Memory Corruption - Google Chrome (CVE-2021-30629) - Medium [329]

Description: Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30629 was patched at 2024-05-15

2468. Memory Corruption - Safari (CVE-2018-4373) - Medium [329]

Description: Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-4373 was patched at 2024-05-15

2469. Memory Corruption - Safari (CVE-2018-4375) - Medium [329]

Description: Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-4375 was patched at 2024-05-15

2470. Memory Corruption - Safari (CVE-2018-4376) - Medium [329]

Description: Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-4376 was patched at 2024-05-15

2471. Memory Corruption - Safari (CVE-2018-4378) - Medium [329]

Description: A memory corruption issue was addressed with improved validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-4378 was patched at 2024-05-15

2472. Memory Corruption - Safari (CVE-2018-4392) - Medium [329]

Description: Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1, tvOS 12.1, watchOS 5.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-4392 was patched at 2024-05-15

2473. Memory Corruption - Safari (CVE-2018-4464) - Medium [329]

Description: Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-4464 was patched at 2024-05-15

2474. Path Traversal - PHP (CVE-2005-4600) - Medium [329]

Description: Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4600 was patched at 2024-05-15

2475. Path Traversal - PHP (CVE-2011-2718) - Medium [329]

Description: Multiple directory traversal vulnerabilities in the relational schema implementation in phpMyAdmin 3.4.x before 3.4.3.2 allow remote authenticated users to include and execute arbitrary local files via directory traversal sequences in an export type field, related to (1) libraries/schema/User_Schema.class.php and (2) schema_export.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2718 was patched at 2024-05-15

2476. Unknown Vulnerability Type - GNU C Library (CVE-2018-20796) - Medium [329]

Description: {'vulners_cve_data_all': 'In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20796 was patched at 2024-05-15

2477. Cross Site Scripting - Apache HTTP Server (CVE-2003-1581) - Medium [328]

Description: The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-1581 was patched at 2024-05-15

2478. Cross Site Scripting - Windows LDAP (CVE-2006-2016) - Medium [328]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2016 was patched at 2024-05-15

2479. Remote Code Execution - Git (CVE-2007-4631) - Medium [328]

Description: The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Git
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4631 was patched at 2024-05-15

2480. Remote Code Execution - Linux Kernel (CVE-2024-26898) - Medium [328]

Description: In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts This patch is against CVE-2023-6270. The description of cve is: A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial of service condition or potential code execution. In aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial code is finished. But the net_device ifp will still be used in later tx()->dev_queue_xmit() in kthread. Which means that the dev_put(ifp) should NOT be called in the success path of skb initial code in aoecmd_cfg_pkts(). Otherwise tx() may run into use-after-free because the net_device is freed. This patch removed the dev_put(ifp) in the success path in aoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26898 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26898 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

2481. Denial of Service - Kerberos (CVE-2013-1417) - Medium [327]

Description: do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1417 was patched at 2024-05-15

2482. Denial of Service - Unknown Product (CVE-2023-50966) - Medium [327]

Description: {'vulners_cve_data_all': 'erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50966 was patched at 2024-05-15

2483. Denial of Service - Unknown Product (CVE-2023-50967) - Medium [327]

Description: {'vulners_cve_data_all': 'latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50967 was patched at 2024-05-15

2484. Denial of Service - Unknown Product (CVE-2023-51792) - Medium [327]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51792 was patched at 2024-05-15

redos: CVE-2023-51792 was patched at 2024-04-22

ubuntu: CVE-2023-51792 was patched at 2024-05-07

2485. Memory Corruption - Unknown Product (CVE-2021-42700) - Medium [327]

Description: {'vulners_cve_data_all': 'Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42700 was patched at 2024-05-15

2486. Memory Corruption - Unknown Product (CVE-2021-42702) - Medium [327]

Description: {'vulners_cve_data_all': 'Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42702 was patched at 2024-05-15

2487. Security Feature Bypass - TLS (CVE-2018-17187) - Medium [327]

Description: {'vulners_cve_data_all': 'The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed. The latter hostname verifying mode was not implemented in Apache Qpid Proton-J versions 0.3 to 0.29.0, with attempts to use it resulting in an exception. This left only the option to verify the certificate is trusted, leaving such a client vulnerable to Man In The Middle (MITM) attack. Uses of the Proton-J protocol engine which do not utilise the optional transport TLS wrapper are not impacted, e.g. usage within Qpid JMS. Uses of Proton-J utilising the optional transport TLS wrapper layer that wish to enable hostname verification must be upgraded to version 0.30.0 or later and utilise the VerifyMode#VERIFY_PEER_NAME configuration, which is now the default for client mode usage unless configured otherwise.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514TLS
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17187 was patched at 2024-05-15

2488. Security Feature Bypass - TRIE (CVE-2020-7942) - Medium [327]

Description: {'vulners_cve_data_all': 'Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 and 5.5.19 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior. Affected software versions: Puppet 6.x prior to 6.13.0 Puppet Agent 6.x prior to 6.13.0 Puppet 5.5.x prior to 5.5.19 Puppet Agent 5.5.x prior to 5.5.19 Resolved in: Puppet 6.13.0 Puppet Agent 6.13.0 Puppet 5.5.19 Puppet Agent 5.5.19', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7942 was patched at 2024-05-15

2489. Arbitrary File Writing - GNU C Library (CVE-2004-1382) - Medium [326]

Description: The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1382 was patched at 2024-05-15

2490. Arbitrary File Writing - Samba (CVE-2012-5635) - Medium [326]

Description: The GlusterFS functionality in Red Hat Storage Management Console 2.0, Native Client, and Server 2.0 allows local users to overwrite arbitrary files via a symlink attack on multiple temporary files created by (1) tests/volume.rc, (2) extras/hook-scripts/S30samba-stop.sh, and possibly other vectors, different vulnerabilities than CVE-2012-4417.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5635 was patched at 2024-05-15

2491. Cross Site Scripting - Internet Explorer (CVE-2006-1796) - Medium [326]

Description: Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1796 was patched at 2024-05-15

2492. Cross Site Scripting - Internet Explorer (CVE-2007-0341) - Medium [326]

Description: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0341 was patched at 2024-05-15

2493. Cross Site Scripting - Perl (CVE-2005-0085) - Medium [326]

Description: Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0085 was patched at 2024-05-15

2494. Cross Site Scripting - Perl (CVE-2007-0106) - Medium [326]

Description: Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0106 was patched at 2024-05-15

2495. Cross Site Scripting - Puma (CVE-2020-5249) - Medium [326]

Description: In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Puma is a Ruby/Rack web server built for parallelism
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5249 was patched at 2024-05-15

2496. Information Disclosure - KeePass (CVE-2015-8378) - Medium [326]

Description: In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .xml dotfile.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.5147-Zip is a file archiver with a high compression ratio
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8378 was patched at 2024-05-15

2497. Information Disclosure - TRIE (CVE-2020-10187) - Medium [326]

Description: Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10187 was patched at 2024-05-15

2498. Remote Code Execution - Perl (CVE-2013-2145) - Medium [326]

Description: The cpansign verify functionality in the Module::Signature module before 0.72 for Perl allows attackers to bypass the signature check and execute arbitrary code via a SIGNATURE file with a "special unknown cipher" that references an untrusted module in Digest/.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2145 was patched at 2024-05-15

2499. Elevation of Privilege - Git (CVE-2021-29428) - Medium [325]

Description: In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the "sticky" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the "sticky" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.414Git
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29428 was patched at 2024-05-15

2500. Denial of Service - BIND (CVE-2007-2241) - Medium [324]

Description: Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2241 was patched at 2024-05-15

2501. Denial of Service - BIND (CVE-2011-4062) - Medium [324]

Description: Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX socket.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4062 was patched at 2024-05-15

2502. Denial of Service - FFmpeg (CVE-2011-3940) - Medium [324]

Description: nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11, and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1, allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted NSV file that triggers "use of uninitialized streams."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3940 was patched at 2024-05-15

2503. Denial of Service - FFmpeg (CVE-2013-7009) - Medium [324]

Description: The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7009 was patched at 2024-05-15

2504. Denial of Service - FFmpeg (CVE-2013-7011) - Medium [324]

Description: The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7011 was patched at 2024-05-15

2505. Denial of Service - FFmpeg (CVE-2016-2213) - Medium [324]

Description: The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.6 allows remote attackers to cause a denial of service (out-of-bounds array read access) via crafted JPEG 2000 data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2213 was patched at 2024-05-15

2506. Denial of Service - FFmpeg (CVE-2017-17555) - Medium [324]

Description: The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17555 was patched at 2024-05-15

2507. Denial of Service - FFmpeg (CVE-2018-12459) - Medium [324]

Description: An inconsistent bits-per-sample value in the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c in FFmpeg 4.0 may trigger an assertion violation while converting a crafted AVI file to MPEG4, leading to a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12459 was patched at 2024-05-15

2508. Denial of Service - FFmpeg (CVE-2018-13301) - Medium [324]

Description: In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-13301 was patched at 2024-05-15

2509. Denial of Service - FFmpeg (CVE-2018-13303) - Medium [324]

Description: In FFmpeg 4.0.1, a missing check for failure of a call to init_get_bits8() in the avpriv_ac3_parse_header function in libavcodec/ac3_parser.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-13303 was patched at 2024-05-15

2510. Denial of Service - FFmpeg (CVE-2018-13304) - Medium [324]

Description: In libavcodec in FFmpeg 4.0.1, improper maintenance of the consistency between the context profile field and studio_profile in libavcodec may trigger an assertion failure while converting a crafted AVI file to MPEG4, leading to a denial of service, related to error_resilience.c, h263dec.c, and mpeg4videodec.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-13304 was patched at 2024-05-15

2511. Denial of Service - FFmpeg (CVE-2018-1999014) - Medium [324]

Description: FFmpeg before commit bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 contains an out of array access vulnerability in MXF format demuxer that can result in DoS. This attack appear to be exploitable via specially crafted MXF file which has to be provided as input. This vulnerability appears to have been fixed in bab0716c7f4793ec42e05a5aa7e80d82a0dd4e75 and later.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1999014 was patched at 2024-05-15

2512. Denial of Service - FFmpeg (CVE-2018-6912) - Medium [324]

Description: The decode_plane function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6912 was patched at 2024-05-15

2513. Denial of Service - FFmpeg (CVE-2018-7751) - Medium [324]

Description: The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (Infinite Loop) via a crafted XML file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7751 was patched at 2024-05-15

2514. Denial of Service - FFmpeg (CVE-2020-22056) - Medium [324]

Description: A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the config_input function in af_acrossover.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-22056 was patched at 2024-05-15

2515. Denial of Service - MediaWiki (CVE-2015-2936) - Medium [324]

Description: MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2936 was patched at 2024-05-15

2516. Denial of Service - MediaWiki (CVE-2015-2937) - Medium [324]

Description: MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2937 was patched at 2024-05-15

2517. Denial of Service - MediaWiki (CVE-2015-2942) - Medium [324]

Description: MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a "billion laughs attack," a different vulnerability than CVE-2015-2937.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2942 was patched at 2024-05-15

2518. Denial of Service - MediaWiki (CVE-2015-8002) - Medium [324]

Description: The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a file upload using one byte chunks.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8002 was patched at 2024-05-15

2519. Denial of Service - QEMU (CVE-2015-8701) - Medium [324]

Description: QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in 'tx_consume' routine, if a descriptor was to have more than allowed (ROCKER_TX_FRAGS_MAX=16) fragments. A privileged user inside guest could use this flaw to cause memory leakage on the host or crash the QEMU process instance resulting in DoS issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8701 was patched at 2024-05-15

2520. Denial of Service - QEMU (CVE-2017-6209) - Medium [324]

Description: Stack-based buffer overflow in the parse_identifier function in tgsi_text.c in the TGSI auxiliary module in the Gallium driver in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors related to parsing properties.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6209 was patched at 2024-05-15

2521. Denial of Service - QEMU (CVE-2017-6210) - Medium [324]

Description: The vrend_decode_reset function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (NULL pointer dereference and QEMU process crash) by destroying context 0 (zero).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6210 was patched at 2024-05-15

2522. Denial of Service - QEMU (CVE-2019-12067) - Medium [324]

Description: The ahci_commit_buf function in ide/ahci.c in QEMU allows attackers to cause a denial of service (NULL dereference) when the command header 'ad->cur_cmd' is null.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12067 was patched at 2024-05-15

2523. Denial of Service - QEMU (CVE-2020-10701) - Medium [324]

Description: A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10701 was patched at 2024-05-15

2524. Incorrect Calculation - FFmpeg (CVE-2016-6164) - Medium [324]

Description: Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6164 was patched at 2024-05-15

2525. Information Disclosure - Curl (CVE-2015-3236) - Medium [324]

Description: cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-3236 was patched at 2024-05-15

2526. Information Disclosure - MariaDB (CVE-2021-39200) - Medium [324]

Description: {'vulners_cve_data_all': 'WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions output data of the function wp_die() can be leaked under certain conditions, which can include data like nonces. It can then be used to perform actions on your behalf. This has been patched in WordPress 5.8.1, along with any older affected versions via minor releases. It's strongly recommended that you keep auto-updates enabled to receive the fix.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714MariaDB is a community-developed, commercially supported fork of the MySQL relational database management system, intended to remain free and open-source software under the GNU General Public License
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39200 was patched at 2024-05-15

2527. Information Disclosure - MediaWiki (CVE-2007-0894) - Medium [324]

Description: MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting error message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0894 was patched at 2024-05-15

2528. Information Disclosure - MediaWiki (CVE-2008-5687) - Medium [324]

Description: MediaWiki 1.11, and other versions before 1.13.3, does not properly protect against the download of backups of deleted images, which might allow remote attackers to obtain sensitive information via requests for files in images/deleted/.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5687 was patched at 2024-05-15

2529. Information Disclosure - MediaWiki (CVE-2011-4361) - Medium [324]

Description: MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4361 was patched at 2024-05-15

2530. Information Disclosure - MediaWiki (CVE-2013-4301) - Medium [324]

Description: includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to obtain sensitive information via a "<" (open angle bracket) character in the lang parameter to w/load.php, which reveals the installation path in an error message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4301 was patched at 2024-05-15

2531. Information Disclosure - SQLite (CVE-2006-4976) - Medium [324]

Description: The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14) datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16) datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20) adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22) adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24) adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php, (27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29) adodb-informix72.inc.php, (30) adodb-mssql.inc.php, (31) adodb-mssqlpo.inc.php, (32) adodb-mysql.inc.php, (33) adodb-mysqli.inc.php, (34) adodb-mysqlt.inc.php, (35) adodb-oci8.inc.php, (36) adodb-oci805.inc.php, (37) adodb-oci8po.inc.php, (38) adodb-odbc.inc.php, (39) adodb-odbc_mssql.inc.php, (40) adodb-odbc_oracle.inc.php, (41) adodb-oracle.inc.php, (42) adodb-postgres64.inc.php, (43) adodb-postgres7.inc.php, (44) adodb-proxy.inc.php, (45) adodb-sapdb.inc.php, (46) adodb-sqlanywhere.inc.php, (47) adodb-sqlite.inc.php, (48) adodb-sybase.inc.php, (49) adodb-vfp.inc.php; file in perf/ including (50) perf-db2.inc.php, (51) perf-informix.inc.php, (52) perf-mssql.inc.php, (53) perf-mysql.inc.php, (54) perf-oci8.inc.php, (55) perf-postgres.inc.php; tests/ files (56) benchmark.php, (57) client.php, (58) test-datadict.php, (59) test-perf.php, (60) test-pgblob.php, (61) test-php5.php, (62) test-xmlschema.php, (63) test.php, (64) test2.php, (65) test3.php, (66) test4.php, (67) test5.php, (68) test_rs_array.php, (69) testcache.php, (70) testdatabases.inc.php, (71) testgenid.php, (72) testmssql.php, (73) testoci8.php, (74) testoci8cursor.php, (75) testpaging.php, (76) testpear.php, (77) testsessions.php, (78) time.php, or (79) tmssql.php, which reveals the path in various error messages.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714SQLite is a database engine written in the C programming language
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4976 was patched at 2024-05-15

2532. Memory Corruption - Apache Traffic Server (CVE-2021-43082) - Medium [324]

Description: {'vulners_cve_data_all': 'Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43082 was patched at 2024-05-15

2533. Memory Corruption - FFmpeg (CVE-2008-4866) - Medium [324]

Description: Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_DELAY.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4866 was patched at 2024-05-15

2534. Memory Corruption - FFmpeg (CVE-2017-7866) - Medium [324]

Description: FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7866 was patched at 2024-05-15

2535. Memory Corruption - SQLite (CVE-2020-11656) - Medium [324]

Description: In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714SQLite is a database engine written in the C programming language
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11656 was patched at 2024-05-15

2536. Command Injection - Git (CVE-2023-51441) - Medium [323]

Description: ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.414Git
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51441 was patched at 2024-05-15

2537. Cross Site Scripting - APT (CVE-2014-4510) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4510 was patched at 2024-05-15

2538. Cross Site Scripting - ASP.NET (CVE-2005-0509) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814An open-source, server-side web-application framework designed for web development
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0509 was patched at 2024-05-15

2539. Cross Site Scripting - ASP.NET (CVE-2010-1459) - Medium [323]

Description: The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814An open-source, server-side web-application framework designed for web development
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1459 was patched at 2024-05-15

2540. Cross Site Scripting - FreeIPA (CVE-2014-7850) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814FreeIPA is a free and open source identity management system
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-7850 was patched at 2024-05-15

2541. Cross Site Scripting - Mozilla Firefox (CVE-2006-1731) - Medium [323]

Description: Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1731 was patched at 2024-05-15

2542. Cross Site Scripting - Mozilla Firefox (CVE-2006-1732) - Medium [323]

Description: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1732 was patched at 2024-05-15

2543. Cross Site Scripting - Mozilla Firefox (CVE-2006-2783) - Medium [323]

Description: Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2783 was patched at 2024-05-15

2544. Cross Site Scripting - Mozilla Firefox (CVE-2009-4924) - Medium [323]

Description: Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4924 was patched at 2024-05-15

2545. Cross Site Scripting - Node.js (CVE-2015-1370) - Medium [323]

Description: Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1370 was patched at 2024-05-15

2546. Cross Site Scripting - PHP (CVE-2004-1559) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1559 was patched at 2024-05-15

2547. Cross Site Scripting - PHP (CVE-2005-0543) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0543 was patched at 2024-05-15

2548. Cross Site Scripting - PHP (CVE-2005-0992) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0992 was patched at 2024-05-15

2549. Cross Site Scripting - PHP (CVE-2005-2107) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2107 was patched at 2024-05-15

2550. Cross Site Scripting - PHP (CVE-2005-2869) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2869 was patched at 2024-05-15

2551. Cross Site Scripting - PHP (CVE-2005-3301) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3301 was patched at 2024-05-15

2552. Cross Site Scripting - PHP (CVE-2005-3665) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3665 was patched at 2024-05-15

2553. Cross Site Scripting - PHP (CVE-2005-3787) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3787 was patched at 2024-05-15

2554. Cross Site Scripting - PHP (CVE-2006-0518) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0518 was patched at 2024-05-15

2555. Cross Site Scripting - PHP (CVE-2006-1258) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1258 was patched at 2024-05-15

2556. Cross Site Scripting - PHP (CVE-2006-1295) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1295 was patched at 2024-05-15

2557. Cross Site Scripting - PHP (CVE-2006-1678) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1678 was patched at 2024-05-15

2558. Cross Site Scripting - PHP (CVE-2006-1803) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1803 was patched at 2024-05-15

2559. Cross Site Scripting - PHP (CVE-2006-2417) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2417 was patched at 2024-05-15

2560. Cross Site Scripting - PHP (CVE-2006-4067) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. NOTE: some of these details are obtained from third party information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4067 was patched at 2024-05-15

2561. Cross Site Scripting - PHP (CVE-2006-5718) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5718 was patched at 2024-05-15

2562. Cross Site Scripting - PHP (CVE-2006-6965) - Medium [323]

Description: CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6965 was patched at 2024-05-15

2563. Cross Site Scripting - PHP (CVE-2007-1049) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1049 was patched at 2024-05-15

2564. Cross Site Scripting - PHP (CVE-2007-1395) - Medium [323]

Description: Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1395 was patched at 2024-05-15

2565. Cross Site Scripting - PHP (CVE-2007-1622) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1622 was patched at 2024-05-15

2566. Cross Site Scripting - PHP (CVE-2007-1894) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1894 was patched at 2024-05-15

2567. Cross Site Scripting - PHP (CVE-2007-2016) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2016 was patched at 2024-05-15

2568. Cross Site Scripting - PHP (CVE-2007-3542) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3542 was patched at 2024-05-15

2569. Cross Site Scripting - PHP (CVE-2007-4048) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4048 was patched at 2024-05-15

2570. Cross Site Scripting - PHP (CVE-2007-4306) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the (1) unlim_num_rows, (2) sql_query, or (3) pos parameter to (a) tbl_export.php; the (4) session_max_rows or (5) pos parameter to (b) sql.php; the (6) username parameter to (c) server_privileges.php; or the (7) sql_query parameter to (d) main.php. NOTE: vector 5 might be a regression or incomplete fix for CVE-2006-6942.7.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4306 was patched at 2024-05-15

2571. Cross Site Scripting - PHP (CVE-2007-4483) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4483 was patched at 2024-05-15

2572. Cross Site Scripting - PHP (CVE-2007-5105) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5105 was patched at 2024-05-15

2573. Cross Site Scripting - PHP (CVE-2007-5106) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5106 was patched at 2024-05-15

2574. Cross Site Scripting - PHP (CVE-2007-5386) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5386 was patched at 2024-05-15

2575. Cross Site Scripting - PHP (CVE-2007-5589) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.php, (c) display_change_password.lib.php, and (d) common.lib.php in libraries/; and certain input available in PHP_SELF and (2) PATH_INFO in libraries/common.inc.php. NOTE: there might also be other vectors related to (3) REQUEST_URI.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5589 was patched at 2024-05-15

2576. Cross Site Scripting - PHP (CVE-2007-5728) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5728 was patched at 2024-05-15

2577. Cross Site Scripting - PHP (CVE-2008-0192) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0192 was patched at 2024-05-15

2578. Cross Site Scripting - PHP (CVE-2008-0193) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0193 was patched at 2024-05-15

2579. Cross Site Scripting - PHP (CVE-2008-3881) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder 1.23.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified "zm_html_view_*.php" files.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3881 was patched at 2024-05-15

2580. Cross Site Scripting - PHP (CVE-2008-5278) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5278 was patched at 2024-05-15

2581. Cross Site Scripting - PHP (CVE-2008-6838) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 allows remote attackers to inject arbitrary web script or HTML via the _off parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6838 was patched at 2024-05-15

2582. Cross Site Scripting - PHP (CVE-2009-1150) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in the export page (display_export.lib.php) in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pma_db_filename_template cookie.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1150 was patched at 2024-05-15

2583. Cross Site Scripting - PHP (CVE-2009-2343) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in people.php in Zoph before 0.7.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2343 was patched at 2024-05-15

2584. Cross Site Scripting - PHP (CVE-2010-1594) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via (1) the query string, (2) the BASE parameter, or (3) the ega_1 parameter. NOTE: some of these details are obtained from third party information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1594 was patched at 2024-05-15

2585. Cross Site Scripting - PHP (CVE-2010-2958) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a different vulnerability than CVE-2010-3056.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2958 was patched at 2024-05-15

2586. Cross Site Scripting - PHP (CVE-2010-3056) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3056 was patched at 2024-05-15

2587. Cross Site Scripting - PHP (CVE-2010-3070) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to an arbitrary PHP script that uses NuSOAP classes.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3070 was patched at 2024-05-15

2588. Cross Site Scripting - PHP (CVE-2010-4480) - Medium [323]

Description: error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4480 was patched at 2024-05-15

2589. Cross Site Scripting - PHP (CVE-2010-5294) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for a (1) FTP or (2) SSH connection attempt.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-5294 was patched at 2024-05-15

2590. Cross Site Scripting - PHP (CVE-2011-0740) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0740 was patched at 2024-05-15

2591. Cross Site Scripting - PHP (CVE-2011-1940) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1940 was patched at 2024-05-15

2592. Cross Site Scripting - PHP (CVE-2011-2904) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix before 1.8.6 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2904 was patched at 2024-05-15

2593. Cross Site Scripting - PHP (CVE-2011-3598) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3598 was patched at 2024-05-15

2594. Cross Site Scripting - PHP (CVE-2011-4615) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter (aka host groups name) to (1) hostgroups.php and (2) usergrps.php, the update action to (3) hosts.php and (4) scripts.php, and (5) maintenance.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4615 was patched at 2024-05-15

2595. Cross Site Scripting - PHP (CVE-2012-0040) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in modules/core/www/no_cookie.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the retryURL parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0040 was patched at 2024-05-15

2596. Cross Site Scripting - PHP (CVE-2012-0283) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0283 was patched at 2024-05-15

2597. Cross Site Scripting - PHP (CVE-2012-0908) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in logout.php in SimpleSAMLphp 1.8.1 and possibly other versions before 1.8.2 allows remote attackers to inject arbitrary web script or HTML via the link_href parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0908 was patched at 2024-05-15

2598. Cross Site Scripting - PHP (CVE-2012-1600) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in functions.php in phpPgAdmin before 5.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) type of a function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1600 was patched at 2024-05-15

2599. Cross Site Scripting - PHP (CVE-2012-2129) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to inject arbitrary web script or HTML via the target parameter in an edit action.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2129 was patched at 2024-05-15

2600. Cross Site Scripting - PHP (CVE-2012-2403) - Medium [323]

Description: wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2403 was patched at 2024-05-15

2601. Cross Site Scripting - PHP (CVE-2012-2404) - Medium [323]

Description: wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2404 was patched at 2024-05-15

2602. Cross Site Scripting - PHP (CVE-2012-4277) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in the smarty_function_html_options_optoutput function in distribution/libs/plugins/function.html_options.php in Smarty before 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4277 was patched at 2024-05-15

2603. Cross Site Scripting - PHP (CVE-2012-4437) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4437 was patched at 2024-05-15

2604. Cross Site Scripting - PHP (CVE-2012-6633) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6633 was patched at 2024-05-15

2605. Cross Site Scripting - PHP (CVE-2013-1770) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1770 was patched at 2024-05-15

2606. Cross Site Scripting - PHP (CVE-2013-4997) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4997 was patched at 2024-05-15

2607. Cross Site Scripting - PHP (CVE-2013-6395) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6395 was patched at 2024-05-15

2608. Cross Site Scripting - PHP (CVE-2013-7303) - Medium [323]

Description: Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7303 was patched at 2024-05-15

2609. Cross Site Scripting - PHP (CVE-2014-6300) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-6300 was patched at 2024-05-15

2610. Cross Site Scripting - PHP (CVE-2014-9219) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9219 was patched at 2024-05-15

2611. Cross Site Scripting - PHP (CVE-2014-9236) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photographer_id or (2) _crumb parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9236 was patched at 2024-05-15

2612. Cross Site Scripting - PHP (CVE-2020-15400) - Medium [323]

Description: CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15400 was patched at 2024-05-15

2613. Cross Site Scripting - Safari (CVE-2009-1724) - Medium [323]

Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1724 was patched at 2024-05-15

2614. Arbitrary File Reading - Sudo (CVE-2004-1689) - Medium [322]

Description: sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.914Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1689 was patched at 2024-05-15

2615. Denial of Service - Linux Kernel (CVE-2010-5321) - Medium [322]

Description: Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-5321 was patched at 2024-05-15

2616. Denial of Service - Linux Kernel (CVE-2012-5374) - Medium [322]

Description: The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (extended runtime of kernel code) by creating many different files whose names are associated with the same CRC32C hash value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5374 was patched at 2024-05-15

2617. Denial of Service - Linux Kernel (CVE-2012-5375) - Medium [322]

Description: The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service (prevention of file creation) by leveraging the ability to write to a directory important to the victim, and creating a file with a crafted name that is associated with a specific CRC32C hash value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5375 was patched at 2024-05-15

2618. Denial of Service - Linux Kernel (CVE-2013-3302) - Medium [322]

Description: Race condition in the smb_send_rqst function in fs/cifs/transport.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via vectors involving a reconnection event.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-3302 was patched at 2024-05-15

2619. Denial of Service - Linux Kernel (CVE-2013-6382) - Medium [322]

Description: Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6382 was patched at 2024-05-15

2620. Denial of Service - Linux Kernel (CVE-2018-17977) - Medium [322]

Description: The Linux kernel 4.14.67 mishandles certain interaction among XFRM Netlink messages, IPPROTO_AH packets, and IPPROTO_IP packets, which allows local users to cause a denial of service (memory consumption and system hang) by leveraging root access to execute crafted applications, as demonstrated on CentOS 7.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17977 was patched at 2024-05-15

2621. Denial of Service - Windows LDAP (CVE-2011-4079) - Medium [322]

Description: Off-by-one error in the UTF8StringNormalize function in OpenLDAP 2.4.26 and earlier allows remote attackers to cause a denial of service (slapd crash) via a zero-length string that triggers a heap-based buffer overflow, as demonstrated using an empty postalAddressAttribute value in an LDIF entry.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4079 was patched at 2024-05-15

2622. Incorrect Calculation - Linux Kernel (CVE-2013-4511) - Medium [322]

Description: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4511 was patched at 2024-05-15

2623. Information Disclosure - Linux Kernel (CVE-2012-6536) - Medium [322]

Description: net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify that the actual Netlink message length is consistent with a certain header field, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability and providing a (1) new or (2) updated state.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6536 was patched at 2024-05-15

2624. Information Disclosure - Sudo (CVE-2007-0473) - Medium [322]

Description: The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0473 was patched at 2024-05-15

2625. Memory Corruption - Linux Kernel (CVE-2017-17053) - Medium [322]

Description: The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17053 was patched at 2024-05-15

2626. Memory Corruption - Linux Kernel (CVE-2019-25160) - Medium [322]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetlabel: fix out-of-bounds memory accesses\n\nThere are two array out-of-bounds memory accesses, one in\ncipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk(). Both\nerrors are embarassingly simple, and the fixes are straightforward.\n\nAs a FYI for anyone backporting this patch to kernels prior to v4.8,\nyou'll want to apply the netlbl_bitmap_walk() patch to\ncipso_v4_bitmap_walk() as netlbl_bitmap_walk() doesn't exist before\nLinux v4.8.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-25160 was patched at 2024-05-15

2627. Memory Corruption - Linux Kernel (CVE-2021-46952) - Medium [322]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: fs_context: validate UDP retrans to prevent shift out-of-bounds\n\nFix shift out-of-bounds in xprt_calc_majortimeo(). This is caused\nby a garbage timeout (retrans) mount option being passed to nfs mount,\nin this case from syzkaller.\n\nIf the protocol is XPRT_TRANSPORT_UDP, then 'retrans' is a shift\nvalue for a 64-bit long integer, so 'retrans' cannot be >= 64.\nIf it is >= 64, fail the mount and return an error.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46952 was patched at 2024-05-15

2628. Memory Corruption - Linux Kernel (CVE-2022-2785) - Medium [322]

Description: {'vulners_cve_data_all': 'There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2785 was patched at 2024-05-15

2629. Memory Corruption - Linux Kernel (CVE-2022-47938) - Medium [322]

Description: An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNECT.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-47938 was patched at 2024-05-15

2630. Memory Corruption - Linux Kernel (CVE-2024-26593) - Medium [322]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: i801: Fix block process call transactions\n\nAccording to the Intel datasheets, software must reset the block\nbuffer index twice for block process call transactions: once before\nwriting the outgoing data to the buffer, and once again before\nreading the incoming data from the buffer.\n\nThe driver is currently missing the second reset, causing the wrong\nportion of the block buffer to be read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26593 was patched at 2024-06-05

debian: CVE-2024-26593 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-26593 was patched at 2024-05-02, 2024-06-05

redhat: CVE-2024-26593 was patched at 2024-06-05

ubuntu: CVE-2024-26593 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

2631. Cross Site Scripting - TRIE (CVE-2023-25825) - Medium [321]

Description: ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This is unescaped when viewing the logs in the web ui. This issue is patched in version 1.36.33.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.810CVSS Base Score is 7.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-25825 was patched at 2024-05-15

2632. Unknown Vulnerability Type - HID (CVE-2011-1499) - Medium [321]

Description: {'vulners_cve_data_all': 'acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Tinyproxy 'conf.c'整数溢出安全绕过漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514HID
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1499 was patched at 2024-05-15

2633. Unknown Vulnerability Type - Unknown Product (CVE-2008-3914) - Medium [321]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ClamAV多个未明内存破坏漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3914 was patched at 2024-05-15

2634. Unknown Vulnerability Type - Unknown Product (CVE-2009-0840) - Medium [321]

Description: {'vulners_cve_data_all': 'Heap-based buffer underflow in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to have an unknown impact via a negative value in the Content-Length HTTP header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MapServer mapserv程序多个远程安全漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0840 was patched at 2024-05-15

2635. Unknown Vulnerability Type - Unknown Product (CVE-2009-1176) - Medium [321]

Description: {'vulners_cve_data_all': 'mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MapServer mapserv程序多个远程安全漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1176 was patched at 2024-05-15

2636. Unknown Vulnerability Type - Unknown Product (CVE-2013-5743) - Medium [321]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([dsquare] Zabbix httpmon.php SQL Injection, [packetstorm] Zabbix 2.0.8 SQL Injection / Remote Code Execution, [zdt] Zabbix 2.0.8 SQL Injection Vulnerability, [zdt] Zabbix 2.0.8 SQL Injection and Remote Code Execution, [seebug] ZABBIX API及Frontend多个SQL注入漏洞(CVE-2013-5743), [seebug] Zabbix 2.0.8 SQL Injection(CVE-2013-5743))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-5743 was patched at 2024-05-15

2637. Unknown Vulnerability Type - Unknown Product (CVE-2013-7285) - Medium [321]

Description: {'vulners_cve_data_all': 'Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] OpenMRS Reporting Module 0.9.7 Remote Code Execution, [exploitpack] OpenMRS Reporting Module 0.9.7 - Remote Code Execution, [zdt] OpenMRS Reporting Module 0.9.7 - Remote Code Execution, [exploitdb] OpenMRS Reporting Module 0.9.7 - Remote Code Execution)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7285 was patched at 2024-05-15

2638. Unknown Vulnerability Type - Unknown Product (CVE-2017-0359) - Medium [321]

Description: {'vulners_cve_data_all': 'diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] ntfs-3g (Debian 9) - Local Privilege Escalation, [exploitdb] ntfs-3g (Debian 9) - Local Privilege Escalation)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0359 was patched at 2024-05-15

2639. Unknown Vulnerability Type - Unknown Product (CVE-2017-12087) - Medium [321]

Description: {'vulners_cve_data_all': 'An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Tinysvcmdns Multi-label DNS Heap Overflow Vulnerability, [seebug] Tinysvcmdns Multi-label DNS Heap Overflow Vulnerability(CVE-2017-12087))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12087 was patched at 2024-05-15

2640. Unknown Vulnerability Type - Unknown Product (CVE-2017-16228) - Medium [321]

Description: {'vulners_cve_data_all': 'Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Malicious GIT HTTP Server)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16228 was patched at 2024-05-15

2641. Unknown Vulnerability Type - Unknown Product (CVE-2018-11652) - Medium [321]

Description: {'vulners_cve_data_all': 'CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV report.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11652 was patched at 2024-05-15

2642. Unknown Vulnerability Type - Unknown Product (CVE-2018-17057) - Medium [321]

Description: {'vulners_cve_data_all': 'An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] LimeSurvey Deserialization Remote Code Execution, [packetstorm] TCPDF 6.2.19 Deserialization / Remote Code Execution, [zdt] TCPDF 6.2.19 Deserialization / Remote Code Execution Exploit, [zdt] LimeSurvey < 3.16 - Remote Code Execution Exploit, [exploitpack] LimeSurvey 3.16 - Remote Code Execution, [exploitdb] LimeSurvey < 3.16 - Remote Code Execution)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17057 was patched at 2024-05-15

2643. Unknown Vulnerability Type - Unknown Product (CVE-2018-9206) - Medium [321]

Description: {'vulners_cve_data_all': 'Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Blueimp jQuery File Upload 9.22.0 Arbitrary File Upload, [packetstorm] blueimp jQuery Arbitrary File Upload, [exploitpack] Blueimps jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit, [exploitpack] jQuery-File-Upload 9.22.0 - Arbitrary File Upload, [canvas] Immunity Canvas: JQUERY_FILE_UPLOAD, [zdt] blueimp jQuery Arbitrary File Upload Exploit, [dsquare] jQuery File Upload, [wpexploit] Tajer - Unauthenticated Arbitrary File Upload, [wpexploit] Art-Picture-Gallery <= 1.2.9 - Unauthenticated Arbitrary File Upload, [metasploit] blueimp's jQuery (Arbitrary) File Upload, [exploitdb] Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit, [exploitdb] jQuery-File-Upload 9.22.0 - Arbitrary File Upload, [exploitdb] blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-9206 was patched at 2024-05-15

2644. Unknown Vulnerability Type - Unknown Product (CVE-2020-25787) - Medium [321]

Description: {'vulners_cve_data_all': 'An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Tiny Tiny RSS - Remote Code Execution Exploit, [packetstorm] TinyTinyRSS Remote Code Execution, [exploitdb] Tiny Tiny RSS - Remote Code Execution)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25787 was patched at 2024-05-15

2645. Unknown Vulnerability Type - Unknown Product (CVE-2020-35545) - Medium [321]

Description: {'vulners_cve_data_all': 'Time-based SQL injection exists in Spotweb 1.4.9 via the query string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Spotweb 1.4.9 SQL Injection, [exploitdb] Spotweb 1.4.9 - 'search' SQL Injection)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35545 was patched at 2024-05-15

2646. Unknown Vulnerability Type - Unknown Product (CVE-2021-23440) - Medium [321]

Description: {'vulners_cve_data_all': 'This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-23440 was patched at 2024-05-15

2647. Unknown Vulnerability Type - Unknown Product (CVE-2021-40540) - Medium [321]

Description: {'vulners_cve_data_all': 'ulfius_uri_logger in Ulfius HTTP Framework before 2.7.4 omits con_info initialization and a con_info->request NULL check for certain malformed HTTP requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Ulfius Web Framework Remote Memory Corruption Exploit, [packetstorm] Ulfius Web Framework Remote Memory Corruption)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40540 was patched at 2024-05-15

2648. Denial of Service - Eclipse Mosquitto (CVE-2023-5632) - Medium [320]

Description: In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Eclipse Mosquitto provides a lightweight server implementation of the MQTT protocol that is suitable for all situations from full power machines to embedded and low power machines
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-5632 was patched at 2024-05-15

2649. Denial of Service - FreeRDP (CVE-2024-32660) - Medium [320]

Description: {'vulners_cve_data_all': 'FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32660 was patched at 2024-05-15

ubuntu: CVE-2024-32660 was patched at 2024-04-25, 2024-04-29

2650. Denial of Service - ImageMagick (CVE-2014-9804) - Medium [320]

Description: vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9804 was patched at 2024-05-15

2651. Denial of Service - ImageMagick (CVE-2014-9842) - Medium [320]

Description: Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9842 was patched at 2024-05-15

2652. Denial of Service - ImageMagick (CVE-2017-6497) - Medium [320]

Description: An issue was discovered in ImageMagick 6.9.7. A specially crafted psd file could lead to a NULL pointer dereference (thus, a DoS).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6497 was patched at 2024-05-15

2653. Denial of Service - Nokogiri (CVE-2022-24839) - Medium [320]

Description: {'vulners_cve_data_all': 'org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Nokogiri is an open source XML and HTML library for the Ruby programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24839 was patched at 2024-05-15

2654. Denial of Service - Perl (CVE-2002-1350) - Medium [320]

Description: The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly copy data, which allows remote attackers to cause a denial of service (application crash).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1350 was patched at 2024-05-15

2655. Denial of Service - Perl (CVE-2002-1372) - Medium [320]

Description: Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1372 was patched at 2024-05-15

2656. Denial of Service - Perl (CVE-2006-2659) - Medium [320]

Description: libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2659 was patched at 2024-05-15

2657. Denial of Service - Perl (CVE-2006-4112) - Medium [320]

Description: Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4112 was patched at 2024-05-15

2658. Denial of Service - Perl (CVE-2006-5877) - Medium [320]

Description: The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5877 was patched at 2024-05-15

2659. Denial of Service - Perl (CVE-2007-2297) - Medium [320]

Description: The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x before 1.4.3 does not properly parse SIP UDP packets that do not contain a valid response code, which allows remote attackers to cause a denial of service (crash).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2297 was patched at 2024-05-15

2660. Denial of Service - Perl (CVE-2011-1755) - Medium [320]

Description: jabberd2 before 2.2.14 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1755 was patched at 2024-05-15

2661. Denial of Service - Perl (CVE-2011-4869) - Medium [320]

Description: validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS servers to cause a denial of service (daemon crash) via a malformed response that lacks expected NSEC3 records, a different vulnerability than CVE-2011-4528.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4869 was patched at 2024-05-15

2662. Denial of Service - Perl (CVE-2013-6375) - Medium [320]

Description: Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6375 was patched at 2024-05-15

2663. Denial of Service - Perl (CVE-2014-1666) - Medium [320]

Description: The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 8.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1666 was patched at 2024-05-15

2664. Denial of Service - Perl (CVE-2014-9748) - Medium [320]

Description: The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to cause a denial of service (deadlock) or possibly have unspecified other impact by leveraging a race condition.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9748 was patched at 2024-05-15

2665. Denial of Service - Perl (CVE-2015-1521) - Medium [320]

Description: analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not properly handle zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read if NDEBUG; otherwise assertion failure) via a crafted DNP3 packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1521 was patched at 2024-05-15

2666. Denial of Service - Perl (CVE-2017-3224) - Medium [320]

Description: Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-3224 was patched at 2024-05-15

2667. Denial of Service - Perl (CVE-2018-12558) - Medium [320]

Description: The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters ("\f").

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12558 was patched at 2024-05-15

2668. Denial of Service - Perl (CVE-2018-5308) - Medium [320]

Description: PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function (base/PdfOutputStream.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-5308 was patched at 2024-05-15

2669. Denial of Service - Perl (CVE-2020-35680) - Medium [320]

Description: smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35680 was patched at 2024-05-15

2670. Denial of Service - Perl (CVE-2021-41396) - Medium [320]

Description: Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41396 was patched at 2024-05-15

2671. Denial of Service - Perl (CVE-2023-25824) - Medium [320]

Description: Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Versions from 0.9.0 to 0.12.0 (including) did not properly fail blocking read operations on TLS connections when the transport hit timeouts. Instead it entered an endless loop retrying the read operation, consuming CPU resources. This could be exploited for denial of service attacks. If trace level logging was enabled, it would also produce an excessive amount of log output during the loop, consuming disk space. The problem has been fixed in commit d7eec4e598158ab6a98bf505354e84352f9715ec, please update to version 0.12.1. There are no workarounds, users who cannot update should apply the errno fix detailed in the security advisory.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-25824 was patched at 2024-05-15

2672. Denial of Service - Perl (CVE-2023-4540) - Medium [320]

Description: Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. This issue affects lua-http: all versions before commit ddab283.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-4540 was patched at 2024-05-15

2673. Denial of Service - Python (CVE-2016-6581) - Medium [320]

Description: A HTTP/2 implementation built using any version of the Python HPACK library between v1.0.0 and v2.2.0 could be targeted for a denial of service attack, specifically a so-called "HPACK Bomb" attack. This attack occurs when an attacker inserts a header field that is exactly the size of the HPACK dynamic header table into the dynamic header table. The attacker can then send a header block that is simply repeated requests to expand that field in the dynamic table. This can lead to a gigantic compression ratio of 4,096 or better, meaning that 16kB of data can decompress to 64MB of data on the target machine.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6581 was patched at 2024-05-15

2674. Denial of Service - Python (CVE-2019-19274) - Medium [320]

Description: typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19274 was patched at 2024-05-15

2675. Denial of Service - Python (CVE-2019-19275) - Medium [320]

Description: typed_ast 1.3.0 and 1.3.1 has an ast_for_arguments out-of-bounds read. An attacker with the ability to cause a Python interpreter to parse Python source (but not necessarily execute it) may be able to crash the interpreter process. This could be a concern, for example, in a web-based service that parses (but does not execute) Python code. (This issue also affected certain Python 3.8.0-alpha prereleases.)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19275 was patched at 2024-05-15

2676. Denial of Service - Python (CVE-2020-7212) - Medium [320]

Description: The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for Python allows a denial of service (CPU consumption) because of an inefficient algorithm. The percent_encodings array contains all matches of percent encodings. It is not deduplicated. For a URL of length N, the size of percent_encodings may be up to O(N). The next step (normalize existing percent-encoded bytes) also takes up to O(N) for each step, so the total time is O(N^2). If percent_encodings were deduplicated, the time to compute _encode_invalid_chars would be O(kN), where k is at most 484 ((10+6*2)^2).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7212 was patched at 2024-05-15

2677. Denial of Service - Python (CVE-2021-32839) - Medium [320]

Description: sqlparse is a non-validating SQL parser module for Python. In sqlparse versions 0.4.0 and 0.4.1 there is a regular Expression Denial of Service in sqlparse vulnerability. The regular expression may cause exponential backtracking on strings containing many repetitions of '\r\n' in SQL comments. Only the formatting feature that removes comments from SQL statements is affected by this regular expression. As a workaround don't use the sqlformat.format function with keyword strip_comments=True or the --strip-comments command line flag when using the sqlformat command line tool. The issues has been fixed in sqlparse 0.4.2.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32839 was patched at 2024-05-15

2678. Denial of Service - Python (CVE-2021-43854) - Medium [320]

Description: NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Versions prior to 3.6.5 are vulnerable to regular expression denial of service (ReDoS) attacks. The vulnerability is present in PunktSentenceTokenizer, sent_tokenize and word_tokenize. Any users of this class, or these two functions, are vulnerable to the ReDoS attack. In short, a specifically crafted long input to any of these vulnerable functions will cause them to take a significant amount of execution time. If your program relies on any of the vulnerable functions for tokenizing unpredictable user input, then we would strongly recommend upgrading to a version of NLTK without the vulnerability. For users unable to upgrade the execution time can be bounded by limiting the maximum length of an input to any of the vulnerable functions. Our recommendation is to implement such a limit.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43854 was patched at 2024-05-15

2679. Denial of Service - Python (CVE-2022-33977) - Medium [320]

Description: untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service (DoS) condition on the server where the product is running.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-33977 was patched at 2024-05-15

2680. Denial of Service - Python (CVE-2022-39209) - Medium [320]

Description: cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior to 0.29.0.gfm.6 a polynomial time complexity issue in cmark-gfm's autolink extension may lead to unbounded resource exhaustion and subsequent denial of service. Users may verify the patch by running `python3 -c 'print("![l"* 100000 + "\n")' | ./cmark-gfm -e autolink`, which will resource exhaust on unpatched cmark-gfm but render correctly on patched cmark-gfm. This vulnerability has been patched in 0.29.0.gfm.6. Users are advised to upgrade. Users unable to upgrade should disable the use of the autolink extension.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-39209 was patched at 2024-05-15

2681. Denial of Service - Python (CVE-2022-42969) - Medium [320]

Description: The py library through 1.11.0 for Python allows remote attackers to conduct a ReDoS (Regular expression Denial of Service) attack via a Subversion repository with crafted info data, because the InfoSvnCommand argument is mishandled. Note: This has been disputed by multiple third parties as not being reproduceable and they argue this is not a valid vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-42969 was patched at 2024-05-15

2682. Denial of Service - Python (CVE-2023-26485) - Medium [320]

Description: cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `_` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources. ### Impact A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. ### Proof of concept ``` $ ~/cmark-gfm$ python3 -c 'pad = "_" * 100000; print(pad + "." + pad, end="")' | time ./build/src/cmark-gfm --to plaintext ``` Increasing the number 10000 in the above commands causes the running time to increase quadratically. ### Patches This vulnerability have been patched in 0.29.0.gfm.10. ### Note on cmark and cmark-gfm XXX: TBD [cmark-gfm](https://github.com/github/cmark-gfm) is a fork of [cmark](https://github.com/commonmark/cmark) that adds the GitHub Flavored Markdown extensions. The two codebases have diverged over time, but share a common core. These bugs affect both `cmark` and `cmark-gfm`. ### Credit We would like to thank @gravypod for reporting this vulnerability. ### References https://en.wikipedia.org/wiki/Time_complexity ### For more information If you have any questions or comments about this advisory: * Open an issue in [github/cmark-gfm](https://github.com/github/cmark-gfm)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26485 was patched at 2024-05-15

2683. Denial of Service - Python (CVE-2023-30798) - Medium [320]

Description: There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-30798 was patched at 2024-05-15

2684. Denial of Service - Python (CVE-2024-24762) - Medium [320]

Description: `python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-24762 was patched at 2024-05-15

2685. Denial of Service - Python (CVE-2024-30251) - Medium [320]

Description: {'vulners_cve_data_all': 'aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. An attacker can stop the application from serving requests after sending a single request. This issue has been addressed in version 3.9.4. Users are advised to upgrade. Users unable to upgrade may manually apply a patch to their systems. Please see the linked GHSA for instructions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-30251 was patched at 2024-05-15

2686. Denial of Service - Redis (CVE-2020-21468) - Medium [320]

Description: A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21468 was patched at 2024-05-15

2687. Denial of Service - Roundcube (CVE-2008-5620) - Medium [320]

Description: RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5620 was patched at 2024-05-15

2688. Denial of Service - Wireshark (CVE-2006-3629) - Medium [320]

Description: Unspecified vulnerability in the MOUNT dissector in Wireshark (aka Ethereal) 0.9.4 to 0.99.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3629 was patched at 2024-05-15

2689. Denial of Service - Wireshark (CVE-2006-4574) - Medium [320]

Description: Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4574 was patched at 2024-05-15

2690. Denial of Service - Wireshark (CVE-2013-4928) - Medium [320]

Description: Integer signedness error in the dissect_headers function in epan/dissectors/packet-btobex.c in the Bluetooth OBEX dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4928 was patched at 2024-05-15

2691. Denial of Service - Wireshark (CVE-2021-4182) - Medium [320]

Description: Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4182 was patched at 2024-05-15

2692. Denial of Service - Wireshark (CVE-2021-4186) - Medium [320]

Description: Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4186 was patched at 2024-05-15

debian: CVE-2021-41867 was patched at 2024-05-15

debian: CVE-2021-41868 was patched at 2024-05-15

2693. Denial of Service - Wireshark (CVE-2021-4190) - Medium [320]

Description: Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4190 was patched at 2024-05-15

2694. Denial of Service - Wireshark (CVE-2022-3725) - Medium [320]

Description: Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3725 was patched at 2024-05-15

2695. Denial of Service - Wireshark (CVE-2024-0211) - Medium [320]

Description: DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-0211 was patched at 2024-05-15

2696. Denial of Service - Wireshark (CVE-2024-2955) - Medium [320]

Description: T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-2955 was patched at 2024-05-15

redos: CVE-2024-2955 was patched at 2024-06-06

2697. Path Traversal - Perl (CVE-2005-0437) - Medium [320]

Description: Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0437 was patched at 2024-05-15

2698. Path Traversal - Perl (CVE-2023-35947) - Medium [320]

Description: Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised to upgrade. There are no known workarounds for this vulnerability. ### Impact This is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip. * When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. * For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. Gradle uses Tar archives for its [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html). These archives are safe when created by Gradle. But if an attacker had control of a remote build cache server, they could inject malicious build cache entries that leverage this vulnerability. This attack vector could also be exploited if a man-in-the-middle can be performed between the remote cache and the build. ### Patches A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. It is recommended that users upgrade to a patched version. ### Workarounds There is no workaround. * If your build deals with Tar archives that you do not fully trust, you need to inspect them to confirm they do not attempt to leverage this vulnerability. * If you use the Gradle remote build cache, make sure only trusted parties have write access to it and that connections to the remote cache are properly secured. ### References * [CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')](https://cwe.mitre.org/data/definitions/22.html) * [Gradle Build Cache](https://docs.gradle.org/current/userguide/build_cache.html) * [ZipSlip](https://security.snyk.io/research/zip-slip-vulnerability)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-35947 was patched at 2024-05-15

2699. Security Feature Bypass - Perl (CVE-2007-4739) - Medium [320]

Description: reprepro 1.3.0 through 2.2.3 does not properly verify signatures when updating repositories, which allows remote attackers to construct and distribute an ostensibly valid Release.gpg file by signing it with an unknown key, related to the update command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4739 was patched at 2024-05-15

2700. Security Feature Bypass - Perl (CVE-2010-2937) - Medium [320]

Description: {'vulners_cve_data_all': 'The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 through 1.1.2 does not properly process ID3v2 tags, which allows remote attackers to cause a denial of service (application crash) via a crafted media file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2937 was patched at 2024-05-15

2701. Security Feature Bypass - Perl (CVE-2019-8337) - Medium [320]

Description: {'vulners_cve_data_all': 'In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-8337 was patched at 2024-05-15

2702. Security Feature Bypass - Perl (CVE-2021-34145) - Medium [320]

Description: {'vulners_cve_data_all': 'The Bluetooth Classic implementation in the Cypress WICED BT stack through 2.9.0 for CYW20735B1 devices does not properly handle the reception of LMP_max_slot with an invalid Baseband packet type (and LT_ADDRESS and LT_ADDR) after completion of the LMP setup procedure, allowing attackers in radio range to trigger a denial of service (firmware crash) via a crafted LMP packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-34145 was patched at 2024-05-15

2703. Cross Site Scripting - MediaWiki (CVE-2007-0177) - Medium [319]

Description: Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0177 was patched at 2024-05-15

2704. Cross Site Scripting - MediaWiki (CVE-2017-0365) - Medium [319]

Description: Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0365 was patched at 2024-05-15

2705. Information Disclosure - ImageMagick (CVE-2017-15652) - Medium [319]

Description: Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: Someone must open a postscript file though ghostscript. Because of imagemagick also use libga, so it was affected as well.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15652 was patched at 2024-05-15

2706. Information Disclosure - Perl (CVE-2007-1661) - Medium [319]

Description: Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1661 was patched at 2024-05-15

2707. Information Disclosure - Perl (CVE-2015-5231) - Medium [319]

Description: The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5231 was patched at 2024-05-15

2708. Information Disclosure - Python (CVE-2013-6396) - Medium [319]

Description: The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6396 was patched at 2024-05-15

2709. Information Disclosure - wpa_supplicant (CVE-2019-9494) - Medium [319]

Description: {'vulners_cve_data_all': 'The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation) and Haiku
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9494 was patched at 2024-05-15

2710. Arbitrary File Reading - PHP (CVE-2008-1924) - Medium [317]

Description: Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared hosts, allows remote authenticated users with CREATE table permissions to read arbitrary files via a crafted HTTP POST request, related to use of an undefined UploadDir variable.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1924 was patched at 2024-05-15

2711. Arbitrary File Writing - Perl (CVE-2003-0924) - Medium [317]

Description: netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0924 was patched at 2024-05-15

2712. Arbitrary File Writing - Perl (CVE-2006-6097) - Medium [317]

Description: GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6097 was patched at 2024-05-15

2713. Arbitrary File Writing - Perl (CVE-2008-0666) - Medium [317]

Description: Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on (1) the /tmp/pe.tmp.$$ temporary file used by wml_contrib/wmg.cgi and (2) temporary files used by wml_backend/p3_eperl/eperl_sys.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0666 was patched at 2024-05-15

2714. Arbitrary File Writing - Python (CVE-2014-1932) - Medium [317]

Description: The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript function in EpsImagePlugin.py, (3) load function in IptcImagePlugin.py, and (4) _copy function in Image.py in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 do not properly create temporary files, which allow local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on the temporary file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1932 was patched at 2024-05-15

2715. Authentication Bypass - TRIE (CVE-2007-2165) - Medium [317]

Description: The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which might allow remote attackers to bypass authentication, as demonstrated by use of SQLAuthTypes Plaintext in mod_sql, with data retrieved from /etc/passwd.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2165 was patched at 2024-05-15

2716. Denial of Service - FreeIPA (CVE-2013-0336) - Medium [317]

Description: The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814FreeIPA is a free and open source identity management system
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0336 was patched at 2024-05-15

2717. Denial of Service - GNOME desktop (CVE-2006-0040) - Medium [317]

Description: GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0040 was patched at 2024-05-15

2718. Denial of Service - GNOME desktop (CVE-2006-0528) - Medium [317]

Description: The cairo library (libcairo), as used in GNOME Evolution and possibly other products, allows remote attackers to cause a denial of service (persistent client crash) via an attached text file that contains "Content-Disposition: inline" in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually removed, possibly due to a buffer overflow, as demonstrated using an XML attachment.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0528 was patched at 2024-05-15

2719. Denial of Service - GNU C Library (CVE-2002-1146) - Medium [317]

Description: The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1146 was patched at 2024-05-15

2720. Denial of Service - GNU C Library (CVE-2022-47022) - Medium [317]

Description: An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-47022 was patched at 2024-05-15

2721. Denial of Service - Google Chrome (CVE-2013-0899) - Medium [317]

Description: Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0899 was patched at 2024-05-15

2722. Denial of Service - Mozilla Firefox (CVE-2006-1738) - Medium [317]

Description: Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1738 was patched at 2024-05-15

2723. Denial of Service - Mozilla Firefox (CVE-2006-2723) - Medium [317]

Description: Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2723 was patched at 2024-05-15

2724. Denial of Service - Mozilla Firefox (CVE-2006-4566) - Medium [317]

Description: Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4566 was patched at 2024-05-15

2725. Denial of Service - Mozilla Firefox (CVE-2006-5464) - Medium [317]

Description: Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5464 was patched at 2024-05-15

2726. Denial of Service - Netty (CVE-2024-29025) - Medium [317]

Description: {'vulners_cve_data_all': 'Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Netty is a non-blocking I/O client-server framework for the development of Java network applications such as protocol servers and clients
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29025 was patched at 2024-05-15

redos: CVE-2024-29025 was patched at 2024-05-14

2727. Denial of Service - Node.js (CVE-2013-4450) - Medium [317]

Description: The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4450 was patched at 2024-05-15

2728. Denial of Service - OpenSSH (CVE-2004-2069) - Medium [317]

Description: sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2069 was patched at 2024-05-15

2729. Denial of Service - OpenSSH (CVE-2006-0883) - Medium [317]

Description: OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0883 was patched at 2024-05-15

2730. Denial of Service - OpenSSH (CVE-2006-4925) - Medium [317]

Description: packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4925 was patched at 2024-05-15

2731. Denial of Service - OpenSSH (CVE-2008-4109) - Medium [317]

Description: A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4109 was patched at 2024-05-15

2732. Denial of Service - OpenSSL (CVE-2002-1568) - Medium [317]

Description: OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks instead of less severe mechanisms, which allows remote attackers to cause a denial of service (crash) via certain messages that cause OpenSSL to abort from a failed assertion, as demonstrated using SSLv2 CLIENT_MASTER_KEY messages, which are not properly handled in s2_srvr.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1568 was patched at 2024-05-15

2733. Denial of Service - OpenSSL (CVE-2003-0543) - Medium [317]

Description: Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0543 was patched at 2024-05-15

2734. Denial of Service - OpenSSL (CVE-2003-0544) - Medium [317]

Description: OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0544 was patched at 2024-05-15

2735. Denial of Service - OpenSSL (CVE-2004-0081) - Medium [317]

Description: OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0081 was patched at 2024-05-15

2736. Denial of Service - OpenSSL (CVE-2005-2531) - Medium [317]

Description: OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2531 was patched at 2024-05-15

2737. Denial of Service - OpenSSL (CVE-2005-2532) - Medium [317]

Description: OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2532 was patched at 2024-05-15

2738. Denial of Service - OpenSSL (CVE-2010-2621) - Medium [317]

Description: The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2621 was patched at 2024-05-15

2739. Denial of Service - OpenSSL (CVE-2011-3210) - Medium [317]

Description: The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3210 was patched at 2024-05-15

2740. Denial of Service - OpenSSL (CVE-2012-0027) - Medium [317]

Description: The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0027 was patched at 2024-05-15

2741. Denial of Service - OpenSSL (CVE-2012-0050) - Medium [317]

Description: OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0050 was patched at 2024-05-15

2742. Denial of Service - OpenSSL (CVE-2012-2686) - Medium [317]

Description: crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2686 was patched at 2024-05-15

2743. Denial of Service - PHP (CVE-2005-1807) - Medium [317]

Description: The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1807 was patched at 2024-05-15

2744. Denial of Service - PHP (CVE-2006-5098) - Medium [317]

Description: lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5098 was patched at 2024-05-15

2745. Denial of Service - PHP (CVE-2008-5185) - Medium [317]

Description: The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using "<".

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5185 was patched at 2024-05-15

2746. Denial of Service - PHP (CVE-2016-9858) - Medium [317]

Description: An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in saved searches feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9858 was patched at 2024-05-15

2747. Denial of Service - PHP (CVE-2016-9859) - Medium [317]

Description: An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to initiate a denial of service attack in import feature. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9859 was patched at 2024-05-15

2748. Denial of Service - PHP (CVE-2019-11389) - Medium [317]

Description: An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with next# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11389 was patched at 2024-05-15

2749. Denial of Service - PHP (CVE-2019-11390) - Medium [317]

Description: An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with set_error_handler# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11390 was patched at 2024-05-15

2750. Denial of Service - PHP (CVE-2019-11391) - Medium [317]

Description: An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with $a# at the beginning and nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11391 was patched at 2024-05-15

2751. Denial of Service - PHP (CVE-2019-9084) - Medium [317]

Description: In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator to conduct remote denial of service (disrupting certain business functions of the product).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9084 was patched at 2024-05-15

2752. Denial of Service - RPC (CVE-2004-0154) - Medium [317]

Description: rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0154 was patched at 2024-05-15

2753. Denial of Service - RPC (CVE-2011-3369) - Medium [317]

Description: The add_conversation function in conversations.c in EtherApe before 0.9.12 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RPC packet, related to the get_rpc function in decode_proto.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3369 was patched at 2024-05-15

2754. Denial of Service - RPC (CVE-2013-1795) - Medium [317]

Description: Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1795 was patched at 2024-05-15

2755. Denial of Service - Safari (CVE-2009-3272) - Medium [317]

Description: Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3272 was patched at 2024-05-15

2756. Denial of Service - Samba (CVE-2004-0807) - Medium [317]

Description: Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0807 was patched at 2024-05-15

2757. Denial of Service - Samba (CVE-2004-0808) - Medium [317]

Description: The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0808 was patched at 2024-05-15

2758. Denial of Service - Samba (CVE-2004-0829) - Medium [317]

Description: smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0829 was patched at 2024-05-15

2759. Denial of Service - Samba (CVE-2004-0930) - Medium [317]

Description: The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0930 was patched at 2024-05-15

2760. Denial of Service - Samba (CVE-2010-1635) - Medium [317]

Description: The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1635 was patched at 2024-05-15

2761. Denial of Service - Samba (CVE-2010-1642) - Medium [317]

Description: The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \xff\xff security blob length in a Session Setup AndX request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1642 was patched at 2024-05-15

2762. Denial of Service - Samba (CVE-2012-0817) - Medium [317]

Description: Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0817 was patched at 2024-05-15

2763. Denial of Service - libvpx (CVE-2012-0823) - Medium [317]

Description: VP8 Codec SDK (libvpx) before 1.0.0 "Duclair" allows remote attackers to cause a denial of service (application crash) via (1) unspecified "corrupt input" or (2) by "starting decoding from a P-frame," which triggers an out-of-bounds read, related to "the clamping of motion vectors in SPLITMV blocks".

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814libvpx is a free software video codec library from Google and the Alliance for Open Media (AOMedia)
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0823 was patched at 2024-05-15

2764. Incorrect Calculation - Node.js (CVE-2020-13822) - Medium [317]

Description: The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.810CVSS Base Score is 7.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13822 was patched at 2024-05-15

2765. Memory Corruption - APT (CVE-2023-31982) - Medium [317]

Description: Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_packet_reasm_ip at /src/capture.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31982 was patched at 2024-05-15

2766. Memory Corruption - APT (CVE-2023-36192) - Medium [317]

Description: Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-36192 was patched at 2024-05-15

2767. Memory Corruption - APT (CVE-2023-41102) - Medium [317]

Description: An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-41102 was patched at 2024-05-15

2768. Memory Corruption - Google Chrome (CVE-2021-30603) - Medium [317]

Description: Data race in WebAudio in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30603 was patched at 2024-05-15

2769. Memory Corruption - ICMP (CVE-2020-7469) - Medium [317]

Description: In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 the handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814The Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to diagnose network communication issues
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7469 was patched at 2024-05-15

2770. Memory Corruption - OpenSSL (CVE-2016-7053) - Medium [317]

Description: {'vulners_cve_data_all': 'In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL value being passed to the structure callback if an attempt is made to free certain invalid encodings. Only CHOICE structures using a callback which do not handle NULL value are affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7053 was patched at 2024-05-15

2771. Memory Corruption - OpenSSL (CVE-2022-29242) - Medium [317]

Description: GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1 contains a patch for this issue. Disabling ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is a possible workaround.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29242 was patched at 2024-05-15

2772. Path Traversal - PHP (CVE-2005-2256) - Medium [317]

Description: Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2256 was patched at 2024-05-15

2773. Path Traversal - PHP (CVE-2006-2692) - Medium [317]

Description: Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to read arbitrary image, HTML, or PHP files via unknown vectors, probably related to directory traversal.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2692 was patched at 2024-05-15

2774. Path Traversal - PHP (CVE-2006-3360) - Medium [317]

Description: Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence and a trailing null (%00) byte in the lng parameter, which will display a different error message if the file exists.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3360 was patched at 2024-05-15

2775. Path Traversal - PHP (CVE-2010-0287) - Medium [317]

Description: Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0287 was patched at 2024-05-15

2776. Remote Code Execution - Azure (CVE-2024-29195) - Medium [316]

Description: The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. Requirements for RCE are 1. Compromised Azure account allowing malformed payloads to be sent to the device via IoT Hub service, 2. By passing IoT hub service max message payload limit of 128KB, and 3. Ability to overwrite code space with remote code. Fixed in commit https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Azure
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29195 was patched at 2024-05-15

2777. Remote Code Execution - Git (CVE-2023-40030) - Medium [316]

Description: Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A malicious package included as a dependency may inject nearly arbitrary HTML here, potentially leading to cross-site scripting if the report is subsequently uploaded somewhere. The vulnerability affects users relying on dependencies from git, local paths, or alternative registries. Users who solely depend on crates.io are unaffected. Rust 1.60.0 introduced `cargo build --timings`, which produces a report of how long the different steps of the build process took. It includes lists of Cargo features for each crate. Prior to Rust 1.72, Cargo feature names were allowed to contain almost any characters (with some exceptions as used by the feature syntax), but it would produce a future incompatibility warning about them since Rust 1.49. crates.io is far more stringent about what it considers a valid feature name and has not allowed such feature names. As the feature names were included unescaped in the timings report, they could be used to inject Javascript into the page, for example with a feature name like `features = ["<img src='' onerror=alert(0)"]`. If this report were subsequently uploaded to a domain that uses credentials, the injected Javascript could access resources from the website visitor. This issue was fixed in Rust 1.72 by turning the future incompatibility warning into an error. Users should still exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io has server-side checks preventing this attack, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as remote code execution is allowed by design there as well.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-40030 was patched at 2024-05-15

2778. Unknown Vulnerability Type - Git (CVE-2024-32021) - Medium [316]

Description: {'vulners_cve_data_all': 'Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over the filesystem may creating hardlinks to arbitrary user-owned files on the same filesystem in the target Git repository's `objects/` directory. When cloning a repository over the filesystem (without explicitly specifying the `file://` protocol or `--no-local`), the optimizations for local cloning\nwill be used, which include attempting to hard link the object files instead of copying them. While the code includes checks against symbolic links in the source repository, which were added during the fix for CVE-2022-39253, these checks can still be raced because the hard link operation ultimately follows symlinks. If the object on the filesystem appears as a file during the check, and then a symlink during the operation, this will allow the adversary to bypass the check and create hardlinks in the destination objects directory to arbitrary, user-readable files. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.410CVSS Base Score is 3.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32021 was patched at 2024-05-15

redos: CVE-2024-32021 was patched at 2024-05-27

ubuntu: CVE-2024-32021 was patched at 2024-05-28

2779. Denial of Service - TRIE (CVE-2023-43646) - Medium [315]

Description: get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service (redos) vulnerability which may lead to a denial of service when parsing malicious input. This vulnerability can be exploited when there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly. This vulnerability can be triggered using the following input: '\t'.repeat(54773) + '\t/function/i'. This issue has been addressed in commit `f934b228b` which has been included in releases from 2.0.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.910CVSS Base Score is 8.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-43646 was patched at 2024-05-15

2780. Security Feature Bypass - TLS (CVE-2020-36477) - Medium [315]

Description: {'vulners_cve_data_all': 'An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514TLS
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36477 was patched at 2024-05-15

2781. Arbitrary File Writing - Samba (CVE-2003-0086) - Medium [314]

Description: The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0086 was patched at 2024-05-15

2782. Cross Site Scripting - Apache ActiveMQ (CVE-2020-1941) - Medium [314]

Description: In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-1941 was patched at 2024-05-15

2783. Cross Site Scripting - Perl (CVE-2019-10219) - Medium [314]

Description: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10219 was patched at 2024-05-15

2784. Cross Site Scripting - Perl (CVE-2020-8031) - Medium [314]

Description: A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prior to 2.10.8.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-8031 was patched at 2024-05-15

2785. Cross Site Scripting - Perl (CVE-2021-3377) - Medium [314]

Description: The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3377 was patched at 2024-05-15

2786. Cross Site Scripting - Perl (CVE-2021-3427) - Medium [314]

Description: The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3427 was patched at 2024-05-15

2787. Cross Site Scripting - Perl (CVE-2022-28367) - Medium [314]

Description: OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-28367 was patched at 2024-05-15

2788. Cross Site Scripting - Python (CVE-2015-4707) - Medium [314]

Description: Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-4707 was patched at 2024-05-15

2789. Cross Site Scripting - Python (CVE-2020-11888) - Medium [314]

Description: python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11888 was patched at 2024-05-15

2790. Cross Site Scripting - Roundcube (CVE-2015-5381) - Medium [314]

Description: Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5381 was patched at 2024-05-15

2791. Cross Site Scripting - Roundcube (CVE-2015-8793) - Medium [314]

Description: Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8793 was patched at 2024-05-15

2792. Cross Site Scripting - Roundcube (CVE-2016-4552) - Medium [314]

Description: Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4552 was patched at 2024-05-15

2793. Remote Code Execution - ImageMagick (CVE-2006-4144) - Medium [314]

Description: Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values, which trigger a heap-based buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4144 was patched at 2024-05-15

2794. Remote Code Execution - Perl (CVE-2005-0664) - Medium [314]

Description: Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0664 was patched at 2024-05-15

2795. Denial of Service - .NET (CVE-2017-11328) - Medium [313]

Description: Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714.NET
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11328 was patched at 2024-05-15

2796. Denial of Service - FFmpeg (CVE-2016-6881) - Medium [313]

Description: The zlib_refill function in libavformat/swfdec.c in FFmpeg before 3.1.3 allows remote attackers to cause an infinite loop denial of service via a crafted SWF file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6881 was patched at 2024-05-15

2797. Denial of Service - FFmpeg (CVE-2016-7562) - Medium [313]

Description: The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (buffer overflow) via a crafted AVI file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7562 was patched at 2024-05-15

2798. Denial of Service - FFmpeg (CVE-2016-7785) - Medium [313]

Description: The avi_read_seek function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7785 was patched at 2024-05-15

2799. Denial of Service - FFmpeg (CVE-2016-7905) - Medium [313]

Description: The read_gab2_sub function in libavformat/avidec.c in FFmpeg before 3.1.4 allows remote attackers to cause a denial of service (NULL pointer used) via a crafted AVI file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7905 was patched at 2024-05-15

2800. Denial of Service - FFmpeg (CVE-2016-8595) - Medium [313]

Description: The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before 3.1.5 allows remote attackers to cause a denial of service (assert fault) via a crafted AVI file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-8595 was patched at 2024-05-15

2801. Denial of Service - FFmpeg (CVE-2016-9561) - Medium [313]

Description: The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9561 was patched at 2024-05-15

2802. Denial of Service - FFmpeg (CVE-2020-23906) - Medium [313]

Description: FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23906 was patched at 2024-05-15

2803. Denial of Service - QEMU (CVE-2016-4964) - Medium [313]

Description: The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop, and CPU consumption or QEMU process crash) via vectors involving s->state.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4964 was patched at 2024-05-15

2804. Denial of Service - QEMU (CVE-2017-5956) - Medium [313]

Description: The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and QEMU process crash) via vectors involving vertext_buffer_index.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5956 was patched at 2024-05-15

2805. Denial of Service - QEMU (CVE-2017-5957) - Medium [313]

Description: Stack-based buffer overflow in the vrend_decode_set_framebuffer_state function in vrend_decode.c in virglrenderer before 926b9b3460a48f6454d8bbe9e44313d86a65447f, as used in Quick Emulator (QEMU), allows a local guest users to cause a denial of service (application crash) via the "nr_cbufs" argument.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5957 was patched at 2024-05-15

2806. Denial of Service - QEMU (CVE-2020-24352) - Medium [313]

Description: An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24352 was patched at 2024-05-15

2807. Denial of Service - QEMU (CVE-2020-35503) - Medium [313]

Description: A NULL pointer dereference flaw was found in the megasas-gen2 SCSI host bus adapter emulation of QEMU in versions before and including 6.0. This issue occurs in the megasas_command_cancelled() callback function while dropping a SCSI request. This flaw allows a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35503 was patched at 2024-05-15

2808. Denial of Service - SQLite (CVE-2024-0232) - Medium [313]

Description: A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714SQLite is a database engine written in the C programming language
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-0232 was patched at 2024-05-15

2809. Denial of Service - iOS (CVE-2019-6290) - Medium [313]

Description: An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6290 was patched at 2024-05-15

2810. Denial of Service - iOS (CVE-2019-6291) - Medium [313]

Description: An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6291 was patched at 2024-05-15

2811. Denial of Service - iOS (CVE-2019-6293) - Medium [313]

Description: An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6293 was patched at 2024-05-15

2812. Memory Corruption - FFmpeg (CVE-2020-14212) - Medium [313]

Description: FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-14212 was patched at 2024-05-15

2813. Security Feature Bypass - Kubernetes (CVE-2024-3177) - Medium [313]

Description: {'vulners_cve_data_all': 'A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
CVSS Base Score0.310CVSS Base Score is 2.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3177 was patched at 2024-05-15

redos: CVE-2024-3177 was patched at 2024-05-22

2814. Security Feature Bypass - QEMU (CVE-2021-20263) - Medium [313]

Description: {'vulners_cve_data_all': 'A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-20263 was patched at 2024-05-15

2815. Arbitrary File Reading - iOS (CVE-2009-5067) - Medium [312]

Description: Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5067 was patched at 2024-05-15

2816. Arbitrary File Writing - nginx (CVE-2009-3898) - Medium [312]

Description: Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.514Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3898 was patched at 2024-05-15

2817. Information Disclosure - MediaWiki (CVE-2008-5688) - Medium [312]

Description: MediaWiki 1.8.1, and other versions before 1.13.3, when the wgShowExceptionDetails variable is enabled, sometimes provides the full installation path in a debugging message, which might allow remote attackers to obtain sensitive information via unspecified requests that trigger an uncaught exception.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5688 was patched at 2024-05-15

2818. Information Disclosure - MediaWiki (CVE-2010-2787) - Medium [312]

Description: api.php in MediaWiki before 1.15.5 does not prevent use of public caching headers for private data, which allows remote attackers to bypass intended access restrictions and obtain sensitive information by retrieving documents from an HTTP proxy cache that has been used by a victim.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2787 was patched at 2024-05-15

2819. Information Disclosure - SQLite (CVE-2021-45346) - Medium [312]

Description: A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714SQLite is a database engine written in the C programming language
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45346 was patched at 2024-05-15

2820. Information Disclosure - vim (CVE-2008-4677) - Medium [312]

Description: autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to servers on different hosts, which allows remote FTP servers to obtain sensitive information in opportunistic circumstances by logging usernames and passwords. NOTE: the upstream vendor disputes a vector involving different ports on the same host, stating "I'm assuming that they're using the same id and password on that unchanged hostname, deliberately."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714Vim is a free and open-source, screen-based text editor program
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4677 was patched at 2024-05-15

2821. Command Injection - Git (CVE-2023-38697) - Medium [311]

Description: protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split from chunk data using CRLF, and the chunk extension shouldn't contain any invisible character. However, Falcon has following behaviors while disobey the corresponding RFCs: accepting Content-Length header values that have `+` prefix, accepting Content-Length header values that written in hexadecimal with `0x` prefix, accepting `0x` and `+` prefixed chunk size, and accepting LF in chunk extension. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially results in HTTP request smuggling and firewall bypassing. This issue is fixed in `protocol-http1` v0.15.1. There are no known workarounds.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38697 was patched at 2024-05-15

2822. Cross Site Scripting - Mozilla Firefox (CVE-2006-4569) - Medium [311]

Description: The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4569 was patched at 2024-05-15

2823. Cross Site Scripting - PHP (CVE-2006-2031) - Medium [311]

Description: Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2031 was patched at 2024-05-15

2824. Cross Site Scripting - PHP (CVE-2007-5710) - Medium [311]

Description: Cross-site scripting (XSS) vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the posts_columns array parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5710 was patched at 2024-05-15

2825. Cross Site Scripting - PHP (CVE-2009-3891) - Medium [311]

Description: Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3891 was patched at 2024-05-15

2826. Cross Site Scripting - PHP (CVE-2011-2642) - Medium [311]

Description: Multiple cross-site scripting (XSS) vulnerabilities in the table Print view implementation in tbl_printview.php in phpMyAdmin before 3.3.10.3 and 3.4.x before 3.4.3.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2642 was patched at 2024-05-15

2827. Cross Site Scripting - PHP (CVE-2013-3742) - Medium [311]

Description: Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-3742 was patched at 2024-05-15

2828. Cross Site Scripting - PHP (CVE-2013-5001) - Medium [311]

Description: Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-5001 was patched at 2024-05-15

2829. Cross Site Scripting - PHP (CVE-2014-5273) - Medium [311]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5273 was patched at 2024-05-15

2830. Cross Site Scripting - PHP (CVE-2014-5274) - Medium [311]

Description: Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5274 was patched at 2024-05-15

2831. Cross Site Scripting - PHP (CVE-2014-8326) - Medium [311]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8326 was patched at 2024-05-15

2832. Cross Site Scripting - PHP (CVE-2014-8960) - Medium [311]

Description: Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8960 was patched at 2024-05-15

2833. Cross Site Scripting - Zoom (CVE-2010-4071) - Medium [311]

Description: Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814Zoom is the leader in modern enterprise video communications
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4071 was patched at 2024-05-15

2834. Remote Code Execution - Chromium (CVE-2024-4761) - Medium [311]

Description: Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-4761 was patched at 2024-05-15

2835. Remote Code Execution - PHP (CVE-2020-25730) - Medium [311]

Description: Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHP_SELF component in classic/views/download.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25730 was patched at 2024-05-15

2836. Denial of Service - Apache HTTP Server (CVE-2012-0021) - Medium [310]

Description: The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a %{}C format string, which allows remote attackers to cause a denial of service (daemon crash) via a cookie that lacks both a name and a value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0021 was patched at 2024-05-15

2837. Denial of Service - Windows Kernel (CVE-2023-25510) - Medium [310]

Description: NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-25510 was patched at 2024-05-15

2838. Denial of Service - Windows Kernel (CVE-2023-25511) - Medium [310]

Description: NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in cuobjdump, where a division-by-zero error may enable a user to cause a crash, which may lead to a limited denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-25511 was patched at 2024-05-15

2839. Denial of Service - Windows Kernel (CVE-2023-25523) - Medium [310]

Description: NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-25523 was patched at 2024-05-15

2840. Denial of Service - nghttp2 (CVE-2016-1544) - Medium [310]

Description: nghttp2 before 1.7.1 allows remote attackers to cause a denial of service (memory exhaustion).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914nghttp2 is an implementation of HTTP/2 and its header compression algorithm HPACK in C
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1544 was patched at 2024-05-15

2841. Incorrect Calculation - Linux Kernel (CVE-2021-46915) - Medium [310]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_limit: avoid possible divide error in nft_limit_init\n\ndiv_u64() divides u64 by u32.\n\nnft_limit_init() wants to divide u64 by u64, use the appropriate\nmath function (div64_u64)\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN\nCPU: 1 PID: 8390 Comm: syz-executor188 Not tainted 5.12.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nRIP: 0010:div_u64_rem include/linux/math64.h:28 [inline]\nRIP: 0010:div_u64 include/linux/math64.h:127 [inline]\nRIP: 0010:nft_limit_init+0x2a2/0x5e0 net/netfilter/nft_limit.c:85\nCode: ef 4c 01 eb 41 0f 92 c7 48 89 de e8 38 a5 22 fa 4d 85 ff 0f 85 97 02 00 00 e8 ea 9e 22 fa 4c 0f af f3 45 89 ed 31 d2 4c 89 f0 <49> f7 f5 49 89 c6 e8 d3 9e 22 fa 48 8d 7d 48 48 b8 00 00 00 00 00\nRSP: 0018:ffffc90009447198 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000200000000000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff875152e6 RDI: 0000000000000003\nRBP: ffff888020f80908 R08: 0000200000000000 R09: 0000000000000000\nR10: ffffffff875152d8 R11: 0000000000000000 R12: ffffc90009447270\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 000000000097a300(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000200001c4 CR3: 0000000026a52000 CR4: 00000000001506e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n nf_tables_newexpr net/netfilter/nf_tables_api.c:2675 [inline]\n nft_expr_init+0x145/0x2d0 net/netfilter/nf_tables_api.c:2713\n nft_set_elem_expr_alloc+0x27/0x280 net/netfilter/nf_tables_api.c:5160\n nf_tables_newset+0x1997/0x3150 net/netfilter/nf_tables_api.c:4321\n nfnetlink_rcv_batch+0x85a/0x21b0 net/netfilter/nfnetlink.c:456\n nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:580 [inline]\n nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:598\n netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]\n netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338\n netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927\n sock_sendmsg_nosec net/socket.c:654 [inline]\n sock_sendmsg+0xcf/0x120 net/socket.c:674\n ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350\n ___sys_sendmsg+0xf3/0x170 net/socket.c:2404\n __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433\n do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x44/0xae', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46915 was patched at 2024-05-15

redhat: CVE-2021-46915 was patched at 2024-04-23, 2024-04-30

redos: CVE-2021-46915 was patched at 2024-04-18

2842. Memory Corruption - Linux Kernel (CVE-2019-12379) - Medium [310]

Description: An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12379 was patched at 2024-05-15

2843. Memory Corruption - Linux Kernel (CVE-2020-27784) - Medium [310]

Description: A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27784 was patched at 2024-05-15

2844. Memory Corruption - Linux Kernel (CVE-2020-36777) - Medium [310]

Description: In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvb_media_device_free() dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn` before setting it to NULL, as documented in include/media/media-device.h: "The media_entity instance itself must be freed explicitly by the driver if required."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2020-36777 was patched at 2024-06-05

debian: CVE-2020-36777 was patched at 2024-05-15

oraclelinux: CVE-2020-36777 was patched at 2024-06-05

redhat: CVE-2020-36777 was patched at 2024-06-05

2845. Memory Corruption - Linux Kernel (CVE-2021-46904) - Medium [310]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hso: fix null-ptr-deref during tty device unregistration\n\nMultiple ttys try to claim the same the minor number causing a double\nunregistration of the same device. The first unregistration succeeds\nbut the next one results in a null-ptr-deref.\n\nThe get_free_serial_index() function returns an available minor number\nbut doesn't assign it immediately. The assignment is done by the caller\nlater. But before this assignment, calls to get_free_serial_index()\nwould return the same minor number.\n\nFix this by modifying get_free_serial_index to assign the minor number\nimmediately after one is found to be and rename it to obtain_minor()\nto better reflect what it does. Similary, rename set_serial_by_index()\nto release_minor() and modify it to free up the minor number of the\ngiven hso_serial. Every obtain_minor() should have corresponding\nrelease_minor() call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46904 was patched at 2024-05-15

2846. Memory Corruption - Linux Kernel (CVE-2021-46910) - Medium [310]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nARM: 9063/1: mm: reduce maximum number of CPUs if DEBUG_KMAP_LOCAL is enabled\n\nThe debugging code for kmap_local() doubles the number of per-CPU fixmap\nslots allocated for kmap_local(), in order to use half of them as guard\nregions. This causes the fixmap region to grow downwards beyond the start\nof its reserved window if the supported number of CPUs is large, and collide\nwith the newly added virtual DT mapping right below it, which is obviously\nnot good.\n\nOne manifestation of this is EFI boot on a kernel built with NR_CPUS=32\nand CONFIG_DEBUG_KMAP_LOCAL=y, which may pass the FDT in highmem, resulting\nin block entries below the fixmap region that the fixmap code misidentifies\nas fixmap table entries, and subsequently tries to dereference using a\nphys-to-virt translation that is only valid for lowmem. This results in a\ncryptic splat such as the one below.\n\n ftrace: allocating 45548 entries in 89 pages\n 8<--- cut here ---\n Unable to handle kernel paging request at virtual address fc6006f0\n pgd = (ptrval)\n [fc6006f0] *pgd=80000040207003, *pmd=00000000\n Internal error: Oops: a06 [#1] SMP ARM\n Modules linked in:\n CPU: 0 PID: 0 Comm: swapper Not tainted 5.11.0+ #382\n Hardware name: Generic DT based system\n PC is at cpu_ca15_set_pte_ext+0x24/0x30\n LR is at __set_fixmap+0xe4/0x118\n pc : [<c041ac9c>] lr : [<c04189d8>] psr: 400000d3\n sp : c1601ed8 ip : 00400000 fp : 00800000\n r10: 0000071f r9 : 00421000 r8 : 00c00000\n r7 : 00c00000 r6 : 0000071f r5 : ffade000 r4 : 4040171f\n r3 : 00c00000 r2 : 4040171f r1 : c041ac78 r0 : fc6006f0\n Flags: nZcv IRQs off FIQs off Mode SVC_32 ISA ARM Segment none\n Control: 30c5387d Table: 40203000 DAC: 00000001\n Process swapper (pid: 0, stack limit = 0x(ptrval))\n\nSo let's limit CONFIG_NR_CPUS to 16 when CONFIG_DEBUG_KMAP_LOCAL=y. Also,\nfix the BUILD_BUG_ON() check that was supposed to catch this, by checking\nwhether the region grows below the start address rather than above the end\naddress.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46910 was patched at 2024-05-15

redos: CVE-2021-46910 was patched at 2024-04-18

2847. Memory Corruption - Linux Kernel (CVE-2021-46912) - Medium [310]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Make tcp_allowed_congestion_control readonly in non-init netns\n\nCurrently, tcp_allowed_congestion_control is global and writable;\nwriting to it in any net namespace will leak into all other net\nnamespaces.\n\ntcp_available_congestion_control and tcp_allowed_congestion_control are\nthe only sysctls in ipv4_net_table (the per-netns sysctl table) with a\nNULL data pointer; their handlers (proc_tcp_available_congestion_control\nand proc_allowed_congestion_control) have no other way of referencing a\nstruct net. Thus, they operate globally.\n\nBecause ipv4_net_table does not use designated initializers, there is no\neasy way to fix up this one "bad" table entry. However, the data pointer\nupdating logic shouldn't be applied to NULL pointers anyway, so we\ninstead force these entries to be read-only.\n\nThese sysctls used to exist in ipv4_table (init-net only), but they were\nmoved to the per-net ipv4_net_table, presumably without realizing that\ntcp_allowed_congestion_control was writable and thus introduced a leak.\n\nBecause the intent of that commit was only to know (i.e. read) "which\ncongestion algorithms are available or allowed", this read-only solution\nshould be sufficient.\n\nThe logic added in recent commit\n31c4d2f160eb: ("net: Ensure net namespace isolation of sysctls")\ndoes not and cannot check for NULL data pointers, because\nother table entries (e.g. /proc/sys/net/netfilter/nf_log/) have\n.data=NULL but use other methods (.extra2) to access the struct net.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46912 was patched at 2024-05-15

redos: CVE-2021-46912 was patched at 2024-04-18

2848. Memory Corruption - Linux Kernel (CVE-2021-46916) - Medium [310]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: Fix NULL pointer dereference in ethtool loopback test\n\nThe ixgbe driver currently generates a NULL pointer dereference when\nperforming the ethtool loopback test. This is due to the fact that there\nisn't a q_vector associated with the test ring when it is setup as\ninterrupts are not normally added to the test rings.\n\nTo address this I have added code that will check for a q_vector before\nreturning a napi_id value. If a q_vector is not present it will return a\nvalue of 0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46916 was patched at 2024-05-15

redos: CVE-2021-46916 was patched at 2024-04-18

2849. Memory Corruption - Linux Kernel (CVE-2021-46924) - Medium [310]

Description: In the Linux kernel, the following vulnerability has been resolved: NFC: st21nfca: Fix memory leak in device probe and remove 'phy->pending_skb' is alloced when device probe, but forgot to free in the error handling path and remove path, this cause memory leak as follows: unreferenced object 0xffff88800bc06800 (size 512): comm "8", pid 11775, jiffies 4295159829 (age 9.032s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<00000000d66c09ce>] __kmalloc_node_track_caller+0x1ed/0x450 [<00000000c93382b3>] kmalloc_reserve+0x37/0xd0 [<000000005fea522c>] __alloc_skb+0x124/0x380 [<0000000019f29f9a>] st21nfca_hci_i2c_probe+0x170/0x8f2 Fix it by freeing 'pending_skb' in error and remove.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46924 was patched at 2024-05-15

2850. Memory Corruption - Linux Kernel (CVE-2021-46929) - Medium [310]

Description: In the Linux kernel, the following vulnerability has been resolved: sctp: use call_rcu to free endpoint This patch is to delay the endpoint free by calling call_rcu() to fix another use-after-free issue in sctp_sock_dump(): BUG: KASAN: use-after-free in __lock_acquire+0x36d9/0x4c20 Call Trace: __lock_acquire+0x36d9/0x4c20 kernel/locking/lockdep.c:3218 lock_acquire+0x1ed/0x520 kernel/locking/lockdep.c:3844 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:334 [inline] __lock_sock+0x203/0x350 net/core/sock.c:2253 lock_sock_nested+0xfe/0x120 net/core/sock.c:2774 lock_sock include/net/sock.h:1492 [inline] sctp_sock_dump+0x122/0xb20 net/sctp/diag.c:324 sctp_for_each_transport+0x2b5/0x370 net/sctp/socket.c:5091 sctp_diag_dump+0x3ac/0x660 net/sctp/diag.c:527 __inet_diag_dump+0xa8/0x140 net/ipv4/inet_diag.c:1049 inet_diag_dump+0x9b/0x110 net/ipv4/inet_diag.c:1065 netlink_dump+0x606/0x1080 net/netlink/af_netlink.c:2244 __netlink_dump_start+0x59a/0x7c0 net/netlink/af_netlink.c:2352 netlink_dump_start include/linux/netlink.h:216 [inline] inet_diag_handler_cmd+0x2ce/0x3f0 net/ipv4/inet_diag.c:1170 __sock_diag_cmd net/core/sock_diag.c:232 [inline] sock_diag_rcv_msg+0x31d/0x410 net/core/sock_diag.c:263 netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2477 sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:274 This issue occurs when asoc is peeled off and the old sk is freed after getting it by asoc->base.sk and before calling lock_sock(sk). To prevent the sk free, as a holder of the sk, ep should be alive when calling lock_sock(). This patch uses call_rcu() and moves sock_put and ep free into sctp_endpoint_destroy_rcu(), so that it's safe to try to hold the ep under rcu_read_lock in sctp_transport_traverse_process(). If sctp_endpoint_hold() returns true, it means this ep is still alive and we have held it and can continue to dump it; If it returns false, it means this ep is dead and can be freed after rcu_read_unlock, and we should skip it. In sctp_sock_dump(), after locking the sk, if this ep is different from tsp->asoc->ep, it means during this dumping, this asoc was peeled off before calling lock_sock(), and the sk should be skipped; If this ep is the same with tsp->asoc->ep, it means no peeloff happens on this asoc, and due to lock_sock, no peeloff will happen either until release_sock. Note that delaying endpoint free won't delay the port release, as the port release happens in sctp_endpoint_destroy() before calling call_rcu(). Also, freeing endpoint by call_rcu() makes it safe to access the sk by asoc->base.sk in sctp_assocs_seq_show() and sctp_rcv(). Thanks Jones to bring this issue up. v1->v2: - improve the changelog. - add kfree(ep) into sctp_endpoint_destroy_rcu(), as Jakub noticed.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46929 was patched at 2024-05-15

2851. Memory Corruption - Linux Kernel (CVE-2021-46930) - Medium [310]

Description: In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix list_head check warning This is caused by uninitialization of list_head. BUG: KASAN: use-after-free in __list_del_entry_valid+0x34/0xe4 Call trace: dump_backtrace+0x0/0x298 show_stack+0x24/0x34 dump_stack+0x130/0x1a8 print_address_description+0x88/0x56c __kasan_report+0x1b8/0x2a0 kasan_report+0x14/0x20 __asan_load8+0x9c/0xa0 __list_del_entry_valid+0x34/0xe4 mtu3_req_complete+0x4c/0x300 [mtu3] mtu3_gadget_stop+0x168/0x448 [mtu3] usb_gadget_unregister_driver+0x204/0x3a0 unregister_gadget_item+0x44/0xa4

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46930 was patched at 2024-05-15

2852. Memory Corruption - Linux Kernel (CVE-2021-46933) - Medium [310]

Description: In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland closes ep0 and then unmounts f_fs. If userland provided an eventfd along with function's USB descriptors, it ends up calling eventfd_ctx_put as many times, causing a refcount underflow. NULL-ify ffs_eventfd to prevent these extraneous eventfd_ctx_put calls. Also, set epfiles to NULL right after de-allocating it, for readability. For completeness, ffs_data_clear actually ends up being called thrice, the last call being before the whole ffs structure gets freed, so when this specific sequence happens there is a second underflow happening (but not being reported): /sys/kernel/debug/tracing# modprobe usb_f_fs /sys/kernel/debug/tracing# echo ffs_data_clear > set_ftrace_filter /sys/kernel/debug/tracing# echo function > current_tracer /sys/kernel/debug/tracing# echo 1 > tracing_on (setup gadget, run and kill function userland process, teardown gadget) /sys/kernel/debug/tracing# echo 0 > tracing_on /sys/kernel/debug/tracing# cat trace smartcard-openp-436 [000] ..... 1946.208786: ffs_data_clear <-ffs_data_closed smartcard-openp-431 [000] ..... 1946.279147: ffs_data_clear <-ffs_data_closed smartcard-openp-431 [000] .n... 1946.905512: ffs_data_clear <-ffs_data_put Warning output corresponding to above trace: [ 1946.284139] WARNING: CPU: 0 PID: 431 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15c [ 1946.293094] refcount_t: underflow; use-after-free. [ 1946.298164] Modules linked in: usb_f_ncm(E) u_ether(E) usb_f_fs(E) hci_uart(E) btqca(E) btrtl(E) btbcm(E) btintel(E) bluetooth(E) nls_ascii(E) nls_cp437(E) vfat(E) fat(E) bcm2835_v4l2(CE) bcm2835_mmal_vchiq(CE) videobuf2_vmalloc(E) videobuf2_memops(E) sha512_generic(E) videobuf2_v4l2(E) sha512_arm(E) videobuf2_common(E) videodev(E) cpufreq_dt(E) snd_bcm2835(CE) brcmfmac(E) mc(E) vc4(E) ctr(E) brcmutil(E) snd_soc_core(E) snd_pcm_dmaengine(E) drbg(E) snd_pcm(E) snd_timer(E) snd(E) soundcore(E) drm_kms_helper(E) cec(E) ansi_cprng(E) rc_core(E) syscopyarea(E) raspberrypi_cpufreq(E) sysfillrect(E) sysimgblt(E) cfg80211(E) max17040_battery(OE) raspberrypi_hwmon(E) fb_sys_fops(E) regmap_i2c(E) ecdh_generic(E) rfkill(E) ecc(E) bcm2835_rng(E) rng_core(E) vchiq(CE) leds_gpio(E) libcomposite(E) fuse(E) configfs(E) ip_tables(E) x_tables(E) autofs4(E) ext4(E) crc16(E) mbcache(E) jbd2(E) crc32c_generic(E) sdhci_iproc(E) sdhci_pltfm(E) sdhci(E) [ 1946.399633] CPU: 0 PID: 431 Comm: smartcard-openp Tainted: G C OE 5.15.0-1-rpi #1 Debian 5.15.3-1 [ 1946.417950] Hardware name: BCM2835 [ 1946.425442] Backtrace: [ 1946.432048] [<c08d60a0>] (dump_backtrace) from [<c08d62ec>] (show_stack+0x20/0x24) [ 1946.448226] r7:00000009 r6:0000001c r5:c04a948c r4:c0a64e2c [ 1946.458412] [<c08d62cc>] (show_stack) from [<c08d9ae0>] (dump_stack+0x28/0x30) [ 1946.470380] [<c08d9ab8>] (dump_stack) from [<c0123500>] (__warn+0xe8/0x154) [ 1946.482067] r5:c04a948c r4:c0a71dc8 [ 1946.490184] [<c0123418>] (__warn) from [<c08d6948>] (warn_slowpath_fmt+0xa0/0xe4) [ 1946.506758] r7:00000009 r6:0000001c r5:c0a71dc8 r4:c0a71e04 [ 1946.517070] [<c08d68ac>] (warn_slowpath_fmt) from [<c04a948c>] (refcount_warn_saturate+0x110/0x15c) [ 1946.535309] r8:c0100224 r7:c0dfcb84 r6:ffffffff r5:c3b84c00 r4:c24a17c0 [ 1946.546708] [<c04a937c>] (refcount_warn_saturate) from [<c0380134>] (eventfd_ctx_put+0x48/0x74) [ 1946.564476] [<c03800ec>] (eventfd_ctx_put) from [<bf5464e8>] (ffs_data_clear+0xd0/0x118 [usb_f_fs]) [ 1946.582664] r5:c3b84c00 r4:c2695b00 [ 1946.590668] [<bf546418>] (ffs_data_clear [usb_f_fs]) from [<bf547cc0>] (ffs_data_closed+0x9c/0x150 [usb_f_fs]) [ 1946.609608] r5:bf54d014 r4:c2695b00 [ 1946.617522] [<bf547c24>] (ffs_data_closed [usb_f_fs]) from [<bf547da0>] (ffs_fs_kill_sb+0x2c/0x30 [usb_f_fs]) [ 1946.636217] r7:c0dfcb ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46933 was patched at 2024-05-15

2853. Memory Corruption - Linux Kernel (CVE-2021-46944) - Medium [310]

Description: In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix memory leak in imu_fmt We are losing the reference to an allocated memory if try. Change the order of the check to avoid that.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46944 was patched at 2024-05-15

2854. Memory Corruption - Linux Kernel (CVE-2021-47171) - Medium [310]

Description: In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in case of errors after memory allocation. backtrace: [<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline] [<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline] [<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460 [<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2021-47171 was patched at 2024-06-05

debian: CVE-2021-47171 was patched at 2024-05-15

oraclelinux: CVE-2021-47171 was patched at 2024-06-05

redhat: CVE-2021-47171 was patched at 2024-06-05

2855. Memory Corruption - Linux Kernel (CVE-2021-47173) - Medium [310]

Description: In the Linux kernel, the following vulnerability has been resolved: misc/uss720: fix memory leak in uss720_probe uss720_probe forgets to decrease the refcount of usbdev in uss720_probe. Fix this by decreasing the refcount of usbdev by usb_put_dev. BUG: memory leak unreferenced object 0xffff888101113800 (size 2048): comm "kworker/0:1", pid 7, jiffies 4294956777 (age 28.870s) hex dump (first 32 bytes): ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1........... 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ................ backtrace: [<ffffffff82b8e822>] kmalloc include/linux/slab.h:554 [inline] [<ffffffff82b8e822>] kzalloc include/linux/slab.h:684 [inline] [<ffffffff82b8e822>] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582 [<ffffffff82b98441>] hub_port_connect drivers/usb/core/hub.c:5129 [inline] [<ffffffff82b98441>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline] [<ffffffff82b98441>] port_event drivers/usb/core/hub.c:5509 [inline] [<ffffffff82b98441>] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591 [<ffffffff81259229>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275 [<ffffffff81259b19>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421 [<ffffffff81261228>] kthread+0x178/0x1b0 kernel/kthread.c:292 [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47173 was patched at 2024-05-15

2856. Memory Corruption - Linux Kernel (CVE-2021-47193) - Medium [310]

Description: In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix memory leak during rmmod Driver failed to release all memory allocated. This would lead to memory leak during driver removal. Properly free memory when the module is removed.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47193 was patched at 2024-05-15

2857. Memory Corruption - Linux Kernel (CVE-2021-47195) - Medium [310]

Description: In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free of the add_lock mutex Commit 6098475d4cb4 ("spi: Fix deadlock when adding SPI controllers on SPI buses") introduced a per-controller mutex. But mutex_unlock() of said lock is called after the controller is already freed: spi_unregister_controller(ctlr) -> put_device(&ctlr->dev) -> spi_controller_release(dev) -> mutex_unlock(&ctrl->add_lock) Move the put_device() after the mutex_unlock().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47195 was patched at 2024-05-15

2858. Memory Corruption - Linux Kernel (CVE-2022-1508) - Medium [310]

Description: An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some memory out of bounds.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1508 was patched at 2024-05-15

2859. Memory Corruption - Linux Kernel (CVE-2022-3078) - Medium [310]

Description: {'vulners_cve_data_all': 'An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3078 was patched at 2024-05-15

debian: CVE-2022-30780 was patched at 2024-05-15

2860. Memory Corruption - Linux Kernel (CVE-2022-3104) - Medium [310]

Description: {'vulners_cve_data_all': 'An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3104 was patched at 2024-05-15

2861. Memory Corruption - Linux Kernel (CVE-2022-3110) - Medium [310]

Description: {'vulners_cve_data_all': 'An issue was discovered in the Linux kernel through 5.16-rc6. _rtw_init_xmit_priv in drivers/staging/r8188eu/core/rtw_xmit.c lacks check of the return value of rtw_alloc_hwxmits() and will cause the null pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3110 was patched at 2024-05-15

debian: CVE-2022-31108 was patched at 2024-05-15

2862. Memory Corruption - Linux Kernel (CVE-2022-3112) - Medium [310]

Description: {'vulners_cve_data_all': 'An issue was discovered in the Linux kernel through 5.16-rc6. amvdec_set_canvases in drivers/staging/media/meson/vdec/vdec_helpers.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3112 was patched at 2024-05-15

2863. Memory Corruption - Linux Kernel (CVE-2022-3114) - Medium [310]

Description: {'vulners_cve_data_all': 'An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3114 was patched at 2024-05-15

debian: CVE-2022-31144 was patched at 2024-05-15

2864. Memory Corruption - Linux Kernel (CVE-2022-3115) - Medium [310]

Description: {'vulners_cve_data_all': 'An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3115 was patched at 2024-05-15

debian: CVE-2022-31150 was patched at 2024-05-15

debian: CVE-2022-31151 was patched at 2024-05-15

2865. Memory Corruption - Linux Kernel (CVE-2022-3544) - Medium [310]

Description: A vulnerability, which was classified as problematic, was found in Linux Kernel. Affected is the function damon_sysfs_add_target of the file mm/damon/sysfs.c of the component Netfilter. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211044.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3544 was patched at 2024-05-15

debian: CVE-2022-35447 was patched at 2024-05-15

debian: CVE-2022-35448 was patched at 2024-05-15

debian: CVE-2022-35449 was patched at 2024-05-15

2866. Memory Corruption - Linux Kernel (CVE-2022-3563) - Medium [310]

Description: {'vulners_cve_data_all': 'A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3563 was patched at 2024-05-15

ubuntu: CVE-2022-3563 was patched at 2024-06-05

2867. Memory Corruption - Linux Kernel (CVE-2022-3630) - Medium [310]

Description: A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211931.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3630 was patched at 2024-05-15

2868. Memory Corruption - Linux Kernel (CVE-2022-44032) - Medium [310]

Description: An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-44032 was patched at 2024-05-15

2869. Memory Corruption - Linux Kernel (CVE-2022-44033) - Medium [310]

Description: An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-44033 was patched at 2024-05-15

2870. Memory Corruption - Linux Kernel (CVE-2022-48687) - Medium [310]

Description: In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix out-of-bounds read when setting HMAC data. The SRv6 layer allows defining HMAC data that can later be used to sign IPv6 Segment Routing Headers. This configuration is realised via netlink through four attributes: SEG6_ATTR_HMACKEYID, SEG6_ATTR_SECRET, SEG6_ATTR_SECRETLEN and SEG6_ATTR_ALGID. Because the SECRETLEN attribute is decoupled from the actual length of the SECRET attribute, it is possible to provide invalid combinations (e.g., secret = "", secretlen = 64). This case is not checked in the code and with an appropriately crafted netlink message, an out-of-bounds read of up to 64 bytes (max secret length) can occur past the skb end pointer and into skb_shared_info: Breakpoint 1, seg6_genl_sethmac (skb=<optimized out>, info=<optimized out>) at net/ipv6/seg6.c:208 208 memcpy(hinfo->secret, secret, slen); (gdb) bt #0 seg6_genl_sethmac (skb=<optimized out>, info=<optimized out>) at net/ipv6/seg6.c:208 #1 0xffffffff81e012e9 in genl_family_rcv_msg_doit (skb=skb@entry=0xffff88800b1f9f00, nlh=nlh@entry=0xffff88800b1b7600, extack=extack@entry=0xffffc90000ba7af0, ops=ops@entry=0xffffc90000ba7a80, hdrlen=4, net=0xffffffff84237580 <init_net>, family=<optimized out>, family=<optimized out>) at net/netlink/genetlink.c:731 #2 0xffffffff81e01435 in genl_family_rcv_msg (extack=0xffffc90000ba7af0, nlh=0xffff88800b1b7600, skb=0xffff88800b1f9f00, family=0xffffffff82fef6c0 <seg6_genl_family>) at net/netlink/genetlink.c:775 #3 genl_rcv_msg (skb=0xffff88800b1f9f00, nlh=0xffff88800b1b7600, extack=0xffffc90000ba7af0) at net/netlink/genetlink.c:792 #4 0xffffffff81dfffc3 in netlink_rcv_skb (skb=skb@entry=0xffff88800b1f9f00, cb=cb@entry=0xffffffff81e01350 <genl_rcv_msg>) at net/netlink/af_netlink.c:2501 #5 0xffffffff81e00919 in genl_rcv (skb=0xffff88800b1f9f00) at net/netlink/genetlink.c:803 #6 0xffffffff81dff6ae in netlink_unicast_kernel (ssk=0xffff888010eec800, skb=0xffff88800b1f9f00, sk=0xffff888004aed000) at net/netlink/af_netlink.c:1319 #7 netlink_unicast (ssk=ssk@entry=0xffff888010eec800, skb=skb@entry=0xffff88800b1f9f00, portid=portid@entry=0, nonblock=<optimized out>) at net/netlink/af_netlink.c:1345 #8 0xffffffff81dff9a4 in netlink_sendmsg (sock=<optimized out>, msg=0xffffc90000ba7e48, len=<optimized out>) at net/netlink/af_netlink.c:1921 ... (gdb) p/x ((struct sk_buff *)0xffff88800b1f9f00)->head + ((struct sk_buff *)0xffff88800b1f9f00)->end $1 = 0xffff88800b1b76c0 (gdb) p/x secret $2 = 0xffff88800b1b76c0 (gdb) p slen $3 = 64 '@' The OOB data can then be read back from userspace by dumping HMAC state. This commit fixes this by ensuring SECRETLEN cannot exceed the actual length of SECRET.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48687 was patched at 2024-05-15

2871. Memory Corruption - Linux Kernel (CVE-2022-48691) - Medium [310]

Description: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: clean up hook list when offload flags check fails splice back the hook list so nft_chain_release_hook() has a chance to release the hooks. BUG: memory leak unreferenced object 0xffff88810180b100 (size 96): comm "syz-executor133", pid 3619, jiffies 4294945714 (age 12.690s) hex dump (first 32 bytes): 28 64 23 02 81 88 ff ff 28 64 23 02 81 88 ff ff (d#.....(d#..... 90 a8 aa 83 ff ff ff ff 00 00 b5 0f 81 88 ff ff ................ backtrace: [<ffffffff83a8c59b>] kmalloc include/linux/slab.h:600 [inline] [<ffffffff83a8c59b>] nft_netdev_hook_alloc+0x3b/0xc0 net/netfilter/nf_tables_api.c:1901 [<ffffffff83a9239a>] nft_chain_parse_netdev net/netfilter/nf_tables_api.c:1998 [inline] [<ffffffff83a9239a>] nft_chain_parse_hook+0x33a/0x530 net/netfilter/nf_tables_api.c:2073 [<ffffffff83a9b14b>] nf_tables_addchain.constprop.0+0x10b/0x950 net/netfilter/nf_tables_api.c:2218 [<ffffffff83a9c41b>] nf_tables_newchain+0xa8b/0xc60 net/netfilter/nf_tables_api.c:2593 [<ffffffff83a3d6a6>] nfnetlink_rcv_batch+0xa46/0xd20 net/netfilter/nfnetlink.c:517 [<ffffffff83a3db79>] nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:638 [inline] [<ffffffff83a3db79>] nfnetlink_rcv+0x1f9/0x220 net/netfilter/nfnetlink.c:656 [<ffffffff83a13b17>] netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] [<ffffffff83a13b17>] netlink_unicast+0x397/0x4c0 net/netlink/af_netlink.c:1345 [<ffffffff83a13fd6>] netlink_sendmsg+0x396/0x710 net/netlink/af_netlink.c:1921 [<ffffffff83865ab6>] sock_sendmsg_nosec net/socket.c:714 [inline] [<ffffffff83865ab6>] sock_sendmsg+0x56/0x80 net/socket.c:734 [<ffffffff8386601c>] ____sys_sendmsg+0x36c/0x390 net/socket.c:2482 [<ffffffff8386a918>] ___sys_sendmsg+0xa8/0x110 net/socket.c:2536 [<ffffffff8386aaa8>] __sys_sendmsg+0x88/0x100 net/socket.c:2565 [<ffffffff845e5955>] do_syscall_x64 arch/x86/entry/common.c:50 [inline] [<ffffffff845e5955>] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 [<ffffffff84800087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48691 was patched at 2024-05-15

2872. Memory Corruption - Linux Kernel (CVE-2023-22999) - Medium [310]

Description: {'vulners_cve_data_all': 'In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an error pointer).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22999 was patched at 2024-05-15

2873. Memory Corruption - Linux Kernel (CVE-2023-23001) - Medium [310]

Description: {'vulners_cve_data_all': 'In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-23001 was patched at 2024-05-15

2874. Memory Corruption - Linux Kernel (CVE-2023-23002) - Medium [310]

Description: {'vulners_cve_data_all': 'In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error pointer).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-23002 was patched at 2024-05-15

2875. Memory Corruption - Linux Kernel (CVE-2023-23005) - Medium [310]

Description: {'vulners_cve_data_all': 'In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-23005 was patched at 2024-05-15

2876. Memory Corruption - Linux Kernel (CVE-2023-23039) - Medium [310]

Description: An issue was discovered in the Linux kernel through 6.2.0-rc2. drivers/tty/vcc.c has a race condition and resultant use-after-free if a physically proximate attacker removes a VCC device while calling open(), aka a race condition between vcc_open() and vcc_remove().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-23039 was patched at 2024-05-15

2877. Memory Corruption - Linux Kernel (CVE-2023-3359) - Medium [310]

Description: {'vulners_cve_data_all': 'An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c. Lacks for the check of the return value of kzalloc() can cause the NULL Pointer Dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-3359 was patched at 2024-05-15

2878. Memory Corruption - Linux Kernel (CVE-2024-22099) - Medium [310]

Description: {'vulners_cve_data_all': 'NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.\n\nThis issue affects Linux kernel: v2.6.12-rc2.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22099 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-22099 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

2879. Memory Corruption - Linux Kernel (CVE-2024-23848) - Medium [310]

Description: In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23848 was patched at 2024-05-15

2880. Memory Corruption - Linux Kernel (CVE-2024-25739) - Medium [310]

Description: {'vulners_cve_data_all': 'create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25739 was patched at 2024-05-15

ubuntu: CVE-2024-25739 was patched at 2024-06-07, 2024-06-11, 2024-06-14

2881. Memory Corruption - Linux Kernel (CVE-2024-25740) - Medium [310]

Description: A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25740 was patched at 2024-05-15

2882. Memory Corruption - Linux Kernel (CVE-2024-26590) - Medium [310]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix inconsistent per-file compression format\n\nEROFS can select compression algorithms on a per-file basis, and each\nper-file compression algorithm needs to be marked in the on-disk\nsuperblock for initialization.\n\nHowever, syzkaller can generate inconsistent crafted images that use\nan unsupported algorithmtype for specific inodes, e.g. use MicroLZMA\nalgorithmtype even it's not set in `sbi->available_compr_algs`. This\ncan lead to an unexpected "BUG: kernel NULL pointer dereference" if\nthe corresponding decompressor isn't built-in.\n\nFix this by checking against `sbi->available_compr_algs` for each\nm_algorithmformat request. Incorrect !erofs_sb_has_compr_cfgs preset\nbitmap is now fixed together since it was harmless previously.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26590 was patched at 2024-05-15

2883. Memory Corruption - Linux Kernel (CVE-2024-26595) - Medium [310]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path\n\nWhen calling mlxsw_sp_acl_tcam_region_destroy() from an error path after\nfailing to attach the region to an ACL group, we hit a NULL pointer\ndereference upon 'region->group->tcam' [1].\n\nFix by retrieving the 'tcam' pointer using mlxsw_sp_acl_to_tcam().\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\n[...]\nRIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0\n[...]\nCall Trace:\n mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20\n mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0\n mlxsw_sp_acl_rule_add+0x47/0x240\n mlxsw_sp_flower_replace+0x1a9/0x1d0\n tc_setup_cb_add+0xdc/0x1c0\n fl_hw_replace_filter+0x146/0x1f0\n fl_change+0xc17/0x1360\n tc_new_tfilter+0x472/0xb90\n rtnetlink_rcv_msg+0x313/0x3b0\n netlink_rcv_skb+0x58/0x100\n netlink_unicast+0x244/0x390\n netlink_sendmsg+0x1e4/0x440\n ____sys_sendmsg+0x164/0x260\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xc0\n do_syscall_64+0x40/0xe0\n entry_SYSCALL_64_after_hwframe+0x63/0x6b', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26595 was patched at 2024-05-15

ubuntu: CVE-2024-26595 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

2884. Memory Corruption - Linux Kernel (CVE-2024-26596) - Medium [310]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events\n\nAfter the blamed commit, we started doing this dereference for every\nNETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system.\n\nstatic inline struct dsa_port *dsa_user_to_port(const struct net_device *dev)\n{\n\tstruct dsa_user_priv *p = netdev_priv(dev);\n\n\treturn p->dp;\n}\n\nWhich is obviously bogus, because not all net_devices have a netdev_priv()\nof type struct dsa_user_priv. But struct dsa_user_priv is fairly small,\nand p->dp means dereferencing 8 bytes starting with offset 16. Most\ndrivers allocate that much private memory anyway, making our access not\nfault, and we discard the bogus data quickly afterwards, so this wasn't\ncaught.\n\nBut the dummy interface is somewhat special in that it calls\nalloc_netdev() with a priv size of 0. So every netdev_priv() dereference\nis invalid, and we get this when we emit a NETDEV_PRECHANGEUPPER event\nwith a VLAN as its new upper:\n\n$ ip link add dummy1 type dummy\n$ ip link add link dummy1 name dummy1.100 type vlan id 100\n[ 43.309174] ==================================================================\n[ 43.316456] BUG: KASAN: slab-out-of-bounds in dsa_user_prechangeupper+0x30/0xe8\n[ 43.323835] Read of size 8 at addr ffff3f86481d2990 by task ip/374\n[ 43.330058]\n[ 43.342436] Call trace:\n[ 43.366542] dsa_user_prechangeupper+0x30/0xe8\n[ 43.371024] dsa_user_netdevice_event+0xb38/0xee8\n[ 43.375768] notifier_call_chain+0xa4/0x210\n[ 43.379985] raw_notifier_call_chain+0x24/0x38\n[ 43.384464] __netdev_upper_dev_link+0x3ec/0x5d8\n[ 43.389120] netdev_upper_dev_link+0x70/0xa8\n[ 43.393424] register_vlan_dev+0x1bc/0x310\n[ 43.397554] vlan_newlink+0x210/0x248\n[ 43.401247] rtnl_newlink+0x9fc/0xe30\n[ 43.404942] rtnetlink_rcv_msg+0x378/0x580\n\nAvoid the kernel oops by dereferencing after the type check, as customary.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26596 was patched at 2024-05-15

2885. Security Feature Bypass - Linux Kernel (CVE-2021-47067) - Medium [310]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc/tegra: regulators: Fix locking up when voltage-spread is out of range\n\nFix voltage coupler lockup which happens when voltage-spread is out\nof range due to a bug in the code. The max-spread requirement shall be\naccounted when CPU regulator doesn't have consumers. This problem is\nobserved on Tegra30 Ouya game console once system-wide DVFS is enabled\nin a device-tree.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47067 was patched at 2024-05-15

2886. Security Feature Bypass - Windows Encrypting File System (CVE-2024-26644) - Medium [310]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't abort filesystem when attempting to snapshot deleted subvolume\n\nIf the source file descriptor to the snapshot ioctl refers to a deleted\nsubvolume, we get the following abort:\n\n BTRFS: Transaction aborted (error -2)\n WARNING: CPU: 0 PID: 833 at fs/btrfs/transaction.c:1875 create_pending_snapshot+0x1040/0x1190 [btrfs]\n Modules linked in: pata_acpi btrfs ata_piix libata scsi_mod virtio_net blake2b_generic xor net_failover virtio_rng failover scsi_common rng_core raid6_pq libcrc32c\n CPU: 0 PID: 833 Comm: t_snapshot_dele Not tainted 6.7.0-rc6 #2\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014\n RIP: 0010:create_pending_snapshot+0x1040/0x1190 [btrfs]\n RSP: 0018:ffffa09c01337af8 EFLAGS: 00010282\n RAX: 0000000000000000 RBX: ffff9982053e7c78 RCX: 0000000000000027\n RDX: ffff99827dc20848 RSI: 0000000000000001 RDI: ffff99827dc20840\n RBP: ffffa09c01337c00 R08: 0000000000000000 R09: ffffa09c01337998\n R10: 0000000000000003 R11: ffffffffb96da248 R12: fffffffffffffffe\n R13: ffff99820535bb28 R14: ffff99820b7bd000 R15: ffff99820381ea80\n FS: 00007fe20aadabc0(0000) GS:ffff99827dc00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000559a120b502f CR3: 00000000055b6000 CR4: 00000000000006f0\n Call Trace:\n <TASK>\n ? create_pending_snapshot+0x1040/0x1190 [btrfs]\n ? __warn+0x81/0x130\n ? create_pending_snapshot+0x1040/0x1190 [btrfs]\n ? report_bug+0x171/0x1a0\n ? handle_bug+0x3a/0x70\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? create_pending_snapshot+0x1040/0x1190 [btrfs]\n ? create_pending_snapshot+0x1040/0x1190 [btrfs]\n create_pending_snapshots+0x92/0xc0 [btrfs]\n btrfs_commit_transaction+0x66b/0xf40 [btrfs]\n btrfs_mksubvol+0x301/0x4d0 [btrfs]\n btrfs_mksnapshot+0x80/0xb0 [btrfs]\n __btrfs_ioctl_snap_create+0x1c2/0x1d0 [btrfs]\n btrfs_ioctl_snap_create_v2+0xc4/0x150 [btrfs]\n btrfs_ioctl+0x8a6/0x2650 [btrfs]\n ? kmem_cache_free+0x22/0x340\n ? do_sys_openat2+0x97/0xe0\n __x64_sys_ioctl+0x97/0xd0\n do_syscall_64+0x46/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n RIP: 0033:0x7fe20abe83af\n RSP: 002b:00007ffe6eff1360 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007fe20abe83af\n RDX: 00007ffe6eff23c0 RSI: 0000000050009417 RDI: 0000000000000003\n RBP: 0000000000000003 R08: 0000000000000000 R09: 00007fe20ad16cd0\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 00007ffe6eff13c0 R14: 00007fe20ad45000 R15: 0000559a120b6d58\n </TASK>\n ---[ end trace 0000000000000000 ]---\n BTRFS: error (device vdc: state A) in create_pending_snapshot:1875: errno=-2 No such entry\n BTRFS info (device vdc: state EA): forced readonly\n BTRFS warning (device vdc: state EA): Skipping commit of aborted transaction.\n BTRFS: error (device vdc: state EA) in cleanup_transaction:2055: errno=-2 No such entry\n\nThis happens because create_pending_snapshot() initializes the new root\nitem as a copy of the source root item. This includes the refs field,\nwhich is 0 for a deleted subvolume. The call to btrfs_insert_root()\ntherefore inserts a root with refs == 0. btrfs_get_new_fs_root() then\nfinds the root and returns -ENOENT if refs == 0, which causes\ncreate_pending_snapshot() to abort.\n\nFix it by checking the source root's refs before attempting the\nsnapshot, but after locking subvol_sem to avoid racing with deletion.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.914Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26644 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26644 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

2887. Remote Code Execution - GDI (CVE-2006-2644) - Medium [309]

Description: AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.514GDI
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2644 was patched at 2024-05-15

2888. Unknown Vulnerability Type - Unknown Product (CVE-2008-1332) - Medium [309]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, 1.4.x before 1.4.18.1 and 1.4.19-rc3; Business Edition A.x.x, B.x.x before B.2.5.1, and C.x.x before C.1.6.2; AsteriskNOW 1.0.x before 1.0.2; Appliance Developer Kit before 1.4 revision 109393; and s800i 1.0.x before 1.1.0.2; allows remote attackers to access the SIP channel driver via a crafted From header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Asterisk绕过呼叫认证漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1332 was patched at 2024-05-15

2889. Unknown Vulnerability Type - Unknown Product (CVE-2008-1390) - Medium [309]

Description: {'vulners_cve_data_all': 'The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Asterisk可预测HTTP管理器会话ID漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1390 was patched at 2024-05-15

2890. Unknown Vulnerability Type - Unknown Product (CVE-2008-3329) - Medium [309]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Links 'only proxies'存在未明安全漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3329 was patched at 2024-05-15

2891. Unknown Vulnerability Type - Unknown Product (CVE-2008-5718) - Medium [309]

Description: {'vulners_cve_data_all': 'The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Netatalk打印请求任意代码注入漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5718 was patched at 2024-05-15

2892. Unknown Vulnerability Type - Unknown Product (CVE-2019-5596) - Medium [309]

Description: {'vulners_cve_data_all': 'In FreeBSD 11.2-STABLE after r338618 and before r343786, 12.0-STABLE before r343781, and 12.0-RELEASE before 12.0-RELEASE-p3, a bug in the reference count implementation for UNIX domain sockets can cause a file structure to be incorrectly released potentially allowing a malicious local user to gain root privileges or escape from a jail.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] FreeBSD fd Privilege Escalation, [zdt] FreeBSD fd Privilege Escalation Exploit, [exploitpack] FreeBSD-SA-19:02.fd - Privilege Escalation, [exploitdb] FreeBSD-SA-19:02.fd - Privilege Escalation)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5596 was patched at 2024-05-15

2893. Unknown Vulnerability Type - Unknown Product (CVE-2019-6443) - Medium [309]

Description: {'vulners_cve_data_all': 'An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] NTPsec 1.1.2 - ctl_getitem Out-of-Bounds Read Exploit, [exploitpack] NTPsec 1.1.2 - ctl_getitem Out-of-Bounds Read (PoC), [packetstorm] NTPsec 1.1.2 ctl_getitem Out-Of-Bounds Read, [exploitdb] NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6443 was patched at 2024-05-15

2894. Unknown Vulnerability Type - Unknown Product (CVE-2019-6444) - Medium [309]

Description: {'vulners_cve_data_all': 'An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] NTPsec 1.1.2 - ntp_control Out-of-Bounds Read Exploit, [exploitpack] NTPsec 1.1.2 - ntp_control Out-of-Bounds Read (PoC), [packetstorm] NTPsec 1.1.2 ntp_control Out-Of-Bounds Read, [exploitdb] NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6444 was patched at 2024-05-15

2895. Unknown Vulnerability Type - Unknown Product (CVE-2021-23400) - Medium [309]

Description: {'vulners_cve_data_all': 'The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-23400 was patched at 2024-05-15

2896. Unknown Vulnerability Type - Unknown Product (CVE-2023-37154) - Medium [309]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to BDU data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-37154 was patched at 2024-05-15

2897. Denial of Service - ImageMagick (CVE-2017-11750) - Medium [308]

Description: The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and 7.0.6-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11750 was patched at 2024-05-15

2898. Denial of Service - ImageMagick (CVE-2017-11754) - Medium [308]

Description: The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an OpenPixelCache call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11754 was patched at 2024-05-15

2899. Denial of Service - ImageMagick (CVE-2017-11755) - Medium [308]

Description: The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file that is mishandled in an AcquireSemaphoreInfo call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11755 was patched at 2024-05-15

2900. Denial of Service - ImageMagick (CVE-2017-12672) - Medium [308]

Description: In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12672 was patched at 2024-05-15

2901. Denial of Service - ImageMagick (CVE-2017-12673) - Medium [308]

Description: In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12673 was patched at 2024-05-15

2902. Denial of Service - ImageMagick (CVE-2017-14324) - Medium [308]

Description: In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in the function ReadMPCImage in coders/mpc.c, which allows attackers to cause a denial of service via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14324 was patched at 2024-05-15

2903. Denial of Service - ImageMagick (CVE-2017-17883) - Medium [308]

Description: In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17883 was patched at 2024-05-15

2904. Denial of Service - ImageMagick (CVE-2017-18272) - Medium [308]

Description: In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a use-after-free in ReadOneMNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted MNG image file that is mishandled in an MngInfoDiscardObject call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-18272 was patched at 2024-05-15

2905. Denial of Service - ImageMagick (CVE-2018-7470) - Medium [308]

Description: An issue was discovered in ImageMagick 7.0.7-22 Q16. The IsWEBPImageLossless function in coders/webp.c allows attackers to cause a denial of service (segmentation violation) via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7470 was patched at 2024-05-15

2906. Denial of Service - Perl (CVE-2007-4321) - Medium [308]

Description: fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6302.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4321 was patched at 2024-05-15

2907. Denial of Service - Perl (CVE-2011-4063) - Medium [308]

Description: chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4063 was patched at 2024-05-15

2908. Denial of Service - Perl (CVE-2016-7498) - Medium [308]

Description: OpenStack Compute (nova) 13.0.0 does not properly delete instances from compute nodes, which allows remote authenticated users to cause a denial of service (disk consumption) by deleting instances while in the resize state. NOTE: this vulnerability exists because of a CVE-2015-3280 regression.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7498 was patched at 2024-05-15

2909. Denial of Service - Perl (CVE-2021-34146) - Medium [308]

Description: The Bluetooth Classic implementation in the Cypress CYW920735Q60EVB does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and restart (crash) of the device by flooding it with LMP_AU_Rand packets after the paging procedure.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-34146 was patched at 2024-05-15

2910. Denial of Service - Wireshark (CVE-2023-0414) - Medium [308]

Description: Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0414 was patched at 2024-05-15

2911. Denial of Service - Wireshark (CVE-2023-0416) - Medium [308]

Description: GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0416 was patched at 2024-05-15

2912. Incorrect Calculation - FreeRDP (CVE-2024-32039) - Medium [308]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.614FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32039 was patched at 2024-05-15

ubuntu: CVE-2024-32039 was patched at 2024-04-24

2913. Incorrect Calculation - Perl (CVE-2017-1000121) - Medium [308]

Description: The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000121 was patched at 2024-05-15

2914. Memory Corruption - FreeRDP (CVE-2024-32658) - Medium [308]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32658 was patched at 2024-05-15

ubuntu: CVE-2024-32658 was patched at 2024-04-25, 2024-04-29

2915. Memory Corruption - FreeRDP (CVE-2024-32659) - Medium [308]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32659 was patched at 2024-05-15

ubuntu: CVE-2024-32659 was patched at 2024-04-25, 2024-04-29

2916. Memory Corruption - ImageMagick (CVE-2017-14138) - Medium [308]

Description: ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14138 was patched at 2024-05-15

2917. Memory Corruption - Perl (CVE-2017-9225) - Medium [308]

Description: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9225 was patched at 2024-05-15

2918. Memory Corruption - Perl (CVE-2018-6916) - Medium [308]

Description: In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, 10.4-RELEASE-p7, and 10.3-RELEASE-p28, the kernel does not properly validate IPsec packets coming from a trusted host. Additionally, a use-after-free vulnerability exists in the IPsec AH handling code. This issue could cause a system crash or other unpredictable results.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6916 was patched at 2024-05-15

2919. Memory Corruption - ReadyMedia (CVE-2013-2739) - Medium [308]

Description: MiniDLNA has heap-based buffer overflow

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614ReadyMedia (formerly known as MiniDLNA) is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2739 was patched at 2024-05-15

2920. Memory Corruption - Wireshark (CVE-2010-2994) - Medium [308]

Description: Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2994 was patched at 2024-05-15

2921. Security Feature Bypass - Perl (CVE-2007-4893) - Medium [308]

Description: wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4893 was patched at 2024-05-15

2922. Security Feature Bypass - Perl (CVE-2012-5524) - Medium [308]

Description: The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5524 was patched at 2024-05-15

2923. Security Feature Bypass - Perl (CVE-2013-6404) - Medium [308]

Description: Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6404 was patched at 2024-05-15

2924. Arbitrary File Reading - Perl (CVE-2002-1390) - Medium [307]

Description: The daemon for GeneWeb before 4.09 does not properly handle requested paths, which allows remote attackers to read arbitrary files via a crafted URL.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1390 was patched at 2024-05-15

2925. Arbitrary File Reading - Perl (CVE-2005-0202) - Medium [307]

Description: Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0202 was patched at 2024-05-15

2926. Arbitrary File Reading - Perl (CVE-2009-2659) - Medium [307]

Description: The Admin media handler in core/servers/basehttp.py in Django 1.0 and 0.96 does not properly map URL requests to expected "static media files," which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a crafted URL.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2659 was patched at 2024-05-15

2927. Arbitrary File Reading - Perl (CVE-2013-6889) - Medium [307]

Description: GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6889 was patched at 2024-05-15

2928. Arbitrary File Reading - Roundcube (CVE-2013-1904) - Medium [307]

Description: Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the _value parameter for the generic_message_footer setting in a save-perf action to index.php, as exploited in the wild in March 2013.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1904 was patched at 2024-05-15

2929. Arbitrary File Writing - Git (CVE-2012-6114) - Medium [307]

Description: The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6114 was patched at 2024-05-15

2930. Cross Site Scripting - .NET (CVE-2008-3422) - Medium [307]

Description: Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714.NET
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3422 was patched at 2024-05-15

2931. Cross Site Scripting - Curl (CVE-2010-2790) - Medium [307]

Description: Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2790 was patched at 2024-05-15

2932. Cross Site Scripting - MediaWiki (CVE-2004-2152) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2152 was patched at 2024-05-15

2933. Cross Site Scripting - MediaWiki (CVE-2005-0534) - Medium [307]

Description: Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allow remote attackers to inject arbitrary web script.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0534 was patched at 2024-05-15

2934. Cross Site Scripting - MediaWiki (CVE-2005-1245) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1245 was patched at 2024-05-15

2935. Cross Site Scripting - MediaWiki (CVE-2005-1888) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1888 was patched at 2024-05-15

2936. Cross Site Scripting - MediaWiki (CVE-2005-2215) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2215 was patched at 2024-05-15

2937. Cross Site Scripting - MediaWiki (CVE-2005-2396) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2396 was patched at 2024-05-15

2938. Cross Site Scripting - MediaWiki (CVE-2005-3165) - Medium [307]

Description: Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3165 was patched at 2024-05-15

2939. Cross Site Scripting - MediaWiki (CVE-2005-3167) - Medium [307]

Description: Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3167 was patched at 2024-05-15

2940. Cross Site Scripting - MediaWiki (CVE-2005-4501) - Medium [307]

Description: MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4501 was patched at 2024-05-15

2941. Cross Site Scripting - MediaWiki (CVE-2006-1498) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1498 was patched at 2024-05-15

2942. Cross Site Scripting - MediaWiki (CVE-2007-4828) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4828 was patched at 2024-05-15

2943. Cross Site Scripting - MediaWiki (CVE-2008-0460) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and (2) the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0460 was patched at 2024-05-15

2944. Cross Site Scripting - MediaWiki (CVE-2008-4408) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4408 was patched at 2024-05-15

2945. Cross Site Scripting - MediaWiki (CVE-2008-5249) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5249 was patched at 2024-05-15

2946. Cross Site Scripting - MediaWiki (CVE-2009-4589) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in the Special:Block implementation in the getContribsLink function in SpecialBlockip.php in MediaWiki 1.14.0 and 1.15.0 allows remote attackers to inject arbitrary web script or HTML via the ip parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4589 was patched at 2024-05-15

2947. Cross Site Scripting - MediaWiki (CVE-2010-1647) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1647 was patched at 2024-05-15

2948. Cross Site Scripting - MediaWiki (CVE-2011-0047) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) comments, aka "CSS injection vulnerability."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0047 was patched at 2024-05-15

2949. Cross Site Scripting - MediaWiki (CVE-2011-1578) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1578 was patched at 2024-05-15

2950. Cross Site Scripting - MediaWiki (CVE-2011-1587) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1587 was patched at 2024-05-15

2951. Cross Site Scripting - MediaWiki (CVE-2012-1582) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with "forged strip item markers," as demonstrated using the CharInsert extension.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1582 was patched at 2024-05-15

2952. Cross Site Scripting - MediaWiki (CVE-2012-2698) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in the outputPage function in includes/SkinTemplate.php in MediaWiki before 1.17.5, 1.18.x before 1.18.4, and 1.19.x before 1.19.1 allows remote attackers to inject arbitrary web script or HTML via the uselang parameter to index.php/Main_page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2698 was patched at 2024-05-15

2953. Cross Site Scripting - MediaWiki (CVE-2015-2933) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2933 was patched at 2024-05-15

2954. Cross Site Scripting - MediaWiki (CVE-2015-2938) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2938 was patched at 2024-05-15

2955. Cross Site Scripting - MediaWiki (CVE-2015-2939) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2939 was patched at 2024-05-15

2956. Cross Site Scripting - MediaWiki (CVE-2015-2941) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2941 was patched at 2024-05-15

2957. Cross Site Scripting - MediaWiki (CVE-2015-6730) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-6730 was patched at 2024-05-15

2958. Cross Site Scripting - iOS (CVE-2011-1523) - Medium [307]

Description: Cross-site scripting (XSS) vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1523 was patched at 2024-05-15

2959. Cross Site Scripting - iOS (CVE-2011-2179) - Medium [307]

Description: Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in (1) Nagios 3.2.3 and (2) Icinga before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the expand parameter, as demonstrated by an (a) command action or a (b) hosts action.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2179 was patched at 2024-05-15

2960. Information Disclosure - Apache ActiveMQ (CVE-2016-0782) - Medium [307]

Description: The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-0782 was patched at 2024-05-15

2961. Information Disclosure - Perl (CVE-2006-2223) - Medium [307]

Description: RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2223 was patched at 2024-05-15

2962. Information Disclosure - Perl (CVE-2012-3357) - Medium [307]

Description: The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3357 was patched at 2024-05-15

2963. Information Disclosure - Perl (CVE-2012-3385) - Medium [307]

Description: WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3385 was patched at 2024-05-15

2964. Information Disclosure - Perl (CVE-2013-6832) - Medium [307]

Description: The nand_ioctl function in sys/dev/nand/nand_geom.c in the nand driver in the kernel in FreeBSD 10 and earlier does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6832 was patched at 2024-05-15

2965. Information Disclosure - Perl (CVE-2013-7329) - Medium [307]

Description: The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obtain sensitive information (web queries and environment details) via vectors related to the dump_html function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7329 was patched at 2024-05-15

2966. Elevation of Privilege - Cacti (CVE-2023-50569) - Medium [306]

Description: Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50569 was patched at 2024-05-15

2967. Arbitrary File Writing - Perl (CVE-2009-5080) - Medium [305]

Description: The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5080 was patched at 2024-05-15

2968. Arbitrary File Writing - Perl (CVE-2009-5081) - Medium [305]

Description: The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5081 was patched at 2024-05-15

2969. Arbitrary File Writing - Perl (CVE-2009-5082) - Medium [305]

Description: The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5082 was patched at 2024-05-15

2970. Arbitrary File Writing - Perl (CVE-2011-4363) - Medium [305]

Description: ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4363 was patched at 2024-05-15

2971. Arbitrary File Writing - Python (CVE-2014-1624) - Medium [305]

Description: Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1624 was patched at 2024-05-15

2972. Denial of Service - APT (CVE-2024-4853) - Medium [305]

Description: Memory handling issue in editcap could cause denial of service via crafted capture file

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-4853 was patched at 2024-05-15

redos: CVE-2024-4853 was patched at 2024-06-06

2973. Denial of Service - APT (CVE-2024-4855) - Medium [305]

Description: Use after free issue in editcap could cause denial of service via crafted capture file

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-4855 was patched at 2024-05-15

redos: CVE-2024-4855 was patched at 2024-06-06

2974. Denial of Service - GNOME desktop (CVE-2006-1335) - Medium [305]

Description: gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1335 was patched at 2024-05-15

2975. Denial of Service - GNOME desktop (CVE-2008-7185) - Medium [305]

Description: GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7185 was patched at 2024-05-15

2976. Denial of Service - GNOME desktop (CVE-2013-6836) - Medium [305]

Description: Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6836 was patched at 2024-05-15

2977. Denial of Service - ICMP (CVE-2009-3641) - Medium [305]

Description: Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to diagnose network communication issues
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3641 was patched at 2024-05-15

2978. Denial of Service - Mozilla Firefox (CVE-2006-4310) - Medium [305]

Description: Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4310 was patched at 2024-05-15

2979. Denial of Service - Mozilla Firefox (CVE-2006-6499) - Medium [305]

Description: The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6499 was patched at 2024-05-15

2980. Denial of Service - Mozilla Firefox (CVE-2009-2044) - Medium [305]

Description: Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2044 was patched at 2024-05-15

2981. Denial of Service - WinRAR (CVE-2007-3726) - Medium [305]

Description: Integer signedness error in the SET_VALUE function in rarvm.cpp in unrar 3.70 beta 3, as used in products including WinRAR and RAR for OS X, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive that causes a negative signed number to be cast to a large unsigned number.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814WinRAR is a trialware file archiver utility for Windows, developed by Eugene Roshal of win.rar GmbH
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3726 was patched at 2024-05-15

2982. Denial of Service - Windows NTFS (CVE-2007-4196) - Medium [305]

Description: icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a certain memory location as the holder of a loop iteration count, which allows user-assisted remote attackers to cause a denial of service (long loop) and prevent examination of certain NTFS files via a malformed NTFS image.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The default file system of the Windows NT family
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4196 was patched at 2024-05-15

2983. Denial of Service - Windows NTFS (CVE-2007-4197) - Medium [305]

Description: icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 omits NULL pointer checks in certain code paths, which allows user-assisted remote attackers to cause a denial of service (NULL dereference and application crash) and prevent examination of certain NTFS files via a malformed NTFS image.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The default file system of the Windows NT family
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4197 was patched at 2024-05-15

2984. Denial of Service - Windows NTFS (CVE-2007-4198) - Medium [305]

Description: The fs_data_put_str function in ntfs.c in fls in Brian Carrier The Sleuth Kit (TSK) before 2.09 does not validate a certain length value, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image, which triggers a buffer over-read.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The default file system of the Windows NT family
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4198 was patched at 2024-05-15

2985. Denial of Service - Windows NTFS (CVE-2007-4199) - Medium [305]

Description: Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image that triggers (1) dereference of a certain integer value by ntfs_dent.c in fls, or (2) dereference of a certain other integer value by ntfs.c in fsstat.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The default file system of the Windows NT family
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4199 was patched at 2024-05-15

2986. Denial of Service - Windows NTFS (CVE-2007-4200) - Medium [305]

Description: ntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 interprets a certain variable as a byte count rather than a count of 32-bit integers, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The default file system of the Windows NT family
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4200 was patched at 2024-05-15

2987. Denial of Service - libvpx (CVE-2010-4489) - Medium [305]

Description: libvpx, as used in Google Chrome before 8.0.552.215 and possibly other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebM video. NOTE: this vulnerability exists because of a regression.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814libvpx is a free software video codec library from Google and the Alliance for Open Media (AOMedia)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4489 was patched at 2024-05-15

2988. Memory Corruption - Binutils (CVE-2021-3549) - Medium [305]

Description: An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3549 was patched at 2024-05-15

2989. Memory Corruption - Chromium (CVE-2024-3839) - Medium [305]

Description: Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3839 was patched at 2024-04-20, 2024-05-15

redos: CVE-2024-3839 was patched at 2024-05-03

2990. Memory Corruption - Google Chrome (CVE-2021-30594) - Medium [305]

Description: Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30594 was patched at 2024-05-15

2991. Memory Corruption - Node.js (CVE-2018-21270) - Medium [305]

Description: Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-21270 was patched at 2024-05-15

2992. Memory Corruption - Safari (CVE-2018-4271) - Medium [305]

Description: Multiple memory corruption issues were addressed with improved input validation. This issue affected versions prior to iOS 11.4.1, tvOS 11.4.1, watchOS 4.3.2, Safari 11.1.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-4271 was patched at 2024-05-15

2993. Open Redirect - Perl (CVE-2024-29041) - Medium [305]

Description: Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.7515Open Redirect
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29041 was patched at 2024-05-15

2994. Open Redirect - Python (CVE-2017-1002150) - Medium [305]

Description: python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.7515Open Redirect
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1002150 was patched at 2024-05-15

2995. Path Traversal - PHP (CVE-2014-8961) - Medium [305]

Description: Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8961 was patched at 2024-05-15

2996. Command Injection - TRIE (CVE-2021-21288) - Medium [304]

Description: CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1 the download feature has an SSRF vulnerability, allowing attacks to provide DNS entries or IP addresses that are intended for internal use and gather information about the Intranet infrastructure of the platform. This is fixed in versions 1.3.2 and 2.1.1.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-21288 was patched at 2024-05-15

2997. Denial of Service - DNSSEC (CVE-2020-25829) - Medium [303]

Description: An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25829 was patched at 2024-05-15

2998. Denial of Service - Flask (CVE-2019-1010083) - Medium [303]

Description: The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Flask is a lightweight WSGI web application framework
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010083 was patched at 2024-05-15

2999. Denial of Service - Layer 2 Tunneling Protocol (CVE-2006-5873) - Medium [303]

Description: Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Layer 2 Tunneling Protocol
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5873 was patched at 2024-05-15

3000. Denial of Service - Libarchive (CVE-2010-4666) - Medium [303]

Description: Buffer overflow in libarchive 3.0 pre-release code allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CAB file, which is not properly handled during the reading of Huffman code data within LZX compressed data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Multi-format archive and compression library
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4666 was patched at 2024-05-15

3001. Denial of Service - Libarchive (CVE-2011-1779) - Medium [303]

Description: Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted (1) TAR archive or (2) ISO9660 image.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Multi-format archive and compression library
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1779 was patched at 2024-05-15

3002. Denial of Service - NumPy (CVE-2017-12852) - Medium [303]

Description: The numpy.pad function in Numpy 1.13.1 and older versions is missing input validation. An empty list or ndarray will stick into an infinite loop, which can allow attackers to cause a DoS attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514NumPy is a library for the Python programming language, adding support for large, multi-dimensional arrays and matrices, along with a large collection of high-level mathematical functions
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12852 was patched at 2024-05-15

3003. Denial of Service - TLS (CVE-2015-3308) - Medium [303]

Description: Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-3308 was patched at 2024-05-15

3004. Denial of Service - TLS (CVE-2015-6925) - Medium [303]

Description: wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-6925 was patched at 2024-05-15

3005. Denial of Service - TLS (CVE-2018-9860) - Medium [303]

Description: An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will subsequently fail and the connection will be closed. This could be used for denial of service. No information leak occurs.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-9860 was patched at 2024-05-15

3006. Denial of Service - TLS (CVE-2020-12457) - Medium [303]

Description: An issue was discovered in wolfSSL before 4.5.0. It mishandles the change_cipher_spec (CCS) message processing logic for TLS 1.3. If an attacker sends ChangeCipherSpec messages in a crafted way involving more than one in a row, the server becomes stuck in the ProcessReply() loop, i.e., a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-12457 was patched at 2024-05-15

3007. Denial of Service - TLS (CVE-2022-34293) - Medium [303]

Description: wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-34293 was patched at 2024-05-15

3008. Denial of Service - TLS (CVE-2024-23775) - Medium [303]

Description: Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23775 was patched at 2024-05-15

redos: CVE-2024-23775 was patched at 2024-05-03

3009. Denial of Service - TRIE (CVE-2019-10050) - Medium [303]

Description: A buffer over-read issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the decode-mpls.c function DecodeMPLS is composed only of a packet of source address and destination address plus the correct type field and the right number for shim, an attacker can manipulate the control flow, such that the condition to leave the loop is true. After leaving the loop, the network packet has a length of 2 bytes. There is no validation of this length. Later on, the code tries to read at an empty position, leading to a crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10050 was patched at 2024-05-15

3010. Denial of Service - ntopng (CVE-2017-7458) - Medium [303]

Description: The NetworkInterface::getHost function in NetworkInterface.cpp in ntopng before 3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty field that should have contained a hostname or IP address.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514ntopng is an open-source computer software for monitoring traffic on a computer network
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7458 was patched at 2024-05-15

3011. Security Feature Bypass - TLS (CVE-2021-36647) - Medium [303]

Description: {'vulners_cve_data_all': 'Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514TLS
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-36647 was patched at 2024-05-15

3012. Cross Site Scripting - Perl (CVE-2019-10180) - Medium [302]

Description: A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10180 was patched at 2024-05-15

3013. Cross Site Scripting - Perl (CVE-2020-1696) - Medium [302]

Description: A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-1696 was patched at 2024-05-15

3014. Cross Site Scripting - Roundcube (CVE-2021-26925) - Medium [302]

Description: Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26925 was patched at 2024-05-15

3015. Information Disclosure - CNG (CVE-2020-5202) - Medium [302]

Description: apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514CNG
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5202 was patched at 2024-05-15

3016. Information Disclosure - Flask (CVE-2014-1895) - Medium [302]

Description: Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denial of service (host crash) or obtain sensitive information from hypervisor memory by leveraging a FLASK_AVC_CACHESTAT hypercall, which triggers a buffer over-read.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514Flask is a lightweight WSGI web application framework
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1895 was patched at 2024-05-15

3017. Information Disclosure - LNK (CVE-2018-12096) - Medium [302]

Description: The liblnk_data_string_get_utf8_string_size function in liblnk_data_string.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514LNK
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12096 was patched at 2024-05-15

3018. Information Disclosure - LNK (CVE-2018-12097) - Medium [302]

Description: The liblnk_location_information_read_data function in liblnk_location_information.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514LNK
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12097 was patched at 2024-05-15

3019. Information Disclosure - LNK (CVE-2018-12098) - Medium [302]

Description: The liblnk_data_block_read function in liblnk_data_block.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted lnk file. NOTE: the vendor has disputed this as described in libyal/liblnk issue 33 on GitHub

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514LNK
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12098 was patched at 2024-05-15

3020. Information Disclosure - TLS (CVE-2024-23170) - Medium [302]

Description: {'vulners_cve_data_all': 'An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514TLS
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23170 was patched at 2024-05-15

3021. Information Disclosure - TRIE (CVE-2024-3262) - Medium [302]

Description: Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3262 was patched at 2024-05-15

debian: CVE-2024-32620 was patched at 2024-05-15

debian: CVE-2024-32621 was patched at 2024-05-15

debian: CVE-2024-32622 was patched at 2024-05-15

debian: CVE-2024-32623 was patched at 2024-05-15

debian: CVE-2024-32624 was patched at 2024-05-15

3022. Remote Code Execution - Perl (CVE-2005-0156) - Medium [302]

Description: Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0156 was patched at 2024-05-15

3023. Denial of Service - Apache Traffic Server (CVE-2014-10022) - Medium [301]

Description: Apache Traffic Server before 5.1.2 allows remote attackers to cause a denial of service via unspecified vectors, related to internal buffer sizing.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-10022 was patched at 2024-05-15

3024. Denial of Service - BIND (CVE-2006-0987) - Medium [301]

Description: The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0987 was patched at 2024-05-15

3025. Denial of Service - BIND (CVE-2006-2073) - Medium [301]

Description: Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2073 was patched at 2024-05-15

3026. Denial of Service - BIND (CVE-2007-5031) - Medium [301]

Description: The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in Dibbler 0.6.0 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via an invalid IA_NA option in a REBIND message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5031 was patched at 2024-05-15

3027. Denial of Service - BIND (CVE-2014-6268) - Medium [301]

Description: The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest users to cause a denial of service (host crash) via vectors involving an uninitialized FIFO-based event channel control block when (1) binding or (2) moving an event to a different VCPU.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-6268 was patched at 2024-05-15

3028. Denial of Service - BIND (CVE-2022-22970) - Medium [301]

Description: In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-22970 was patched at 2024-05-15

3029. Denial of Service - Curl (CVE-2005-4077) - Medium [301]

Description: Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4077 was patched at 2024-05-15

3030. Denial of Service - FFmpeg (CVE-2011-3973) - Medium [301]

Description: cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3973 was patched at 2024-05-15

3031. Denial of Service - FFmpeg (CVE-2011-3974) - Medium [301]

Description: Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3974 was patched at 2024-05-15

3032. Denial of Service - MediaWiki (CVE-2005-3166) - Medium [301]

Description: Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3166 was patched at 2024-05-15

3033. Denial of Service - MediaWiki (CVE-2006-0322) - Medium [301]

Description: Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0322 was patched at 2024-05-15

3034. Denial of Service - MediaWiki (CVE-2012-4885) - Medium [301]

Description: The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to cause a denial of service (infinite loop) via certain input, as demonstrated by the padleft function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4885 was patched at 2024-05-15

3035. Denial of Service - Point-to-Point Tunneling Protocol (CVE-2007-0244) - Medium [301]

Description: pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequence numbers or (2) certain GRE packets that are processed using a wrong pointer and improperly dequeued.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714The Point to Point Tunneling Protocol (PPTP) is a network protocol used to create VPN tunnels between public networks
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0244 was patched at 2024-05-15

3036. Denial of Service - QEMU (CVE-2013-4153) - Medium [301]

Description: Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count request, as demonstrated by the "virsh vcpucount dom --guest" command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4153 was patched at 2024-05-15

3037. Elevation of Privilege - Linux Kernel (CVE-2024-0841) - Medium [301]

Description: A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-0841 was patched at 2024-05-22

debian: CVE-2024-0841 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-0841 was patched at 2024-05-02, 2024-05-23

redhat: CVE-2024-0841 was patched at 2024-05-22

ubuntu: CVE-2024-0841 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

3038. Incorrect Calculation - QEMU (CVE-2019-12247) - Medium [301]

Description: QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12247 was patched at 2024-05-15

3039. Memory Corruption - FFmpeg (CVE-2005-4048) - Medium [301]

Description: Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4048 was patched at 2024-05-15

3040. Memory Corruption - FFmpeg (CVE-2011-3941) - Medium [301]

Description: The decode_mb function in libavcodec/error_resilience.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via vectors related to an uninitialized block index, which triggers an out-of-bounds write.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3941 was patched at 2024-05-15

3041. Memory Corruption - vim (CVE-2021-4187) - Medium [301]

Description: vim is vulnerable to Use After Free

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Vim is a free and open-source, screen-based text editor program
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4187 was patched at 2024-05-15

3042. Memory Corruption - vim (CVE-2022-2288) - Medium [301]

Description: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Vim is a free and open-source, screen-based text editor program
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2288 was patched at 2024-05-15

debian: CVE-2022-22888 was patched at 2024-05-15

3043. Path Traversal - MediaWiki (CVE-2005-0536) - Medium [301]

Description: Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to delete arbitrary files or determine file existence via a parameter related to image deletion.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0536 was patched at 2024-05-15

3044. Arbitrary File Reading - QEMU (CVE-2013-1922) - Medium [300]

Description: qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1922 was patched at 2024-05-15

3045. Cross Site Scripting - PHP (CVE-2007-4153) - Medium [300]

Description: Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4153 was patched at 2024-05-15

3046. Denial of Service - Linux Kernel (CVE-2007-3719) - Medium [298]

Description: The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3719 was patched at 2024-05-15

3047. Denial of Service - Linux Kernel (CVE-2011-4098) - Medium [298]

Description: The fallocate implementation in the GFS2 filesystem in the Linux kernel before 3.2 relies on the page cache, which might allow local users to cause a denial of service by preallocating blocks in certain situations involving insufficient memory.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4098 was patched at 2024-05-15

3048. Information Disclosure - Git (CVE-2016-2562) - Medium [298]

Description: The checkHTTP function in libraries/Config.class.php in phpMyAdmin 4.5.x before 4.5.5.1 does not verify X.509 certificates from api.github.com SSL servers, which allows man-in-the-middle attackers to spoof these servers and obtain sensitive information via a crafted certificate.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.414Git
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2562 was patched at 2024-05-15

3049. Information Disclosure - Git (CVE-2023-25950) - Medium [298]

Description: HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.414Git
CVSS Base Score0.710CVSS Base Score is 7.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-25950 was patched at 2024-05-15

3050. Information Disclosure - Linux Kernel (CVE-2023-52577) - Medium [298]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndccp: fix dccp_v4_err()/dccp_v6_err() again\n\ndh->dccph_x is the 9th byte (offset 8) in "struct dccp_hdr",\nnot in the "byte 7" as Jann claimed.\n\nWe need to make sure the ICMP messages are big enough,\nusing more standard ways (no more assumptions).\n\nsyzbot reported:\nBUG: KMSAN: uninit-value in pskb_may_pull_reason include/linux/skbuff.h:2667 [inline]\nBUG: KMSAN: uninit-value in pskb_may_pull include/linux/skbuff.h:2681 [inline]\nBUG: KMSAN: uninit-value in dccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94\npskb_may_pull_reason include/linux/skbuff.h:2667 [inline]\npskb_may_pull include/linux/skbuff.h:2681 [inline]\ndccp_v6_err+0x426/0x1aa0 net/dccp/ipv6.c:94\nicmpv6_notify+0x4c7/0x880 net/ipv6/icmp.c:867\nicmpv6_rcv+0x19d5/0x30d0\nip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438\nip6_input_finish net/ipv6/ip6_input.c:483 [inline]\nNF_HOOK include/linux/netfilter.h:304 [inline]\nip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492\nip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586\ndst_input include/net/dst.h:468 [inline]\nip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79\nNF_HOOK include/linux/netfilter.h:304 [inline]\nipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310\n__netif_receive_skb_one_core net/core/dev.c:5523 [inline]\n__netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5637\nnetif_receive_skb_internal net/core/dev.c:5723 [inline]\nnetif_receive_skb+0x58/0x660 net/core/dev.c:5782\ntun_rx_batched+0x83b/0x920\ntun_get_user+0x564c/0x6940 drivers/net/tun.c:2002\ntun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\ncall_write_iter include/linux/fs.h:1985 [inline]\nnew_sync_write fs/read_write.c:491 [inline]\nvfs_write+0x8ef/0x15c0 fs/read_write.c:584\nksys_write+0x20f/0x4c0 fs/read_write.c:637\n__do_sys_write fs/read_write.c:649 [inline]\n__se_sys_write fs/read_write.c:646 [inline]\n__x64_sys_write+0x93/0xd0 fs/read_write.c:646\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nUninit was created at:\nslab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767\nslab_alloc_node mm/slub.c:3478 [inline]\nkmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523\nkmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559\n__alloc_skb+0x318/0x740 net/core/skbuff.c:650\nalloc_skb include/linux/skbuff.h:1286 [inline]\nalloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6313\nsock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2795\ntun_alloc_skb drivers/net/tun.c:1531 [inline]\ntun_get_user+0x23cf/0x6940 drivers/net/tun.c:1846\ntun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\ncall_write_iter include/linux/fs.h:1985 [inline]\nnew_sync_write fs/read_write.c:491 [inline]\nvfs_write+0x8ef/0x15c0 fs/read_write.c:584\nksys_write+0x20f/0x4c0 fs/read_write.c:637\n__do_sys_write fs/read_write.c:649 [inline]\n__se_sys_write fs/read_write.c:646 [inline]\n__x64_sys_write+0x93/0xd0 fs/read_write.c:646\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nCPU: 0 PID: 4995 Comm: syz-executor153 Not tainted 6.6.0-rc1-syzkaller-00014-ga747acc0b752 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52577 was patched at 2024-05-15

3051. Information Disclosure - Linux Kernel (CVE-2023-52578) - Medium [298]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: use DEV_STATS_INC()\n\nsyzbot/KCSAN reported data-races in br_handle_frame_finish() [1]\nThis function can run from multiple cpus without mutual exclusion.\n\nAdopt SMP safe DEV_STATS_INC() to update dev->stats fields.\n\nHandles updates to dev->stats.tx_dropped while we are at it.\n\n[1]\nBUG: KCSAN: data-race in br_handle_frame_finish / br_handle_frame_finish\n\nread-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 1:\nbr_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189\nbr_nf_hook_thresh+0x1ed/0x220\nbr_nf_pre_routing_finish_ipv6+0x50f/0x540\nNF_HOOK include/linux/netfilter.h:304 [inline]\nbr_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178\nbr_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508\nnf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]\nnf_hook_bridge_pre net/bridge/br_input.c:272 [inline]\nbr_handle_frame+0x4c9/0x940 net/bridge/br_input.c:417\n__netif_receive_skb_core+0xa8a/0x21e0 net/core/dev.c:5417\n__netif_receive_skb_one_core net/core/dev.c:5521 [inline]\n__netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637\nprocess_backlog+0x21f/0x380 net/core/dev.c:5965\n__napi_poll+0x60/0x3b0 net/core/dev.c:6527\nnapi_poll net/core/dev.c:6594 [inline]\nnet_rx_action+0x32b/0x750 net/core/dev.c:6727\n__do_softirq+0xc1/0x265 kernel/softirq.c:553\nrun_ksoftirqd+0x17/0x20 kernel/softirq.c:921\nsmpboot_thread_fn+0x30a/0x4a0 kernel/smpboot.c:164\nkthread+0x1d7/0x210 kernel/kthread.c:388\nret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147\nret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n\nread-write to 0xffff8881374b2178 of 8 bytes by interrupt on cpu 0:\nbr_handle_frame_finish+0xd4f/0xef0 net/bridge/br_input.c:189\nbr_nf_hook_thresh+0x1ed/0x220\nbr_nf_pre_routing_finish_ipv6+0x50f/0x540\nNF_HOOK include/linux/netfilter.h:304 [inline]\nbr_nf_pre_routing_ipv6+0x1e3/0x2a0 net/bridge/br_netfilter_ipv6.c:178\nbr_nf_pre_routing+0x526/0xba0 net/bridge/br_netfilter_hooks.c:508\nnf_hook_entry_hookfn include/linux/netfilter.h:144 [inline]\nnf_hook_bridge_pre net/bridge/br_input.c:272 [inline]\nbr_handle_frame+0x4c9/0x940 net/bridge/br_input.c:417\n__netif_receive_skb_core+0xa8a/0x21e0 net/core/dev.c:5417\n__netif_receive_skb_one_core net/core/dev.c:5521 [inline]\n__netif_receive_skb+0x57/0x1b0 net/core/dev.c:5637\nprocess_backlog+0x21f/0x380 net/core/dev.c:5965\n__napi_poll+0x60/0x3b0 net/core/dev.c:6527\nnapi_poll net/core/dev.c:6594 [inline]\nnet_rx_action+0x32b/0x750 net/core/dev.c:6727\n__do_softirq+0xc1/0x265 kernel/softirq.c:553\ndo_softirq+0x5e/0x90 kernel/softirq.c:454\n__local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381\n__raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n_raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210\nspin_unlock_bh include/linux/spinlock.h:396 [inline]\nbatadv_tt_local_purge+0x1a8/0x1f0 net/batman-adv/translation-table.c:1356\nbatadv_tt_purge+0x2b/0x630 net/batman-adv/translation-table.c:3560\nprocess_one_work kernel/workqueue.c:2630 [inline]\nprocess_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2703\nworker_thread+0x525/0x730 kernel/workqueue.c:2784\nkthread+0x1d7/0x210 kernel/kthread.c:388\nret_from_fork+0x48/0x60 arch/x86/kernel/process.c:147\nret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304\n\nvalue changed: 0x00000000000d7190 -> 0x00000000000d7191\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 14848 Comm: kworker/u4:11 Not tainted 6.6.0-rc1-syzkaller-00236-gad8a69f361b9 #0', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-52578 was patched at 2024-06-05

debian: CVE-2023-52578 was patched at 2024-05-15

oraclelinux: CVE-2023-52578 was patched at 2024-05-02, 2024-06-05

redhat: CVE-2023-52578 was patched at 2024-05-29, 2024-05-31, 2024-06-05, 2024-06-11

3052. Memory Corruption - GNU Bash (CVE-2012-3410) - Medium [298]

Description: Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 patch 33 might allow local users to bypass intended restricted shell access via a long filename in /dev/fd, which is not properly handled when expanding the /dev/fd prefix.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914Bash is the shell, or command language interpreter, for the GNU operating system
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3410 was patched at 2024-05-15

3053. Memory Corruption - Linux Kernel (CVE-2019-16230) - Medium [298]

Description: {'vulners_cve_data_all': 'drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16230 was patched at 2024-05-15

3054. Memory Corruption - Linux Kernel (CVE-2020-29372) - Medium [298]

Description: An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-29372 was patched at 2024-05-15

3055. Memory Corruption - Linux Kernel (CVE-2023-52645) - Medium [298]

Description: In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix race conditions with genpd If the power domains are registered first with genpd and *after that* the driver attempts to power them on in the probe sequence, then it is possible that a race condition occurs if genpd tries to power them on in the same time. The same is valid for powering them off before unregistering them from genpd. Attempt to fix race conditions by first removing the domains from genpd and *after that* powering down domains. Also first power up the domains and *after that* register them to genpd.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52645 was patched at 2024-05-15

ubuntu: CVE-2023-52645 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

3056. Memory Corruption - Linux Kernel (CVE-2024-26583) - Medium [298]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix race between async notify and socket close\n\nThe submitting thread (one which called recvmsg/sendmsg)\nmay exit as soon as the async crypto handler calls complete()\nso any code past that point risks touching already freed data.\n\nTry to avoid the locking and extra flags altogether.\nHave the main thread hold an extra reference, this way\nwe can depend solely on the atomic ref counter for\nsynchronization.\n\nDon't futz with reiniting the completion, either, we are now\ntightly controlling when completion fires.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26583 was patched at 2024-05-15

oraclelinux: CVE-2024-26583 was patched at 2024-05-02

ubuntu: CVE-2024-26583 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

3057. Memory Corruption - Linux Kernel (CVE-2024-26910) - Medium [298]

Description: In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix performance regression in swap operation The patch "netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test", commit 28628fa9 fixes a race condition. But the synchronize_rcu() added to the swap function unnecessarily slows it down: it can safely be moved to destroy and use call_rcu() instead. Eric Dumazet pointed out that simply calling the destroy functions as rcu callback does not work: sets with timeout use garbage collectors which need cancelling at destroy which can wait. Therefore the destroy functions are split into two: cancelling garbage collectors safely at executing the command received by netlink and moving the remaining part only into the rcu callback.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26910 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26910 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

3058. Cross Site Scripting - Cacti (CVE-2017-1000032) - Medium [297]

Description: Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000032 was patched at 2024-05-15

3059. Cross Site Scripting - Cacti (CVE-2017-15194) - Medium [297]

Description: include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15194 was patched at 2024-05-15

3060. Cross Site Scripting - Cacti (CVE-2017-16785) - Medium [297]

Description: Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16785 was patched at 2024-05-15

3061. Cross Site Scripting - nginx (CVE-2024-27306) - Medium [297]

Description: aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected. Other users can disable `show_index` if unable to upgrade.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27306 was patched at 2024-05-15

3062. Cross Site Scripting - ntopng (CVE-2017-7416) - Medium [297]

Description: ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514ntopng is an open-source computer software for monitoring traffic on a computer network
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7416 was patched at 2024-05-15

3063. Remote Code Execution - Unknown Product (CVE-2002-0901) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote attackers to execute arbitrary code via long commands to the amindexd daemon, or certain local users to execute arbitrary code via long command line arguments to the programs (2) amcheck, (3) amgetidx, (4) amtrmidx, (5) createindex-dump, or (6) createindex-gnutar.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0901 was patched at 2024-05-15

3064. Remote Code Execution - Unknown Product (CVE-2002-1215) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier (claimed as buffer overflows in some sources) allow remote attackers to execute arbitrary code via certain packets to UDP port 694 (incorrectly claimed as TCP in some sources).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1215 was patched at 2024-05-15

3065. Remote Code Execution - Unknown Product (CVE-2002-1337) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1337 was patched at 2024-05-15

3066. Remote Code Execution - Unknown Product (CVE-2002-1383) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and (2) the image handling code in CUPS filters, as demonstrated by mksun.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1383 was patched at 2024-05-15

3067. Remote Code Execution - Unknown Product (CVE-2002-2207) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in ssldump 0.9b2 and earlier, when running in decryption mode, allows remote attackers to execute arbitrary code via a long RSA PreMasterSecret.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-2207 was patched at 2024-05-15

3068. Remote Code Execution - Unknown Product (CVE-2003-0209) - Medium [297]

Description: {'vulners_cve_data_all': 'Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0209 was patched at 2024-05-15

3069. Remote Code Execution - Unknown Product (CVE-2003-0407) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remote attackers to execute arbitrary code via a long connection string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0407 was patched at 2024-05-15

3070. Remote Code Execution - Unknown Product (CVE-2003-0648) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0648 was patched at 2024-05-15

3071. Remote Code Execution - Unknown Product (CVE-2003-0694) - Medium [297]

Description: {'vulners_cve_data_all': 'The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0694 was patched at 2024-05-15

3072. Remote Code Execution - Unknown Product (CVE-2003-0886) - Medium [297]

Description: {'vulners_cve_data_all': 'Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier allows remote attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0886 was patched at 2024-05-15

3073. Remote Code Execution - Unknown Product (CVE-2003-0968) - Medium [297]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0968 was patched at 2024-05-15

3074. Remote Code Execution - Unknown Product (CVE-2003-0972) - Medium [297]

Description: {'vulners_cve_data_all': 'Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape sequences, which leads to a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0972 was patched at 2024-05-15

3075. Remote Code Execution - Unknown Product (CVE-2003-1083) - Medium [297]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-1083 was patched at 2024-05-15

3076. Remote Code Execution - Unknown Product (CVE-2004-0226) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0226 was patched at 2024-05-15

3077. Remote Code Execution - Unknown Product (CVE-2004-0333) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0333 was patched at 2024-05-15

3078. Remote Code Execution - Unknown Product (CVE-2004-0386) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0386 was patched at 2024-05-15

3079. Remote Code Execution - Unknown Product (CVE-2004-0393) - Medium [297]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the msg function for rlpr daemon (rlprd) 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0393 was patched at 2024-05-15

3080. Remote Code Execution - Unknown Product (CVE-2004-0413) - Medium [297]

Description: {'vulners_cve_data_all': 'libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0413 was patched at 2024-05-15

3081. Remote Code Execution - Unknown Product (CVE-2004-0416) - Medium [297]

Description: {'vulners_cve_data_all': 'Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0416 was patched at 2024-05-15

3082. Remote Code Execution - Unknown Product (CVE-2004-0433) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0433 was patched at 2024-05-15

3083. Remote Code Execution - Unknown Product (CVE-2004-0451) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0451 was patched at 2024-05-15

3084. Remote Code Execution - Unknown Product (CVE-2004-0640) - Medium [297]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLtelnet daemon (SSLtelnetd) 0.13 allows remote attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0640 was patched at 2024-05-15

3085. Remote Code Execution - Unknown Product (CVE-2004-0645) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in the wvHandleDateTimePicture function in wv library (wvWare) 0.7.4 through 0.7.6 and 1.0.0 allows remote attackers to execute arbitrary code via a document with a long DateTime field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0645 was patched at 2024-05-15

3086. Remote Code Execution - Unknown Product (CVE-2004-0888) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0888 was patched at 2024-05-15

3087. Remote Code Execution - Unknown Product (CVE-2004-0889) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0889 was patched at 2024-05-15

3088. Remote Code Execution - Unknown Product (CVE-2004-0941) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0941 was patched at 2024-05-15

3089. Remote Code Execution - Unknown Product (CVE-2004-0980) - Medium [297]

Description: {'vulners_cve_data_all': 'Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0980 was patched at 2024-05-15

3090. Remote Code Execution - Unknown Product (CVE-2004-0982) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0982 was patched at 2024-05-15

3091. Remote Code Execution - Unknown Product (CVE-2004-0990) - Medium [297]

Description: {'vulners_cve_data_all': 'Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0990 was patched at 2024-05-15

3092. Remote Code Execution - Unknown Product (CVE-2004-0993) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in hpsockd before 0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0993 was patched at 2024-05-15

3093. Remote Code Execution - Unknown Product (CVE-2004-0994) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0994 was patched at 2024-05-15

3094. Remote Code Execution - Unknown Product (CVE-2004-1008) - Medium [297]

Description: {'vulners_cve_data_all': 'Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1008 was patched at 2024-05-15

3095. Remote Code Execution - Unknown Product (CVE-2004-1010) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1010 was patched at 2024-05-15

3096. Remote Code Execution - Unknown Product (CVE-2004-1012) - Medium [297]

Description: {'vulners_cve_data_all': 'The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1012 was patched at 2024-05-15

3097. Remote Code Execution - Unknown Product (CVE-2004-1013) - Medium [297]

Description: {'vulners_cve_data_all': 'The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1013 was patched at 2024-05-15

3098. Remote Code Execution - Unknown Product (CVE-2004-1026) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1026 was patched at 2024-05-15

3099. Remote Code Execution - Unknown Product (CVE-2004-1034) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1034 was patched at 2024-05-15

3100. Remote Code Execution - Unknown Product (CVE-2004-1256) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in the (1) event_text and (2) event_specific functions in abc2midi 2004.12.04 allow remote attackers to execute arbitrary code via crafted ABC files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1256 was patched at 2024-05-15

3101. Remote Code Execution - Unknown Product (CVE-2004-1258) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 allows remote attackers to execute arbitrary code via crafted ABC files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1258 was patched at 2024-05-15

3102. Remote Code Execution - Unknown Product (CVE-2004-1272) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in the save_embedded_address function in filter.c for elm/bolthole filter 2.6.1 allows remote attackers to execute arbitrary code via a crafted email message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1272 was patched at 2024-05-15

3103. Remote Code Execution - Unknown Product (CVE-2004-1284) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1284 was patched at 2024-05-15

3104. Remote Code Execution - Unknown Product (CVE-2004-1287) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1287 was patched at 2024-05-15

3105. Remote Code Execution - Unknown Product (CVE-2004-1289) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers to execute arbitrary code via a crafted calendar file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1289 was patched at 2024-05-15

3106. Remote Code Execution - Unknown Product (CVE-2004-1297) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in the process_font_table function in convert.c for unrtf 0.19.3 allows remote attackers to execute arbitrary code via a crafted RTF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1297 was patched at 2024-05-15

3107. Remote Code Execution - Unknown Product (CVE-2004-1304) - Medium [297]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1304 was patched at 2024-05-15

3108. Remote Code Execution - Unknown Product (CVE-2004-1308) - Medium [297]

Description: {'vulners_cve_data_all': 'Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1308 was patched at 2024-05-15

3109. Remote Code Execution - Unknown Product (CVE-2004-1309) - Medium [297]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the demux_open_bmp function in demux_bmp.c for Unix MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a bitmap (BMP) file containing a large biClrUsed field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1309 was patched at 2024-05-15

3110. Remote Code Execution - Unknown Product (CVE-2004-1310) - Medium [297]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the asf_mmst_streaming.c functionality for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a large MMST stream packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1310 was patched at 2024-05-15

3111. Remote Code Execution - Unknown Product (CVE-2004-1311) - Medium [297]

Description: {'vulners_cve_data_all': 'Integer overflow in the real_setup_and_get_header function in real.c for Unix MPlayer 1.0pre5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a Real RTSP streaming media file with a -1 content-length field, which leads to a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1311 was patched at 2024-05-15

3112. Remote Code Execution - Unknown Product (CVE-2004-1898) - Medium [297]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1898 was patched at 2024-05-15

3113. Remote Code Execution - Unknown Product (CVE-2005-0102) - Medium [297]

Description: {'vulners_cve_data_all': 'Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0102 was patched at 2024-05-15

3114. Remote Code Execution - Unknown Product (CVE-2005-1141) - Medium [297]

Description: {'vulners_cve_data_all': 'Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM file with large width and height values, which leads to a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1141 was patched at 2024-05-15

3115. Remote Code Execution - Unknown Product (CVE-2005-3120) - Medium [297]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3120 was patched at 2024-05-15

3116. Remote Code Execution - Unknown Product (CVE-2005-3524) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3524 was patched at 2024-05-15

3117. Remote Code Execution - Unknown Product (CVE-2005-3656) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3656 was patched at 2024-05-15

3118. Remote Code Execution - Unknown Product (CVE-2006-6102) - Medium [297]

Description: {'vulners_cve_data_all': 'Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6102 was patched at 2024-05-15

3119. Remote Code Execution - Unknown Product (CVE-2006-6235) - Medium [297]

Description: {'vulners_cve_data_all': 'A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6235 was patched at 2024-05-15

3120. Remote Code Execution - Unknown Product (CVE-2007-0254) - Medium [297]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0254 was patched at 2024-05-15

3121. Remote Code Execution - Unknown Product (CVE-2007-1329) - Medium [297]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1329 was patched at 2024-05-15

3122. Remote Code Execution - Unknown Product (CVE-2007-1543) - Medium [297]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1543 was patched at 2024-05-15

3123. Remote Code Execution - Unknown Product (CVE-2007-1655) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX before 20070126 might allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors related to lists of numbers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1655 was patched at 2024-05-15

3124. Remote Code Execution - Unknown Product (CVE-2007-2057) - Medium [297]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2057 was patched at 2024-05-15

3125. Remote Code Execution - Unknown Product (CVE-2007-5395) - Medium [297]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the separate_word function in tokenize.c in Link Grammar 4.1b and possibly other versions, as used in AbiWord Link Grammar 4.2.4, allows remote attackers to execute arbitrary code via a long word, as reachable through the separate_sentence function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5395 was patched at 2024-05-15

3126. Remote Code Execution - Unknown Product (CVE-2007-6731) - Medium [297]

Description: {'vulners_cve_data_all': 'Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6731 was patched at 2024-05-15

3127. Remote Code Execution - Unknown Product (CVE-2007-6732) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6732 was patched at 2024-05-15

3128. Remote Code Execution - Unknown Product (CVE-2008-0318) - Medium [297]

Description: {'vulners_cve_data_all': 'Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0318 was patched at 2024-05-15

3129. Remote Code Execution - Unknown Product (CVE-2008-0544) - Medium [297]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0544 was patched at 2024-05-15

3130. Remote Code Execution - Unknown Product (CVE-2008-0671) - Medium [297]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the add_line_buffer function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to execute arbitrary code via a long chat message, related to conversion from LF to CRLF.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0671 was patched at 2024-05-15

3131. Remote Code Execution - Unknown Product (CVE-2008-1167) - Medium [297]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1167 was patched at 2024-05-15

3132. Remote Code Execution - Unknown Product (CVE-2008-1922) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1922 was patched at 2024-05-15

3133. Remote Code Execution - Unknown Product (CVE-2008-2654) - Medium [297]

Description: {'vulners_cve_data_all': 'Off-by-one error in the read_client function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and compiler.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2654 was patched at 2024-05-15

3134. Remote Code Execution - Unknown Product (CVE-2008-3576) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in the TruncateString function in src/gfx.cpp in OpenTTD before 0.6.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3576 was patched at 2024-05-15

3135. Remote Code Execution - Unknown Product (CVE-2008-3908) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context-dependent attackers to execute arbitrary code via (1) a long argument on the command line; a long (2) WNSEARCHDIR, (3) WNHOME, or (4) WNDBVERSION environment variable; or (5) a user-supplied dictionary (aka data file). NOTE: since WordNet itself does not run with special privileges, this issue only crosses privilege boundaries when WordNet is invoked as a third party component.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3908 was patched at 2024-05-15

3136. Remote Code Execution - Unknown Product (CVE-2008-5005) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5005 was patched at 2024-05-15

3137. Remote Code Execution - Unknown Product (CVE-2008-5616) - Medium [297]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the demux_open_vqf function in libmpdemux/demux_vqf.c in MPlayer 1.0 rc2 before r28150 allows remote attackers to execute arbitrary code via a malformed TwinVQ file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5616 was patched at 2024-05-15

3138. Remote Code Execution - Unknown Product (CVE-2008-6071) - Medium [297]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6071 was patched at 2024-05-15

3139. Remote Code Execution - Unknown Product (CVE-2008-6393) - Medium [297]

Description: {'vulners_cve_data_all': 'PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request with a negative value in a SOCKS5 option, which bypasses a signed integer check and triggers an integer overflow and a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6393 was patched at 2024-05-15

3140. Remote Code Execution - Unknown Product (CVE-2008-7148) - Medium [297]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Synfig Animation Studio before 0.61.08 allows attackers to execute arbitrary code via a crafted .sif file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7148 was patched at 2024-05-15

3141. Remote Code Execution - Unknown Product (CVE-2009-1251) - Medium [297]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1251 was patched at 2024-05-15

3142. Remote Code Execution - Unknown Product (CVE-2009-1301) - Medium [297]

Description: {'vulners_cve_data_all': 'Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1301 was patched at 2024-05-15

3143. Remote Code Execution - Unknown Product (CVE-2009-1382) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when downloaded before 20090713, allow remote attackers to execute arbitrary code via a TeX file with long (1) picture, (2) circle, or (3) input tags.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1382 was patched at 2024-05-15

3144. Remote Code Execution - Unknown Product (CVE-2009-3050) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using an AFM font file with a long glyph name, but these vectors do not cross privilege boundaries.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3050 was patched at 2024-05-15

3145. Remote Code Execution - Unknown Product (CVE-2009-3575) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3575 was patched at 2024-05-15

3146. Remote Code Execution - Unknown Product (CVE-2009-3637) - Medium [297]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the M_AddToServerList function in client/menu.c in Red Planet Arena Alien Arena 7.30 allows remote attackers to execute arbitrary code via a packet with a crafted server description to UDP port 27901 followed by a packet with a long print command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3637 was patched at 2024-05-15

3147. Remote Code Execution - Unknown Product (CVE-2009-4009) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted packets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4009 was patched at 2024-05-15

3148. Remote Code Execution - Unknown Product (CVE-2009-4012) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in LibThai before 0.1.13 might allow context-dependent attackers to execute arbitrary code via long strings that trigger heap-based buffer overflows, related to (1) thbrk/thbrk.c and (2) thwbrk/thwbrk.c. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4012 was patched at 2024-05-15

3149. Remote Code Execution - Unknown Product (CVE-2010-1676) - Medium [297]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1676 was patched at 2024-05-15

3150. Remote Code Execution - Unknown Product (CVE-2010-2947) - Medium [297]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the HX_split function in string.c in libHX before 3.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a string that is inconsistent with the expected number of fields.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2947 was patched at 2024-05-15

3151. Remote Code Execution - Unknown Product (CVE-2010-3085) - Medium [297]

Description: {'vulners_cve_data_all': 'The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3085 was patched at 2024-05-15

3152. Remote Code Execution - Unknown Product (CVE-2012-2118) - Medium [297]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the LogVHdrMessageVerb function in os/log.c in X.Org X11 1.11 allows attackers to cause a denial of service or possibly execute arbitrary code via format string specifiers in an input device name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2118 was patched at 2024-05-15

3153. Remote Code Execution - Unknown Product (CVE-2013-0251) - Medium [297]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in llogincircuit.cc in latd 1.25 through 1.30 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the llogin version.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0251 was patched at 2024-05-15

3154. Remote Code Execution - Unknown Product (CVE-2013-1049) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in the RFC1413 (ident) client in cfingerd 1.4.3-3 allows remote IDENT servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted response.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1049 was patched at 2024-05-15

3155. Remote Code Execution - Unknown Product (CVE-2013-3738) - Medium [297]

Description: {'vulners_cve_data_all': 'A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-3738 was patched at 2024-05-15

3156. Remote Code Execution - Unknown Product (CVE-2014-2914) - Medium [297]

Description: {'vulners_cve_data_all': 'fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2914 was patched at 2024-05-15

3157. Remote Code Execution - Unknown Product (CVE-2014-4966) - Medium [297]

Description: {'vulners_cve_data_all': 'Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code via (1) crafted lookup('pipe') calls or (2) crafted Jinja2 data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4966 was patched at 2024-05-15

3158. Remote Code Execution - Unknown Product (CVE-2014-4967) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with (1) a trailing " src=" clause, (2) a trailing " temp=" clause, or (3) a trailing " validate=" clause accompanied by a shell command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4967 was patched at 2024-05-15

3159. Remote Code Execution - Unknown Product (CVE-2014-6440) - Medium [297]

Description: {'vulners_cve_data_all': 'VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-6440 was patched at 2024-05-15

3160. Remote Code Execution - Unknown Product (CVE-2014-9495) - Medium [297]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9495 was patched at 2024-05-15

3161. Remote Code Execution - Unknown Product (CVE-2015-20108) - Medium [297]

Description: {'vulners_cve_data_all': 'xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-20108 was patched at 2024-05-15

3162. Remote Code Execution - Unknown Product (CVE-2015-2311) - Medium [297]

Description: {'vulners_cve_data_all': 'Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2311 was patched at 2024-05-15

3163. Remote Code Execution - Unknown Product (CVE-2015-3875) - Medium [297]

Description: {'vulners_cve_data_all': 'libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-3875 was patched at 2024-05-15

3164. Remote Code Execution - Unknown Product (CVE-2015-3991) - Medium [297]

Description: {'vulners_cve_data_all': 'strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-3991 was patched at 2024-05-15

3165. Remote Code Execution - Unknown Product (CVE-2015-6609) - Medium [297]

Description: {'vulners_cve_data_all': 'libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22953624.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-6609 was patched at 2024-05-15

3166. Remote Code Execution - Unknown Product (CVE-2015-7687) - Medium [297]

Description: {'vulners_cve_data_all': 'Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mta.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7687 was patched at 2024-05-15

3167. Remote Code Execution - Unknown Product (CVE-2015-8972) - Medium [297]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8972 was patched at 2024-05-15

3168. Remote Code Execution - Unknown Product (CVE-2016-1000031) - Medium [297]

Description: {'vulners_cve_data_all': 'Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1000031 was patched at 2024-05-15

3169. Remote Code Execution - Unknown Product (CVE-2016-10721) - Medium [297]

Description: {'vulners_cve_data_all': 'partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to execute arbitrary code in the context of the user running the affected application.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10721 was patched at 2024-05-15

3170. Remote Code Execution - Unknown Product (CVE-2016-10722) - Medium [297]

Description: {'vulners_cve_data_all': 'partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An attacker may be able to execute arbitrary code in the context of the user running the affected application.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10722 was patched at 2024-05-15

3171. Remote Code Execution - Unknown Product (CVE-2016-1503) - Medium [297]

Description: {'vulners_cve_data_all': 'dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1503 was patched at 2024-05-15

3172. Remote Code Execution - Unknown Product (CVE-2016-2788) - Medium [297]

Description: {'vulners_cve_data_all': 'MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2788 was patched at 2024-05-15

3173. Remote Code Execution - Unknown Product (CVE-2016-5873) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5873 was patched at 2024-05-15

3174. Remote Code Execution - Unknown Product (CVE-2016-6199) - Medium [297]

Description: {'vulners_cve_data_all': 'ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to execute arbitrary code via a crafted serialized object.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6199 was patched at 2024-05-15

3175. Remote Code Execution - Unknown Product (CVE-2016-9400) - Medium [297]

Description: {'vulners_cve_data_all': 'The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9400 was patched at 2024-05-15

3176. Remote Code Execution - Unknown Product (CVE-2017-1000047) - Medium [297]

Description: {'vulners_cve_data_all': 'rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000047 was patched at 2024-05-15

3177. Remote Code Execution - Unknown Product (CVE-2017-1000228) - Medium [297]

Description: {'vulners_cve_data_all': 'nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000228 was patched at 2024-05-15

3178. Remote Code Execution - Unknown Product (CVE-2017-16926) - Medium [297]

Description: {'vulners_cve_data_all': 'Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary code as the user running Ohcount.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16926 was patched at 2024-05-15

3179. Remote Code Execution - Unknown Product (CVE-2017-17663) - Medium [297]

Description: {'vulners_cve_data_all': 'The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17663 was patched at 2024-05-15

3180. Remote Code Execution - Unknown Product (CVE-2017-7191) - Medium [297]

Description: {'vulners_cve_data_all': 'The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to cause a denial of service (use-after-free) and possibly execute arbitrary code via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7191 was patched at 2024-05-15

3181. Remote Code Execution - Unknown Product (CVE-2018-0608) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer overflow in H2O version 2.2.4 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-0608 was patched at 2024-05-15

3182. Remote Code Execution - Unknown Product (CVE-2018-1000832) - Medium [297]

Description: {'vulners_cve_data_all': 'ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000832 was patched at 2024-05-15

3183. Remote Code Execution - Unknown Product (CVE-2018-1000833) - Medium [297]

Description: {'vulners_cve_data_all': 'ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000833 was patched at 2024-05-15

3184. Remote Code Execution - Unknown Product (CVE-2018-10199) - Medium [297]

Description: {'vulners_cve_data_all': 'In versions of mruby up to and including 1.4.0, a use-after-free vulnerability exists in src/io.c::File#initilialize_copy(). An attacker that can cause Ruby code to be run can possibly use this to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10199 was patched at 2024-05-15

3185. Remote Code Execution - Unknown Product (CVE-2018-12356) - Medium [297]

Description: {'vulners_cve_data_all': 'An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. The signature verification routine parses the output of GnuPG with an incomplete regular expression, which allows remote attackers to spoof file signatures on configuration files and extension scripts. Modifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12356 was patched at 2024-05-15

3186. Remote Code Execution - Unknown Product (CVE-2018-17191) - Medium [297]

Description: {'vulners_cve_data_all': 'Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent the execution limits. If a different script engine was used, no execution limits were in place. Both vectors allow remote code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17191 was patched at 2024-05-15

3187. Remote Code Execution - Unknown Product (CVE-2018-1999022) - Medium [297]

Description: {'vulners_cve_data_all': 'PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method. that can result in Possible information disclosure, possible impact on data integrity and execution of arbitrary code. This attack appear to be exploitable via A specially crafted query string could be utilised, e.g. http://www.example.com/admin/add_practice_type_id[1]=fubar%27])%20OR%20die(%27OOK!%27);%20//&mode=live. This vulnerability appears to have been fixed in 3.2.15.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1999022 was patched at 2024-05-15

3188. Remote Code Execution - Unknown Product (CVE-2019-0187) - Medium [297]

Description: {'vulners_cve_data_all': 'Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed mode. Note that versions before 4.0 are not able to encrypt traffic between the nodes, nor authenticate the participating nodes so upgrade to JMeter 5.1 is also advised.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-0187 was patched at 2024-05-15

3189. Remote Code Execution - Unknown Product (CVE-2019-10069) - Medium [297]

Description: {'vulners_cve_data_all': 'In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10069 was patched at 2024-05-15

3190. Remote Code Execution - Unknown Product (CVE-2019-1010043) - Medium [297]

Description: {'vulners_cve_data_all': 'Quake3e < 5ed740d is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Argument string creation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010043 was patched at 2024-05-15

3191. Remote Code Execution - Unknown Product (CVE-2019-1010060) - Medium [297]

Description: {'vulners_cve_data_all': 'NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849. One example is ftp_status in drvrnet.c mishandling a long string beginning with a '4' character.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010060 was patched at 2024-05-15

3192. Remote Code Execution - Unknown Product (CVE-2019-1010176) - Medium [297]

Description: {'vulners_cve_data_all': 'JerryScript commit 4e58ccf68070671e1fff5cd6673f0c1d5b80b166 is affected by: Buffer Overflow. The impact is: denial of service and possibly arbitrary code execution. The component is: function lit_char_to_utf8_bytes (jerry-core/lit/lit-char-helpers.c:377). The attack vector is: executing crafted javascript code. The fixed version is: after commit 505dace719aebb3308a3af223cfaa985159efae0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010176 was patched at 2024-05-15

3193. Remote Code Execution - Unknown Product (CVE-2019-1010259) - Medium [297]

Description: {'vulners_cve_data_all': 'SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt. The attack vector is: specially crafted password string. The fixed version is: 2018.3.4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010259 was patched at 2024-05-15

3194. Remote Code Execution - Unknown Product (CVE-2019-10878) - Medium [297]

Description: {'vulners_cve_data_all': 'In Teeworlds 0.7.2, there is a failed bounds check in CDataFileReader::GetData() and CDataFileReader::ReplaceData() and related functions in engine/shared/datafile.cpp that can lead to an arbitrary free and out-of-bounds pointer write, possibly resulting in remote code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10878 was patched at 2024-05-15

3195. Remote Code Execution - Unknown Product (CVE-2019-10879) - Medium [297]

Description: {'vulners_cve_data_all': 'In Teeworlds 0.7.2, there is an integer overflow in CDataFileReader::Open() in engine/shared/datafile.cpp that can lead to a buffer overflow and possibly remote code execution, because size-related multiplications are mishandled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10879 was patched at 2024-05-15

3196. Remote Code Execution - Unknown Product (CVE-2019-13566) - Medium [297]

Description: {'vulners_cve_data_all': 'An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. A buffer overflow allows attackers to cause a denial of service and possibly execute arbitrary code via an IP address with a long hostname.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-13566 was patched at 2024-05-15

3197. Remote Code Execution - Unknown Product (CVE-2019-14842) - Medium [297]

Description: {'vulners_cve_data_all': 'Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets smaller than the beginning of the request did not work because of signed/unsigned confusion. If one of these chunks contains a negative offset then data under control of the server is written to memory before the read buffer supplied by the client. If the read buffer is located on the stack then this allows the stack return address from nbd_pread() to be trivially modified, allowing arbitrary code execution under the control of the server. If the buffer is located on the heap then other memory objects before the buffer can be overwritten, which again would usually lead to arbitrary code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14842 was patched at 2024-05-15

3198. Remote Code Execution - Unknown Product (CVE-2019-15552) - Medium [297]

Description: {'vulners_cve_data_all': 'An issue was discovered in the libflate crate before 0.1.25 for Rust. MultiDecoder::read has a use-after-free, leading to arbitrary code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15552 was patched at 2024-05-15

3199. Remote Code Execution - Unknown Product (CVE-2019-19919) - Medium [297]

Description: {'vulners_cve_data_all': 'Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow an attacker to execute arbitrary code through crafted payloads.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19919 was patched at 2024-05-15

3200. Remote Code Execution - Unknown Product (CVE-2019-20478) - Medium [297]

Description: {'vulners_cve_data_all': 'In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20478 was patched at 2024-05-15

3201. Remote Code Execution - Unknown Product (CVE-2019-7629) - Medium [297]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the strip_vt102_codes function in TinTin++ 2.01.6 and WinTin++ 2.01.6 allows remote attackers to execute arbitrary code by sending a long message to the client.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7629 was patched at 2024-05-15

3202. Remote Code Execution - Unknown Product (CVE-2020-11722) - Medium [297]

Description: {'vulners_cve_data_all': 'Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote attackers to execute arbitrary code via Lua bytecode embedded in an uploaded .crawlrc file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11722 was patched at 2024-05-15

3203. Remote Code Execution - Unknown Product (CVE-2020-11939) - Medium [297]

Description: {'vulners_cve_data_all': 'In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI library's heap memory through remote input, this vulnerability may be abused to achieve full Remote Code Execution against any network inspection stack that is linked against nDPI and uses it to perform network traffic analysis.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11939 was patched at 2024-05-15

3204. Remote Code Execution - Unknown Product (CVE-2020-14931) - Medium [297]

Description: {'vulners_cve_data_all': 'A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_format_buff.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-14931 was patched at 2024-05-15

3205. Remote Code Execution - Unknown Product (CVE-2020-15007) - Medium [297]

Description: {'vulners_cve_data_all': 'A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tech 1 (aka Doom engine) allows arbitrary code execution via an unsafe usage of fscanf, because it does not limit the number of characters to be read in a format argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15007 was patched at 2024-05-15

3206. Remote Code Execution - Unknown Product (CVE-2020-15591) - Medium [297]

Description: {'vulners_cve_data_all': 'fexsrv in F*EX (aka Frams' Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15591 was patched at 2024-05-15

3207. Remote Code Execution - Unknown Product (CVE-2020-22083) - Medium [297]

Description: {'vulners_cve_data_all': 'jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used with un-trusted data', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-22083 was patched at 2024-05-15

3208. Remote Code Execution - Unknown Product (CVE-2020-22597) - Medium [297]

Description: {'vulners_cve_data_all': 'An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-22597 was patched at 2024-05-15

3209. Remote Code Execution - Unknown Product (CVE-2020-24698) - Medium [297]

Description: {'vulners_cve_data_all': 'An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24698 was patched at 2024-05-15

3210. Remote Code Execution - Unknown Product (CVE-2020-25412) - Medium [297]

Description: {'vulners_cve_data_all': 'com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25412 was patched at 2024-05-15

3211. Remote Code Execution - Unknown Product (CVE-2020-26759) - Medium [297]

Description: {'vulners_cve_data_all': 'clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-26759 was patched at 2024-05-15

3212. Remote Code Execution - Unknown Product (CVE-2020-28282) - Medium [297]

Description: {'vulners_cve_data_all': 'Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28282 was patched at 2024-05-15

3213. Remote Code Execution - Unknown Product (CVE-2020-35863) - Medium [297]

Description: {'vulners_cve_data_all': 'An issue was discovered in the hyper crate before 0.12.34 for Rust. HTTP request smuggling can occur. Remote code execution can occur in certain situations with an HTTP server on the loopback interface.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35863 was patched at 2024-05-15

3214. Remote Code Execution - Unknown Product (CVE-2020-5211) - Medium [297]

Description: {'vulners_cve_data_all': 'In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5211 was patched at 2024-05-15

3215. Remote Code Execution - Unknown Product (CVE-2020-5212) - Medium [297]

Description: {'vulners_cve_data_all': 'In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5212 was patched at 2024-05-15

3216. Remote Code Execution - Unknown Product (CVE-2020-5213) - Medium [297]

Description: {'vulners_cve_data_all': 'In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5213 was patched at 2024-05-15

3217. Remote Code Execution - Unknown Product (CVE-2020-5214) - Medium [297]

Description: {'vulners_cve_data_all': 'In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5214 was patched at 2024-05-15

3218. Remote Code Execution - Unknown Product (CVE-2020-8432) - Medium [297]

Description: {'vulners_cve_data_all': 'In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-8432 was patched at 2024-05-15

3219. Remote Code Execution - Unknown Product (CVE-2021-23369) - Medium [297]

Description: {'vulners_cve_data_all': 'The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-23369 was patched at 2024-05-15

3220. Remote Code Execution - Unknown Product (CVE-2021-32563) - Medium [297]

Description: {'vulners_cve_data_all': 'An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32563 was patched at 2024-05-15

3221. Remote Code Execution - Unknown Product (CVE-2021-33204) - Medium [297]

Description: {'vulners_cve_data_all': 'In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not set.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33204 was patched at 2024-05-15

3222. Remote Code Execution - Unknown Product (CVE-2021-3401) - Medium [297]

Description: {'vulners_cve_data_all': 'Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states "I believe that this vulnerability cannot actually be exploited."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3401 was patched at 2024-05-15

3223. Remote Code Execution - Unknown Product (CVE-2021-42377) - Medium [297]

Description: {'vulners_cve_data_all': 'An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42377 was patched at 2024-05-15

3224. Remote Code Execution - Unknown Product (CVE-2021-44143) - Medium [297]

Description: {'vulners_cve_data_all': 'A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44143 was patched at 2024-05-15

3225. Remote Code Execution - Unknown Product (CVE-2021-44223) - Medium [297]

Description: {'vulners_cve_data_all': 'WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44223 was patched at 2024-05-15

3226. Remote Code Execution - Unknown Product (CVE-2021-44847) - Medium [297]

Description: {'vulners_cve_data_all': 'A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote attackers to crash the process or potentially execute arbitrary code via a network packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44847 was patched at 2024-05-15

3227. Remote Code Execution - Unknown Product (CVE-2021-45423) - Medium [297]

Description: {'vulners_cve_data_all': 'A Buffer Overflow vulnerabilityexists in Pev 0.81 via the pe_exports function from exports.c.. The array offsets_to_Names is dynamically allocated on the stack using exp->NumberOfFunctions as its size. However, the loop uses exp->NumberOfNames to iterate over it and set its components value. Therefore, the loop code assumes that exp->NumberOfFunctions is greater than ordinal at each iteration. This can lead to arbitrary code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45423 was patched at 2024-05-15

3228. Remote Code Execution - Unknown Product (CVE-2022-22995) - Medium [297]

Description: {'vulners_cve_data_all': 'The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-22995 was patched at 2024-05-15

ubuntu: CVE-2022-22995 was patched at 2024-05-28

3229. Remote Code Execution - Unknown Product (CVE-2022-29264) - Medium [297]

Description: {'vulners_cve_data_all': 'An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitrary code execution in SMM may occur.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29264 was patched at 2024-05-15

3230. Remote Code Execution - Unknown Product (CVE-2022-38143) - Medium [297]

Description: {'vulners_cve_data_all': 'A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-38143 was patched at 2024-05-15

3231. Remote Code Execution - Unknown Product (CVE-2022-41138) - Medium [297]

Description: {'vulners_cve_data_all': 'In Zutty before 0.13, DECRQSS in text written to the terminal can achieve arbitrary code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-41138 was patched at 2024-05-15

3232. Remote Code Execution - Unknown Product (CVE-2022-45132) - Medium [297]

Description: {'vulners_cve_data_all': 'In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger remote code execution in the LAVA server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-45132 was patched at 2024-05-15

3233. Remote Code Execution - Unknown Product (CVE-2022-45136) - Medium [297]

Description: {'vulners_cve_data_all': 'Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a result an application using Apache Jena SDB can be subject to RCE when connected to a malicious database server. Apache Jena SDB has been EOL since December 2020 and users should migrate to alternative options e.g. Apache Jena TDB 2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-45136 was patched at 2024-05-15

3234. Remote Code Execution - Unknown Product (CVE-2022-45907) - Medium [297]

Description: {'vulners_cve_data_all': 'In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-45907 was patched at 2024-05-15

3235. Remote Code Execution - Unknown Product (CVE-2023-26266) - Medium [297]

Description: {'vulners_cve_data_all': 'In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26266 was patched at 2024-05-15

3236. Remote Code Execution - Unknown Product (CVE-2023-32637) - Medium [297]

Description: {'vulners_cve_data_all': 'GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload files through the product may execute arbitrary code on the server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-32637 was patched at 2024-05-15

3237. Remote Code Execution - Unknown Product (CVE-2023-34237) - Medium [297]

Description: {'vulners_cve_data_all': 'SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the vulnerabilities requires access to the web interface. Remote exploitation is possible if users[exposed their setup to the internet or other untrusted networks without setting a username/password. By default SABnzbd is only accessible from `localhost`, with no authentication required for the web interface. This issue has been patched in commits `e3a722` and `422b4f` which have been included in the 4.0.2 release. Users are advised to upgrade. Users unable to upgrade should ensure that a username and password have been set if their instance is web accessible.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34237 was patched at 2024-05-15

3238. Remote Code Execution - Unknown Product (CVE-2023-38961) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38961 was patched at 2024-05-15

3239. Remote Code Execution - Unknown Product (CVE-2023-41887) - Medium [297]

Description: {'vulners_cve_data_all': 'OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-41887 was patched at 2024-05-15

3240. Remote Code Execution - Unknown Product (CVE-2023-42299) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-42299 was patched at 2024-05-15

3241. Remote Code Execution - Unknown Product (CVE-2023-51885) - Medium [297]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51885 was patched at 2024-05-15

3242. Remote Code Execution - Unknown Product (CVE-2023-51887) - Medium [297]

Description: {'vulners_cve_data_all': 'Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51887 was patched at 2024-05-15

3243. Remote Code Execution - Unknown Product (CVE-2023-51889) - Medium [297]

Description: {'vulners_cve_data_all': 'Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51889 was patched at 2024-05-15

3244. Remote Code Execution - Unknown Product (CVE-2024-22051) - Medium [297]

Description: {'vulners_cve_data_all': 'CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22051 was patched at 2024-05-15

3245. Remote Code Execution - Unknown Product (CVE-2024-25110) - Medium [297]

Description: {'vulners_cve_data_all': 'The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25110 was patched at 2024-05-15

3246. Unknown Vulnerability Type - Unknown Product (CVE-2004-0811) - Medium [297]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apache Satisfy命令访问控制绕过漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0811 was patched at 2024-05-15

3247. Unknown Vulnerability Type - Unknown Product (CVE-2006-4244) - Medium [297]

Description: {'vulners_cve_data_all': 'SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] sqlledger.txt, [packetstorm] LedgerSMB.txt, [seebug] SQL-Ledger验证绕过漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4244 was patched at 2024-05-15

3248. Unknown Vulnerability Type - Unknown Product (CVE-2007-3770) - Medium [297]

Description: {'vulners_cve_data_all': 'The terminal_helper_execute function in terminal/terminal.c in Xfce Terminal 0.2.6 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a crafted link, as demonstrated using the "Open Link" functionality.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Xfce-Terminal远程命令注入漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3770 was patched at 2024-05-15

3249. Unknown Vulnerability Type - Unknown Product (CVE-2007-4560) - Medium [297]

Description: {'vulners_cve_data_all': 'clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([saint] ClamAV milter popen command injection, [saint] ClamAV milter popen command injection, [saint] ClamAV milter popen command injection, [saint] ClamAV milter popen command injection, [packetstorm] ClamAV Milter Blackhole-Mode Remote Code Execution, [d2] DSquare Exploit Pack: D2SEC_CLAMAV)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4560 was patched at 2024-05-15

3250. Unknown Vulnerability Type - Unknown Product (CVE-2008-1381) - Medium [297]

Description: {'vulners_cve_data_all': 'ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitdb] airVisionNVR 1.1.13 - 'readfile()' Disclosure / SQL Injection, [seebug] airVisionNVR 1.1.13 readfile() Disclosure and SQL Injection, [packetstorm] airVisionNVR 1.1.13 Disclosure / SQL Injection, [exploitpack] airVisionNVR 1.1.13 - readfile() Disclosure SQL Injection)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1381 was patched at 2024-05-15

3251. Unknown Vulnerability Type - Unknown Product (CVE-2008-1687) - Medium [297]

Description: {'vulners_cve_data_all': 'The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] GNU m4格式串及文件名引用漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1687 was patched at 2024-05-15

3252. Unknown Vulnerability Type - Unknown Product (CVE-2008-1930) - Medium [297]

Description: {'vulners_cve_data_all': 'The cookie authentication method in WordPress 2.5 relies on a hash of a concatenated string containing USERNAME and EXPIRY_TIME, which allows remote attackers to forge cookies by registering a username that results in the same concatenated string, as demonstrated by registering usernames beginning with "admin" to obtain administrator privileges, aka a "cryptographic splicing" issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-6013.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] WordPress Cookie完整性保护非授权访问漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1930 was patched at 2024-05-15

3253. Unknown Vulnerability Type - Unknown Product (CVE-2008-7220) - Medium [297]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Prototype JavaScript framework (prototypejs) before 1.6.0.2 allows attackers to make "cross-site ajax requests" via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Prototype JavaScript Framework跨站Ajax请求漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7220 was patched at 2024-05-15

3254. Unknown Vulnerability Type - Unknown Product (CVE-2009-0542) - Medium [297]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([d2] DSquare Exploit Pack: D2SEC_PROFTPD_MODSQL)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0542 was patched at 2024-05-15

3255. Unknown Vulnerability Type - Unknown Product (CVE-2009-0843) - Medium [297]

Description: {'vulners_cve_data_all': 'The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to determine the existence of arbitrary files via a full pathname in the queryfile parameter, which triggers different error messages depending on whether this pathname exists.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MapServer mapserv程序多个远程安全漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0843 was patched at 2024-05-15

3256. Unknown Vulnerability Type - Unknown Product (CVE-2009-3289) - Medium [297]

Description: {'vulners_cve_data_all': 'The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions of the user home directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] GNOME glib库g_file_copy函数不安全文件权限设置漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3289 was patched at 2024-05-15

3257. Unknown Vulnerability Type - Unknown Product (CVE-2009-4014) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving (1) check scripts and (2) the Lintian::Schedule module.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Debian Lintian多个本地安全漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4014 was patched at 2024-05-15

3258. Unknown Vulnerability Type - Unknown Product (CVE-2009-4015) - Medium [297]

Description: {'vulners_cve_data_all': 'Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Debian Lintian多个本地安全漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4015 was patched at 2024-05-15

3259. Unknown Vulnerability Type - Unknown Product (CVE-2009-4405) - Medium [297]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to (1) "policy checks in report results when using alternate formats" or (2) a "check for the 'raw' role that is missing in docutils < 0.6."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Trac文本格式报表信息泄露漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4405 was patched at 2024-05-15

3260. Unknown Vulnerability Type - Unknown Product (CVE-2011-0766) - Medium [297]

Description: {'vulners_cve_data_all': 'The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Erlang/OTP SSH库随机数生成漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0766 was patched at 2024-05-15

3261. Unknown Vulnerability Type - Unknown Product (CVE-2011-1412) - Medium [297]

Description: {'vulners_cve_data_all': 'sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Quake 3 Shell Injection / Code Execution)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1412 was patched at 2024-05-15

3262. Unknown Vulnerability Type - Unknown Product (CVE-2012-6496) - Medium [297]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Ruby on Rails Active Record组件SQL注入漏洞(CVE-2012-6496))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6496 was patched at 2024-05-15

3263. Unknown Vulnerability Type - Unknown Product (CVE-2014-8517) - Medium [297]

Description: {'vulners_cve_data_all': 'The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] tnftp "savefile" Arbitrary Command Execution, [zdt] tnftp (savefile) Arbitrary Command Execution Exploit, [zdt] tnftp - clientside BSD Exploit, [zdt] tnftp "savefile" Arbitrary Command Execution Exploit, [exploitpack] tnftp (FreeBSD 8910) - tnftp Client Side, [exploitdb] tnftp (FreeBSD 8/9/10) - 'tnftp' Client Side)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8517 was patched at 2024-05-15

3264. Unknown Vulnerability Type - Unknown Product (CVE-2016-10081) - Medium [297]

Description: {'vulners_cve_data_all': '/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Shutter 0.93.1 - Code Execution, [packetstorm] Shutter 0.93.1 Code Execution, [zdt] Shutter 0.93.1 - Code Execution Vulnerability, [exploitdb] Shutter 0.93.1 - Code Execution)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10081 was patched at 2024-05-15

3265. Unknown Vulnerability Type - Unknown Product (CVE-2016-6802) - Medium [297]

Description: {'vulners_cve_data_all': 'Apache Shiro before 1.3.2 allows attackers to bypass intended servlet filters and gain access by leveraging use of a non-root servlet context path.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Apache Shiro remote security restriction bypass Vulnerability, CVE-2016-6802))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6802 was patched at 2024-05-15

3266. Unknown Vulnerability Type - Unknown Product (CVE-2017-1084) - Medium [297]

Description: {'vulners_cve_data_all': 'In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] FreeBSD - FGPU Stack Clash (PoC), [exploitpack] FreeBSD - FGPE Stack Clash (PoC), [zdt] FreeBSD - FGPU Stack Clash (PoC) Exploit, [zdt] FreeBSD - FGPE Stack Clash (PoC) Exploit, [exploitdb] FreeBSD - 'FGPU' Stack Clash (PoC), [exploitdb] FreeBSD - 'FGPE' Stack Clash (PoC))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1084 was patched at 2024-05-15

3267. Unknown Vulnerability Type - Unknown Product (CVE-2017-14266) - Medium [297]

Description: {'vulners_cve_data_all': 'tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] tcprewrite - Heap Buffer Overflow, [zdt] tcprewrite - Heap-Based Buffer Overflow Vulnerability, [packetstorm] tcprewrite 3.4.4 Buffer Overflow, [exploitdb] tcprewrite - Heap Buffer Overflow)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14266 was patched at 2024-05-15

3268. Unknown Vulnerability Type - Unknown Product (CVE-2017-15288) - Medium [297]

Description: {'vulners_cve_data_all': 'The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Scala 2.x Privilege Escalation Vulnerability)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15288 was patched at 2024-05-15

3269. Unknown Vulnerability Type - Unknown Product (CVE-2017-2909) - Medium [297]

Description: {'vulners_cve_data_all': 'An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Cesanta Mongoose DNS Query Compressed Name Pointer Denial Of Service(CVE-2017-2909))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2909 was patched at 2024-05-15

3270. Unknown Vulnerability Type - Unknown Product (CVE-2017-5618) - Medium [297]

Description: {'vulners_cve_data_all': 'GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([canvas] Immunity Canvas: LINUX_SCREEN)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5618 was patched at 2024-05-15

3271. Unknown Vulnerability Type - Unknown Product (CVE-2017-5630) - Medium [297]

Description: {'vulners_cve_data_all': 'PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] PHP PEAR 1.10.1 - arbitrary File Download Vulnerability (CVE-2017-5630), [zdt] PHP PEAR 1.10.1 - Arbitrary File Download Vulnerability, [exploitpack] PHP PEAR 1.10.1 - Arbitrary File Download, [packetstorm] PEAR Arbitrary File Download, [exploitdb] PHP PEAR 1.10.1 - Arbitrary File Download)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5630 was patched at 2024-05-15

3272. Unknown Vulnerability Type - Unknown Product (CVE-2018-12886) - Medium [297]

Description: {'vulners_cve_data_all': 'stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12886 was patched at 2024-05-15

3273. Unknown Vulnerability Type - Unknown Product (CVE-2018-16789) - Medium [297]

Description: {'vulners_cve_data_all': 'libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Shell In A Box 2.2.0 Denial Of Service Exploit, [packetstorm] Shell In A Box 2.2.0 Denial Of Service)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16789 was patched at 2024-05-15

3274. Unknown Vulnerability Type - Unknown Product (CVE-2019-12499) - Medium [297]

Description: {'vulners_cve_data_all': 'Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The jail (with the exploit code inside) needs to be started as root, and it also needs to be terminated as root from the host (either by stopping it ungracefully (e.g., SIGKILL), or by using the --shutdown control command). This is similar to CVE-2019-5736.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for OS Command Injection in Docker, [githubexploit] Exploit for OS Command Injection in Docker, [githubexploit] Exploit for OS Command Injection in Docker, [githubexploit] Exploit for OS Command Injection in Docker, [githubexploit] Exploit for OS Command Injection in Docker, [githubexploit] Exploit for OS Command Injection in Docker, [githubexploit] Exploit for OS Command Injection in Docker, [githubexploit] Exploit for OS Command Injection in Docker, [githubexploit] Exploit for OS Command Injection in Docker, [githubexploit] Exploit for OS Command Injection in Docker, [githubexploit] Exploit for Improper Initialization in Linux Linux Kernel, [exploitpack] runc 1.0-rc6 (Docker 18.09.2) - Container Breakout (2), [zdt] runC < 1.0-rc6 (Docker < 18.09.2) - Host Command Execution Exploit, [zdt] runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (2), [zdt] Docker Container Escape Exploit, [exploitdb] runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (2), [metasploit] Docker Container Escape Via runC Overwrite, [packetstorm] Docker Container Escape)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12499 was patched at 2024-05-15

3275. Unknown Vulnerability Type - Unknown Product (CVE-2020-28502) - Medium [297]

Description: {'vulners_cve_data_all': 'This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Code Injection in Xmlhttprequest Project Xmlhttprequest)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28502 was patched at 2024-05-15

3276. Unknown Vulnerability Type - Unknown Product (CVE-2020-36465) - Medium [297]

Description: {'vulners_cve_data_all': 'An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36465 was patched at 2024-05-15

3277. Unknown Vulnerability Type - Unknown Product (CVE-2021-28902) - Medium [297]

Description: {'vulners_cve_data_all': 'In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28902 was patched at 2024-05-15

3278. Unknown Vulnerability Type - Unknown Product (CVE-2021-28904) - Medium [297]

Description: {'vulners_cve_data_all': 'In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28904 was patched at 2024-05-15

3279. Unknown Vulnerability Type - Unknown Product (CVE-2021-28906) - Medium [297]

Description: {'vulners_cve_data_all': 'In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28906 was patched at 2024-05-15

3280. Unknown Vulnerability Type - Unknown Product (CVE-2021-31154) - Medium [297]

Description: {'vulners_cve_data_all': 'pleaseedit in please before 0.4 uses predictable temporary filenames in /tmp and the target directory. This allows a local attacker to gain full root privileges by staging a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31154 was patched at 2024-05-15

3281. Unknown Vulnerability Type - Unknown Product (CVE-2022-23639) - Medium [297]

Description: {'vulners_cve_data_all': 'crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell<{i,u}64>` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-23639 was patched at 2024-05-15

3282. Unknown Vulnerability Type - Unknown Product (CVE-2022-39290) - Medium [297]

Description: {'vulners_cve_data_all': 'ZoneMinder is a free, open source Closed-circuit television software application. In affected versions authenticated users can bypass CSRF keys by modifying the request supplied to the Zoneminder web application. These modifications include replacing HTTP POST with an HTTP GET and removing the CSRF key from the request. An attacker can take advantage of this by using an HTTP GET request to perform actions with no CSRF protection. This could allow an attacker to cause an authenticated user to perform unexpected actions on the web application. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Zoneminder Log Injection / XSS / Cross Site Request Forgery, [zdt] Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass Exploit, [exploitdb] Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-39290 was patched at 2024-05-15

3283. Unknown Vulnerability Type - Unknown Product (CVE-2024-32004) - Medium [297]

Description: {'vulners_cve_data_all': '', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to BDU data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32004 was patched at 2024-05-15

redos: CVE-2024-32004 was patched at 2024-05-27

ubuntu: CVE-2024-32004 was patched at 2024-05-28

3284. Denial of Service - ImageMagick (CVE-2012-1186) - Medium [296]

Description: Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in the IFD in an image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0248.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1186 was patched at 2024-05-15

3285. Denial of Service - ImageMagick (CVE-2014-9915) - Medium [296]

Description: Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9915 was patched at 2024-05-15

3286. Denial of Service - ImageMagick (CVE-2016-10058) - Medium [296]

Description: Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick before 6.9.6-3 allows remote attackers to cause a denial of service (memory consumption) via a crafted image file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10058 was patched at 2024-05-15

3287. Denial of Service - ImageMagick (CVE-2016-8678) - Medium [296]

Description: The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.0 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted file. NOTE: the vendor says "This is a Q64 issue and we do not support Q64."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-8678 was patched at 2024-05-15

3288. Denial of Service - ImageMagick (CVE-2016-9298) - Medium [296]

Description: Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9298 was patched at 2024-05-15

3289. Denial of Service - ImageMagick (CVE-2017-6502) - Medium [296]

Description: An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6502 was patched at 2024-05-15

3290. Denial of Service - ImageMagick (CVE-2017-7275) - Medium [296]

Description: The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows remote attackers to cause a denial of service (attempted large memory allocation and application crash) via a crafted file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8862 and CVE-2016-8866.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7275 was patched at 2024-05-15

3291. Denial of Service - ImageMagick (CVE-2020-27829) - Medium [296]

Description: A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27829 was patched at 2024-05-15

3292. Denial of Service - ImageMagick (CVE-2022-3213) - Medium [296]

Description: A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3213 was patched at 2024-05-15

3293. Denial of Service - ImageMagick (CVE-2023-3745) - Medium [296]

Description: A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-3745 was patched at 2024-05-15

debian: CVE-2023-37454 was patched at 2024-05-15

3294. Denial of Service - Perl (CVE-2002-1159) - Medium [296]

Description: Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1159 was patched at 2024-05-15

3295. Denial of Service - Perl (CVE-2004-1035) - Medium [296]

Description: Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, (3) request.c, and (4) select.c for up-imapproxy IMAP proxy 1.2.2 allow remote attackers to cause a denial of service (server crash) and possibly leak sensitive information via certain literal values that are not properly handled when using the IMAP_Line_Read function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1035 was patched at 2024-05-15

3296. Denial of Service - Perl (CVE-2011-4868) - Medium [296]

Description: The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4868 was patched at 2024-05-15

3297. Denial of Service - Perl (CVE-2012-1101) - Medium [296]

Description: systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1101 was patched at 2024-05-15

3298. Denial of Service - Perl (CVE-2012-5634) - Medium [296]

Description: Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5634 was patched at 2024-05-15

3299. Denial of Service - Perl (CVE-2013-4551) - Medium [296]

Description: Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of service (host crash) via unspecified vectors related to "guest VMX instruction execution."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4551 was patched at 2024-05-15

3300. Denial of Service - Perl (CVE-2014-3967) - Medium [296]

Description: The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3967 was patched at 2024-05-15

3301. Denial of Service - Perl (CVE-2021-3308) - Medium [296]

Description: An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors used by the MSI(-X) entries that the guest might had enabled, and hence will lead to vector exhaustion on the system, not allowing further PCI pass through devices to work properly. HVM guests with PCI pass through devices can mount a Denial of Service (DoS) attack affecting the pass through of PCI devices to other guests or the hardware domain. In the latter case, this would affect the entire host.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3308 was patched at 2024-05-15

3302. Denial of Service - Python (CVE-2021-21236) - Medium [296]

Description: CairoSVG is a Python (pypi) package. CairoSVG is an SVG converter based on Cairo. In CairoSVG before version 2.5.1, there is a regular expression denial of service (REDoS) vulnerability. When processing SVG files, the python package CairoSVG uses two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provides a malicious SVG, it can make cairosvg get stuck processing the file for a very long time. This is fixed in version 2.5.1. See Referenced GitHub advisory for more information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 5.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-21236 was patched at 2024-05-15

3303. Denial of Service - Redis (CVE-2023-22458) - Medium [296]

Description: Redis is an in-memory database that persists on disk. Authenticated users can issue a `HRANDFIELD` or `ZRANDMEMBER` command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22458 was patched at 2024-05-15

3304. Denial of Service - Wireshark (CVE-2012-5240) - Medium [296]

Description: Buffer overflow in the dissect_tlv function in epan/dissectors/packet-ldp.c in the LDP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5240 was patched at 2024-05-15

3305. Denial of Service - Wireshark (CVE-2015-8734) - Medium [296]

Description: The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8734 was patched at 2024-05-15

3306. Denial of Service - Wireshark (CVE-2015-8737) - Medium [296]

Description: The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8737 was patched at 2024-05-15

3307. Denial of Service - Wireshark (CVE-2015-8738) - Medium [296]

Description: The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8738 was patched at 2024-05-15

3308. Denial of Service - Wireshark (CVE-2015-8741) - Medium [296]

Description: The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8741 was patched at 2024-05-15

3309. Denial of Service - Wireshark (CVE-2015-8742) - Medium [296]

Description: The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8742 was patched at 2024-05-15

3310. Denial of Service - Wireshark (CVE-2016-2522) - Medium [296]

Description: The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2522 was patched at 2024-05-15

3311. Denial of Service - Wireshark (CVE-2016-2524) - Medium [296]

Description: epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2524 was patched at 2024-05-15

3312. Denial of Service - Wireshark (CVE-2016-2525) - Medium [296]

Description: epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2525 was patched at 2024-05-15

3313. Denial of Service - Wireshark (CVE-2016-2526) - Medium [296]

Description: epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2526 was patched at 2024-05-15

3314. Denial of Service - Wireshark (CVE-2016-2527) - Medium [296]

Description: wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2527 was patched at 2024-05-15

3315. Denial of Service - Wireshark (CVE-2016-2528) - Medium [296]

Description: The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2528 was patched at 2024-05-15

3316. Denial of Service - Wireshark (CVE-2016-2529) - Medium [296]

Description: The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2529 was patched at 2024-05-15

3317. Denial of Service - Wireshark (CVE-2016-4076) - Medium [296]

Description: epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 2.0.x before 2.0.3 does not properly initialize memory for search patterns, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4076 was patched at 2024-05-15

3318. Denial of Service - Wireshark (CVE-2016-4077) - Medium [296]

Description: epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on incorrect special-case handling of truncated Tvb data structures, which allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4077 was patched at 2024-05-15

3319. Denial of Service - Wireshark (CVE-2016-4078) - Medium [296]

Description: The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 does not properly restrict element lists, which allows remote attackers to cause a denial of service (deep recursion and application crash) via a crafted packet, related to epan/dissectors/packet-capwap.c and epan/dissectors/packet-ieee80211.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4078 was patched at 2024-05-15

3320. Denial of Service - Wireshark (CVE-2016-4083) - Medium [296]

Description: epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 does not ensure that data is available before array allocation, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4083 was patched at 2024-05-15

3321. Denial of Service - Wireshark (CVE-2016-4084) - Medium [296]

Description: Integer signedness error in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.3 allows remote attackers to cause a denial of service (integer overflow and application crash) via a crafted packet that triggers an unexpected array size.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4084 was patched at 2024-05-15

3322. Denial of Service - Wireshark (CVE-2016-4415) - Medium [296]

Description: wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x before 2.0.2 incorrectly increases a certain octet count, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4415 was patched at 2024-05-15

3323. Denial of Service - Wireshark (CVE-2016-4416) - Medium [296]

Description: epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.2 mishandles the Grouping subfield, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4416 was patched at 2024-05-15

3324. Denial of Service - Wireshark (CVE-2016-4419) - Medium [296]

Description: epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x before 2.0.2 mishandles capability data, which allows remote attackers to cause a denial of service (large loop) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4419 was patched at 2024-05-15

3325. Denial of Service - Wireshark (CVE-2016-4420) - Medium [296]

Description: The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4420 was patched at 2024-05-15

3326. Denial of Service - Wireshark (CVE-2016-5352) - Medium [296]

Description: epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain length values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5352 was patched at 2024-05-15

3327. Denial of Service - Wireshark (CVE-2016-5358) - Medium [296]

Description: epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles the packet-header data type, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5358 was patched at 2024-05-15

3328. Denial of Service - Wireshark (CVE-2016-6513) - Medium [296]

Description: epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x before 2.0.5 does not restrict the recursion depth, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6513 was patched at 2024-05-15

3329. Denial of Service - Wireshark (CVE-2016-7175) - Medium [296]

Description: epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark 2.x before 2.0.6 mishandles MAC address data, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7175 was patched at 2024-05-15

3330. Denial of Service - Wireshark (CVE-2021-4183) - Medium [296]

Description: Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4183 was patched at 2024-05-15

3331. Denial of Service - Wireshark (CVE-2022-4344) - Medium [296]

Description: Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-4344 was patched at 2024-05-15

3332. Denial of Service - Wireshark (CVE-2024-4854) - Medium [296]

Description: MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-4854 was patched at 2024-05-15

redos: CVE-2024-4854 was patched at 2024-06-06

3333. Denial of Service - tiffcrop (CVE-2022-1056) - Medium [296]

Description: Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Tiffcrop processes one or more files created according to the Tag Image File Format, Revision 6.0, specification into one or more TIFF file(s)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1056 was patched at 2024-05-15

3334. Denial of Service - tiffcrop (CVE-2023-3164) - Medium [296]

Description: A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Tiffcrop processes one or more files created according to the Tag Image File Format, Revision 6.0, specification into one or more TIFF file(s)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-3164 was patched at 2024-05-15

ubuntu: CVE-2023-3164 was patched at 2024-06-11

3335. Memory Corruption - ImageMagick (CVE-2017-12662) - Medium [296]

Description: ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in coders/pdf.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12662 was patched at 2024-05-15

3336. Memory Corruption - ImageMagick (CVE-2017-12663) - Medium [296]

Description: ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in coders/map.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12663 was patched at 2024-05-15

3337. Memory Corruption - ImageMagick (CVE-2017-12666) - Medium [296]

Description: ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage in coders/inline.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12666 was patched at 2024-05-15

3338. Memory Corruption - ImageMagick (CVE-2017-12667) - Medium [296]

Description: ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in coders\mat.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12667 was patched at 2024-05-15

3339. Memory Corruption - ImageMagick (CVE-2017-12669) - Medium [296]

Description: ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage in coders/cals.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12669 was patched at 2024-05-15

3340. Memory Corruption - Roundcube (CVE-2015-2181) - Medium [296]

Description: Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2181 was patched at 2024-05-15

3341. Arbitrary File Reading - Perl (CVE-2012-1103) - Medium [295]

Description: emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1103 was patched at 2024-05-15

3342. Arbitrary File Reading - Perl (CVE-2012-2652) - Medium [295]

Description: The bdrv_open function in Qemu 1.0 does not properly handle the failure of the mkstemp function, when in snapshot node, which allows local users to overwrite or read arbitrary files via a symlink attack on an unspecified temporary file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2652 was patched at 2024-05-15

3343. Cross Site Scripting - MediaWiki (CVE-2008-5250) - Medium [295]

Description: Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5250 was patched at 2024-05-15

3344. Cross Site Scripting - MediaWiki (CVE-2009-0737) - Medium [295]

Description: Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0737 was patched at 2024-05-15

3345. Cross Site Scripting - MediaWiki (CVE-2010-2788) - Medium [295]

Description: Cross-site scripting (XSS) vulnerability in profileinfo.php in MediaWiki before 1.15.5, when wgEnableProfileInfo is enabled, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2788 was patched at 2024-05-15

3346. Information Disclosure - Perl (CVE-2008-0299) - Medium [295]

Description: common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0299 was patched at 2024-05-15

3347. Information Disclosure - Perl (CVE-2008-1292) - Medium [295]

Description: ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1292 was patched at 2024-05-15

3348. Information Disclosure - Perl (CVE-2010-4534) - Medium [295]

Description: The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4534 was patched at 2024-05-15

3349. Information Disclosure - Perl (CVE-2012-1620) - Medium [295]

Description: slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1620 was patched at 2024-05-15

3350. Information Disclosure - Perl (CVE-2012-6635) - Medium [295]

Description: wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6635 was patched at 2024-05-15

3351. Information Disclosure - Perl (CVE-2013-0240) - Medium [295]

Description: Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0240 was patched at 2024-05-15

3352. Information Disclosure - Perl (CVE-2014-3494) - Medium [295]

Description: kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3494 was patched at 2024-05-15

3353. Remote Code Execution - FFmpeg (CVE-2023-49528) - Medium [295]

Description: Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a local attacker to execute arbitrary code and cause a denial of service (DoS) via the af_dialoguenhance.c:261:5 in the de_stereo component.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49528 was patched at 2024-05-15

ubuntu: CVE-2023-49528 was patched at 2024-05-30

3354. Remote Code Execution - FFmpeg (CVE-2023-50010) - Medium [295]

Description: Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the set_encoder_id function in /fftools/ffmpeg_enc.c component.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50010 was patched at 2024-05-15

ubuntu: CVE-2023-50010 was patched at 2024-05-30

3355. Authentication Bypass - Unknown Product (CVE-2007-6013) - Medium [294]

Description: {'vulners_cve_data_all': 'Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6013 was patched at 2024-05-15

3356. Authentication Bypass - Unknown Product (CVE-2009-2422) - Medium [294]

Description: {'vulners_cve_data_all': 'The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2422 was patched at 2024-05-15

3357. Authentication Bypass - Unknown Product (CVE-2015-6816) - Medium [294]

Description: {'vulners_cve_data_all': 'ganglia-web before 3.7.1 allows remote attackers to bypass authentication.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-6816 was patched at 2024-05-15

3358. Authentication Bypass - Unknown Product (CVE-2015-7224) - Medium [294]

Description: {'vulners_cve_data_all': 'puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7224 was patched at 2024-05-15

3359. Authentication Bypass - Unknown Product (CVE-2017-11428) - Medium [294]

Description: {'vulners_cve_data_all': 'OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11428 was patched at 2024-05-15

3360. Authentication Bypass - Unknown Product (CVE-2020-11020) - Medium [294]

Description: {'vulners_cve_data_all': 'Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system. The vulnerability allows any client to bypass checks put in place by server-side extensions, by appending extra segments to the message channel. It is patched in versions 1.0.4, 1.1.3 and 1.2.5.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11020 was patched at 2024-05-15

3361. Authentication Bypass - Unknown Product (CVE-2021-41303) - Medium [294]

Description: {'vulners_cve_data_all': 'Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass. Users should update to Apache Shiro 1.8.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41303 was patched at 2024-05-15

3362. Authentication Bypass - Unknown Product (CVE-2022-40664) - Medium [294]

Description: {'vulners_cve_data_all': 'Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-40664 was patched at 2024-05-15

3363. Authentication Bypass - Unknown Product (CVE-2023-34478) - Medium [294]

Description: {'vulners_cve_data_all': 'Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests.\n\nMitigation:\xa0Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34478 was patched at 2024-05-15

3364. Authentication Bypass - Unknown Product (CVE-2024-25189) - Medium [294]

Description: {'vulners_cve_data_all': 'libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25189 was patched at 2024-05-15

3365. Denial of Service - GNOME desktop (CVE-2006-2789) - Medium [294]

Description: Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2789 was patched at 2024-05-15

3366. Denial of Service - GNOME desktop (CVE-2011-2198) - Medium [294]

Description: The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string "\033[100000000000000000@".

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2198 was patched at 2024-05-15

3367. Incorrect Calculation - GNU C Library (CVE-2021-37600) - Medium [294]

Description: An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37600 was patched at 2024-05-15

3368. Memory Corruption - GNU C Library (CVE-2019-7309) - Medium [294]

Description: {'vulners_cve_data_all': 'In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7309 was patched at 2024-05-15

3369. Security Feature Bypass - Chromium (CVE-2024-3840) - Medium [294]

Description: Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3840 was patched at 2024-04-20, 2024-05-15

redos: CVE-2024-3840 was patched at 2024-05-07

3370. Security Feature Bypass - Chromium (CVE-2024-3841) - Medium [294]

Description: Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3841 was patched at 2024-04-20, 2024-05-15

redos: CVE-2024-3841 was patched at 2024-05-07

3371. Security Feature Bypass - Chromium (CVE-2024-3843) - Medium [294]

Description: Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3843 was patched at 2024-04-20, 2024-05-15

redos: CVE-2024-3843 was patched at 2024-05-07

3372. Security Feature Bypass - Chromium (CVE-2024-3844) - Medium [294]

Description: {'vulners_cve_data_all': 'Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3844 was patched at 2024-04-20, 2024-05-15

redos: CVE-2024-3844 was patched at 2024-05-07

3373. Security Feature Bypass - Chromium (CVE-2024-3845) - Medium [294]

Description: Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3845 was patched at 2024-04-20, 2024-05-15

redos: CVE-2024-3845 was patched at 2024-05-07

3374. Security Feature Bypass - Chromium (CVE-2024-3846) - Medium [294]

Description: {'vulners_cve_data_all': 'Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3846 was patched at 2024-04-20, 2024-05-15

redos: CVE-2024-3846 was patched at 2024-05-07

3375. Security Feature Bypass - Chromium (CVE-2024-3847) - Medium [294]

Description: Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3847 was patched at 2024-04-20, 2024-05-15

redos: CVE-2024-3847 was patched at 2024-05-07

3376. Security Feature Bypass - Mozilla Firefox (CVE-2024-4768) - Medium [294]

Description: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-4768 was patched at 2024-05-16

debian: CVE-2024-4768 was patched at 2024-05-15, 2024-05-17

oraclelinux: CVE-2024-4768 was patched at 2024-05-16, 2024-05-20, 2024-06-11

redhat: CVE-2024-4768 was patched at 2024-05-16, 2024-05-20, 2024-05-23

ubuntu: CVE-2024-4768 was patched at 2024-05-21, 2024-05-22

3377. Security Feature Bypass - WinRAR (CVE-2024-33899) - Medium [294]

Description: {'vulners_cve_data_all': 'RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.814WinRAR is a trialware file archiver utility for Windows, developed by Eugene Roshal of win.rar GmbH
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

redos: CVE-2024-33899 was patched at 2024-05-07

3378. Arbitrary File Writing - Perl (CVE-2005-0077) - Medium [293]

Description: The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0077 was patched at 2024-05-15

3379. Arbitrary File Writing - Perl (CVE-2006-0512) - Medium [293]

Description: PADL MigrationTools 46 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the temporary files, which are not properly created by (1) migrate_all_online.sh, (2) migrate_all_offline.sh, (3) migrate_all_netinfo_online.sh, (4) migrate_all_netinfo_offline.sh, (5) migrate_all_nis_online.sh, (6) migrate_all_nis_offline.sh, (7) migrate_all_nisplus_online.sh, and (8) migrate_all_nisplus_offline.sh.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0512 was patched at 2024-05-15

3380. Information Disclosure - Samba (CVE-2013-4476) - Medium [293]

Description: Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4476 was patched at 2024-05-15

3381. Code Injection - Unknown Product (CVE-2015-9244) - Medium [292]

Description: {'vulners_cve_data_all': 'Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-9244 was patched at 2024-05-15

3382. Code Injection - Unknown Product (CVE-2020-10380) - Medium [292]

Description: {'vulners_cve_data_all': 'RMySQL through 0.10.19 allows SQL Injection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10380 was patched at 2024-05-15

3383. Code Injection - Unknown Product (CVE-2021-27419) - Medium [292]

Description: {'vulners_cve_data_all': 'uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-27419 was patched at 2024-05-15

3384. Command Injection - Unknown Product (CVE-2018-1000825) - Medium [292]

Description: {'vulners_cve_data_all': 'FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freecol file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000825 was patched at 2024-05-15

3385. Command Injection - Unknown Product (CVE-2022-26945) - Medium [292]

Description: {'vulners_cve_data_all': 'go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-26945 was patched at 2024-05-15

3386. Command Injection - Unknown Product (CVE-2023-1350) - Medium [292]

Description: {'vulners_cve_data_all': 'A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date &gt;/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-1350 was patched at 2024-05-15

3387. Command Injection - Unknown Product (CVE-2023-22496) - Medium [292]

Description: {'vulners_cve_data_all': 'Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function `health_alarm_execute` is called. This function performs different checks and then enqueues a command by calling `spawn_enq_cmd`. This command is populated with several arguments that are not sanitized. One of them is the `registry_hostname` of the node for which the alert is raised. By providing a specially crafted `registry_hostname` as part of the health data that is streamed to a Netdata (parent) agent, an attacker can execute arbitrary commands at the remote host as a side-effect of the raised alert. Note that the commands are executed as the user running the Netdata Agent. This user is usually named `netdata`. The ability to run arbitrary commands may allow an attacker to escalate privileges by escalating other vulnerabilities in the system, as that user. The problem has been fixed in: Netdata agent v1.37 (stable) and Netdata agent v1.36.0-409 (nightly). As a workaround, streaming is not enabled by default. If you have previously enabled this, it can be disabled. Limiting access to the port on the recipient Agent to trusted child connections may mitigate the impact of this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22496 was patched at 2024-05-15

3388. XXE Injection - Unknown Product (CVE-2016-3720) - Medium [292]

Description: {'vulners_cve_data_all': 'XML external entity (XXE) vulnerability in XmlMapper in the Data format extension for Jackson (aka jackson-dataformat-xml) allows attackers to have unspecified impact via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3720 was patched at 2024-05-15

3389. XXE Injection - Unknown Product (CVE-2018-1000652) - Medium [292]

Description: {'vulners_cve_data_all': 'JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This vulnerability appears to have been fixed in after commit 89f855d.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000652 was patched at 2024-05-15

3390. XXE Injection - Unknown Product (CVE-2021-23792) - Medium [292]

Description: {'vulners_cve_data_all': 'The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file (e.g. when an online profile picture is processed) with a malicious XMP segment. If the XMP metadata of the uploaded image is parsed, then the XXE vulnerability is triggered.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-23792 was patched at 2024-05-15

3391. Arbitrary File Reading - Cacti (CVE-2017-16661) - Medium [291]

Description: Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16661 was patched at 2024-05-15

3392. Denial of Service - Docker (CVE-2017-14992) - Medium [291]

Description: Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Docker
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14992 was patched at 2024-05-15

3393. Denial of Service - Libarchive (CVE-2018-1000879) - Medium [291]

Description: libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Multi-format archive and compression library
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000879 was patched at 2024-05-15

3394. Denial of Service - TRIE (CVE-2013-6400) - Medium [291]

Description: Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6400 was patched at 2024-05-15

3395. Denial of Service - TRIE (CVE-2017-12966) - Medium [291]

Description: The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12966 was patched at 2024-05-15

3396. Denial of Service - libjpeg (CVE-2021-39514) - Medium [291]

Description: An issue was discovered in libjpeg through 2020021. An uncaught floating point exception in the function ACLosslessScan::ParseMCU() located in aclosslessscan.cpp. It allows an attacker to cause Denial of Service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39514 was patched at 2024-05-15

3397. Denial of Service - libjpeg (CVE-2021-39515) - Medium [291]

Description: An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function SampleInterleavedLSScan::ParseMCU() located in sampleinterleavedlsscan.cpp. It allows an attacker to cause Denial of Service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39515 was patched at 2024-05-15

3398. Denial of Service - libjpeg (CVE-2021-39516) - Medium [291]

Description: An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function HuffmanDecoder::Get() located in huffmandecoder.hpp. It allows an attacker to cause Denial of Service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39516 was patched at 2024-05-15

3399. Denial of Service - libjpeg (CVE-2021-39517) - Medium [291]

Description: An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::ReconstructUnsampled() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39517 was patched at 2024-05-15

3400. Denial of Service - libjpeg (CVE-2021-39519) - Medium [291]

Description: An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PullQData() located in blockbitmaprequester.cpp It allows an attacker to cause Denial of Service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39519 was patched at 2024-05-15

3401. Denial of Service - libjpeg (CVE-2021-39520) - Medium [291]

Description: An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function BlockBitmapRequester::PushReconstructedData() located in blockbitmaprequester.cpp. It allows an attacker to cause Denial of Service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39520 was patched at 2024-05-15

3402. Denial of Service - libjpeg (CVE-2022-31620) - Medium [291]

Description: In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-31620 was patched at 2024-05-15

3403. Denial of Service - libjpeg (CVE-2022-37769) - Medium [291]

Description: libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-37769 was patched at 2024-05-15

3404. Denial of Service - libjpeg (CVE-2022-37770) - Medium [291]

Description: libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-37770 was patched at 2024-05-15

3405. Denial of Service - libjpeg (CVE-2023-37836) - Medium [291]

Description: libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-37836 was patched at 2024-05-15

3406. Denial of Service - libjpeg (CVE-2023-37837) - Medium [291]

Description: libjpeg commit db33a6e was discovered to contain a heap buffer overflow via LineBitmapRequester::EncodeRegion at linebitmaprequester.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-37837 was patched at 2024-05-15

3407. Information Disclosure - Docker (CVE-2022-4122) - Medium [291]

Description: A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514Docker
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-4122 was patched at 2024-05-15

redhat: CVE-2022-4122 was patched at 2024-04-29

3408. Information Disclosure - Docker (CVE-2024-32473) - Medium [291]

Description: {'vulners_cve_data_all': 'Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where `--ipv6=false`. An container with an `ipvlan` or `macvlan` interface will normally be configured to share an external network link with the host machine. Because of this direct access, (1) Containers may be able to communicate with other hosts on the local network over link-local IPv6 addresses, (2) if router advertisements are being broadcast over the local network, containers may get SLAAC-assigned addresses, and (3) the interface will be a member of IPv6 multicast groups. This means interfaces in IPv4-only networks present an unexpectedly and unnecessarily increased attack surface. The issue is patched in 26.0.2. To completely disable IPv6 in a container, use `--sysctl=net.ipv6.conf.all.disable_ipv6=1` in the `docker create` or `docker run` command. Or, in the service configuration of a `compose` file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514Docker
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32473 was patched at 2024-05-15

redos: CVE-2024-32473 was patched at 2024-05-03

3409. Information Disclosure - TRIE (CVE-2021-41867) - Medium [291]

Description: An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41867 was patched at 2024-05-15

3410. Memory Corruption - TLS (CVE-2019-6439) - Medium [291]

Description: examples/benchmark/tls_bench.c in a benchmark tool in wolfSSL through 3.15.7 has a heap-based buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514TLS
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6439 was patched at 2024-05-15

3411. Memory Corruption - TLS (CVE-2022-46393) - Medium [291]

Description: An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. There is a potential heap-based buffer overflow and heap-based buffer over-read in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514TLS
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-46393 was patched at 2024-05-15

3412. Memory Corruption - Unknown Product (CVE-2024-2193) - Medium [291]

Description: {'vulners_cve_data_all': 'A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-2193 was patched at 2024-05-15

3413. Memory Corruption - Unknown Product (CVE-2024-25260) - Medium [291]

Description: {'vulners_cve_data_all': 'elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25260 was patched at 2024-05-15

3414. Memory Corruption - Unknown Product (CVE-2024-27507) - Medium [291]

Description: {'vulners_cve_data_all': 'libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27507 was patched at 2024-05-15

3415. Cross Site Scripting - Internet Explorer (CVE-2005-2820) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]".

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2820 was patched at 2024-05-15

3416. Cross Site Scripting - Internet Explorer (CVE-2005-4831) - Medium [290]

Description: viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) "text/html", or (2) "image/jpeg" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062. NOTE: it was later reported that 0.9.4 is also affected.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4831 was patched at 2024-05-15

3417. Cross Site Scripting - Internet Explorer (CVE-2007-1405) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1405 was patched at 2024-05-15

3418. Cross Site Scripting - Internet Explorer (CVE-2007-6321) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6321 was patched at 2024-05-15

3419. Cross Site Scripting - Internet Explorer (CVE-2008-4326) - Medium [290]

Description: The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4326 was patched at 2024-05-15

3420. Cross Site Scripting - Internet Explorer (CVE-2009-4459) - Medium [290]

Description: Redmine 0.8.7 and earlier uses the title tag before defining the character encoding in a meta tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks and inject arbitrary script via UTF-7 encoded values in the title parameter to a new issue page, which may be interpreted as script by Internet Explorer 7 and 8.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4459 was patched at 2024-05-15

3421. Cross Site Scripting - Internet Explorer (CVE-2010-2479) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2479 was patched at 2024-05-15

3422. Cross Site Scripting - Internet Explorer (CVE-2010-4183) - Medium [290]

Description: Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4183 was patched at 2024-05-15

3423. Cross Site Scripting - Perl (CVE-2004-1177) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1177 was patched at 2024-05-15

3424. Cross Site Scripting - Perl (CVE-2004-1318) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab ("%09") character, which prevents the rest of the query from being properly sanitized.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1318 was patched at 2024-05-15

3425. Cross Site Scripting - Perl (CVE-2005-2336) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2336 was patched at 2024-05-15

3426. Cross Site Scripting - Perl (CVE-2005-2769) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2769 was patched at 2024-05-15

3427. Cross Site Scripting - Perl (CVE-2005-4305) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4305 was patched at 2024-05-15

3428. Cross Site Scripting - Perl (CVE-2006-1321) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the (1) url, (2) title, or (3) author name in a crawled page, which is not properly sanitized in the tooltips of a report.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1321 was patched at 2024-05-15

3429. Cross Site Scripting - Perl (CVE-2008-1168) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1168 was patched at 2024-05-15

3430. Cross Site Scripting - Perl (CVE-2008-2168) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2168 was patched at 2024-05-15

3431. Cross Site Scripting - Perl (CVE-2008-7250) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists because of an incomplete fix for CVE-2008-1168.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7250 was patched at 2024-05-15

3432. Cross Site Scripting - Perl (CVE-2009-3015) - Medium [290]

Description: QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header, (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI, or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3015 was patched at 2024-05-15

3433. Cross Site Scripting - Perl (CVE-2010-1330) - Medium [290]

Description: The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1330 was patched at 2024-05-15

3434. Cross Site Scripting - Perl (CVE-2010-5295) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is not properly handled during a Delete Plugin action.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-5295 was patched at 2024-05-15

3435. Cross Site Scripting - Perl (CVE-2011-4616) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4616 was patched at 2024-05-15

3436. Cross Site Scripting - Perl (CVE-2012-3382) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properly handled in an error message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3382 was patched at 2024-05-15

3437. Cross Site Scripting - Perl (CVE-2013-1857) - Medium [290]

Description: The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a &#x3a; sequence.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1857 was patched at 2024-05-15

3438. Cross Site Scripting - Python (CVE-2009-5065) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5065 was patched at 2024-05-15

3439. Cross Site Scripting - Python (CVE-2010-2480) - Medium [290]

Description: Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2480 was patched at 2024-05-15

3440. Cross Site Scripting - Python (CVE-2011-1157) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1157 was patched at 2024-05-15

3441. Cross Site Scripting - Python (CVE-2011-1158) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1158 was patched at 2024-05-15

3442. Cross Site Scripting - Python (CVE-2015-6938) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-6938 was patched at 2024-05-15

3443. Cross Site Scripting - Roundcube (CVE-2011-2937) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2937 was patched at 2024-05-15

3444. Cross Site Scripting - Roundcube (CVE-2012-3508) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3508 was patched at 2024-05-15

3445. Cross Site Scripting - Roundcube (CVE-2012-4668) - Medium [290]

Description: Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4668 was patched at 2024-05-15

3446. Denial of Service - BIND (CVE-2005-0034) - Medium [289]

Description: An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0034 was patched at 2024-05-15

3447. Denial of Service - FFmpeg (CVE-2010-4704) - Medium [289]

Description: libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. NOTE: this might overlap CVE-2011-0480.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4704 was patched at 2024-05-15

3448. Denial of Service - FFmpeg (CVE-2011-2161) - Medium [289]

Description: The ape_read_header function in ape.c in libavformat in FFmpeg before 0.5.4, as used in MPlayer, VideoLAN VLC media player, and other products, allows remote attackers to cause a denial of service (application crash) via an APE (aka Monkey's Audio) file that contains a header but no frames.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2161 was patched at 2024-05-15

3449. Denial of Service - FFmpeg (CVE-2011-3936) - Medium [289]

Description: The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted DV file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3936 was patched at 2024-05-15

3450. Denial of Service - FFmpeg (CVE-2011-4353) - Medium [289]

Description: The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) vp6_parse_coeff functions in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allow remote attackers to cause a denial of service (out-of-bounds read) via a crafted VP5 or VP6 stream.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4353 was patched at 2024-05-15

3451. Denial of Service - FFmpeg (CVE-2011-4579) - Medium [289]

Description: The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in libavcodec in FFmpeg 0.5.x before 0.5.7, 0.6.x before 0.6.4, 0.7.x before 0.7.9, and 0.8.x before 0.8.8; and in Libav 0.5.x before 0.5.6, 0.6.x before 0.6.4, and 0.7.x before 0.7.3 allows remote attackers to cause a denial of service (memory corruption) via a crafted SVQ1 stream, related to "dimensions changed."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4579 was patched at 2024-05-15

3452. Denial of Service - FFmpeg (CVE-2013-3670) - Medium [289]

Description: The rle_unpack function in vmdav.c in libavcodec in FFmpeg git 20130328 through 20130501 does not properly use the bytestream2 API, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted RLE data. NOTE: the vendor has listed this as an issue fixed in 1.2.1, but the issue is actually in new code that was not shipped with the 1.2.1 release or any earlier release.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-3670 was patched at 2024-05-15

3453. Denial of Service - QEMU (CVE-2013-2230) - Medium [289]

Description: The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registration."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2230 was patched at 2024-05-15

3454. Denial of Service - QEMU (CVE-2013-4154) - Medium [289]

Description: The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to "agent based cpu (un)plug," as demonstrated by the "virsh vcpucount foobar --guest" command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4154 was patched at 2024-05-15

3455. Denial of Service - QEMU (CVE-2014-8131) - Medium [289]

Description: The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8131 was patched at 2024-05-15

3456. Denial of Service - QEMU (CVE-2016-6490) - Medium [289]

Description: The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via a zero length for the descriptor buffer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6490 was patched at 2024-05-15

3457. Denial of Service - QEMU (CVE-2021-3735) - Medium [289]

Description: A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3735 was patched at 2024-05-15

3458. Memory Corruption - QEMU (CVE-2008-4539) - Medium [289]

Description: Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4539 was patched at 2024-05-15

3459. Arbitrary File Writing - GDI (CVE-2009-5079) - Medium [288]

Description: The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.514GDI
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5079 was patched at 2024-05-15

3460. Spoofing - Google Chrome (CVE-2021-30584) - Medium [288]

Description: Incorrect security UI in Downloads in Google Chrome on Android prior to 92.0.4515.107 allowed a remote attacker to perform domain spoofing via a crafted HTML page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30584 was patched at 2024-05-15

3461. Arbitrary File Reading - Git (CVE-2013-7203) - Medium [286]

Description: gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7203 was patched at 2024-05-15

3462. Denial of Service - Flatpak (CVE-2020-5291) - Medium [286]

Description: {'vulners_cve_data_all': 'Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Flatpak is a utility for software deployment and package management for Linux
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5291 was patched at 2024-05-15

3463. Denial of Service - GPAC (CVE-2021-45266) - Medium [286]

Description: A null pointer dereference vulnerability exists in gpac 1.1.0 via the lsr_read_anim_values_ex function, which causes a segmentation fault and application crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45266 was patched at 2024-05-15

3464. Denial of Service - GPAC (CVE-2022-29339) - Medium [286]

Description: In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29339 was patched at 2024-05-15

3465. Denial of Service - GPAC (CVE-2022-29340) - Medium [286]

Description: GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29340 was patched at 2024-05-15

3466. Denial of Service - Git (CVE-2016-10129) - Medium [286]

Description: The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10129 was patched at 2024-05-15

3467. Denial of Service - Git (CVE-2019-1010251) - Medium [286]

Description: Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c, decode-teredo.c and decode-ipv6.c (https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe, https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b). The attack vector is: An attacker can trigger the vulnerability by sending a specifically crafted network request. The fixed version is: 4.1.2.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010251 was patched at 2024-05-15

3468. Denial of Service - Git (CVE-2019-1010279) - Medium [286]

Description: Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suricata/pull/3625/commits/d8634daf74c882356659addb65fb142b738a186b). The attack vector is: An attacker can trigger the vulnerability by a specifically crafted network TCP session. The fixed version is: 4.1.3.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010279 was patched at 2024-05-15

3469. Denial of Service - Git (CVE-2021-23409) - Medium [286]

Description: The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-23409 was patched at 2024-05-15

3470. Denial of Service - Git (CVE-2023-22483) - Medium [286]

Description: cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. These vulnerabilities have been patched in version 0.29.0.gfm.7.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22483 was patched at 2024-05-15

3471. Denial of Service - Git (CVE-2023-22484) - Medium [286]

Description: cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22484 was patched at 2024-05-15

3472. Denial of Service - Git (CVE-2023-22486) - Medium [286]

Description: cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22486 was patched at 2024-05-15

3473. Denial of Service - Git (CVE-2023-24824) - Medium [286]

Description: cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-24824 was patched at 2024-05-15

3474. Denial of Service - Git (CVE-2023-42821) - Medium [286]

Description: The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a88940`, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contains a patch for this issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-42821 was patched at 2024-05-15

3475. Denial of Service - Git (CVE-2023-49568) - Medium [286]

Description: A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability. This is a go-git implementation issue and does not affect the upstream git cli.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49568 was patched at 2024-05-15

3476. Denial of Service - LLDP (CVE-2015-8012) - Medium [286]

Description: lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414LLDP is an industry standard protocol designed to supplant proprietary Link-Layer protocols such as Extreme's EDP (Extreme Discovery Protocol) and CDP (Cisco Discovery Protocol)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8012 was patched at 2024-05-15

3477. Information Disclosure - Git (CVE-2018-11723) - Medium [286]

Description: The libpff_name_to_id_map_entry_read function in libpff_name_to_id_map.c in libyal libpff through 2018-04-28 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted pff file. NOTE: the vendor has disputed this as described in libyal/libpff issue 66 on GitHub

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11723 was patched at 2024-05-15

3478. Memory Corruption - Linux Kernel (CVE-2020-27418) - Medium [286]

Description: A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27418 was patched at 2024-05-15

3479. Memory Corruption - Linux Kernel (CVE-2023-23003) - Medium [286]

Description: {'vulners_cve_data_all': 'In the Linux kernel before 5.16, tools/perf/util/expr.c lacks a check for the hashmap__new return value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-23003 was patched at 2024-05-15

3480. Memory Corruption - Sudo (CVE-2007-0475) - Medium [286]

Description: Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0475 was patched at 2024-05-15

3481. Cross Site Scripting - Cacti (CVE-2017-10970) - Medium [285]

Description: Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-10970 was patched at 2024-05-15

3482. Cross Site Scripting - Cacti (CVE-2017-11163) - Medium [285]

Description: Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11163 was patched at 2024-05-15

3483. Cross Site Scripting - Cacti (CVE-2017-11691) - Medium [285]

Description: Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11691 was patched at 2024-05-15

3484. Cross Site Scripting - Cacti (CVE-2017-12066) - Medium [285]

Description: Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12066 was patched at 2024-05-15

3485. Cross Site Scripting - Cacti (CVE-2017-12978) - Medium [285]

Description: lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12978 was patched at 2024-05-15

3486. Cross Site Scripting - Cacti (CVE-2018-10059) - Medium [285]

Description: Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10059 was patched at 2024-05-15

3487. Cross Site Scripting - Cacti (CVE-2018-20723) - Medium [285]

Description: A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20723 was patched at 2024-05-15

3488. Cross Site Scripting - Cacti (CVE-2018-20724) - Medium [285]

Description: A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20724 was patched at 2024-05-15

3489. Cross Site Scripting - Cacti (CVE-2018-20725) - Medium [285]

Description: A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20725 was patched at 2024-05-15

3490. Cross Site Scripting - Cacti (CVE-2018-20726) - Medium [285]

Description: A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20726 was patched at 2024-05-15

3491. Memory Corruption - Unknown Product (CVE-2023-4234) - Medium [285]

Description: {'vulners_cve_data_all': 'A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_submit_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_submit_report().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-4234 was patched at 2024-05-15

3492. Remote Code Execution - Unknown Product (CVE-2004-1125) - Medium [285]

Description: {'vulners_cve_data_all': 'Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1125 was patched at 2024-05-15

3493. Remote Code Execution - Unknown Product (CVE-2006-1629) - Medium [285]

Description: {'vulners_cve_data_all': 'OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1629 was patched at 2024-05-15

3494. Remote Code Execution - Unknown Product (CVE-2006-6772) - Medium [285]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6772 was patched at 2024-05-15

3495. Remote Code Execution - Unknown Product (CVE-2006-7236) - Medium [285]

Description: {'vulners_cve_data_all': 'The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-7236 was patched at 2024-05-15

3496. Remote Code Execution - Unknown Product (CVE-2007-0619) - Medium [285]

Description: {'vulners_cve_data_all': 'chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0619 was patched at 2024-05-15

3497. Remote Code Execution - Unknown Product (CVE-2007-1437) - Medium [285]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1437 was patched at 2024-05-15

3498. Remote Code Execution - Unknown Product (CVE-2007-1614) - Medium [285]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the zzip_open_shared_io function in zzip/file.c in ZZIPlib Library before 0.13.49 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1614 was patched at 2024-05-15

3499. Remote Code Execution - Unknown Product (CVE-2007-2318) - Medium [285]

Description: {'vulners_cve_data_all': 'Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2318 was patched at 2024-05-15

3500. Remote Code Execution - Unknown Product (CVE-2007-2645) - Medium [285]

Description: {'vulners_cve_data_all': 'Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1) doff or (2) s variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2645 was patched at 2024-05-15

3501. Remote Code Execution - Unknown Product (CVE-2007-2948) - Medium [285]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2948 was patched at 2024-05-15

3502. Remote Code Execution - Unknown Product (CVE-2007-6279) - Medium [285]

Description: {'vulners_cve_data_all': 'Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6279 was patched at 2024-05-15

3503. Remote Code Execution - Unknown Product (CVE-2008-0485) - Medium [285]

Description: {'vulners_cve_data_all': 'Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0485 was patched at 2024-05-15

3504. Remote Code Execution - Unknown Product (CVE-2008-0668) - Medium [285]

Description: {'vulners_cve_data_all': 'The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0668 was patched at 2024-05-15

3505. Remote Code Execution - Unknown Product (CVE-2008-1530) - Medium [285]

Description: {'vulners_cve_data_all': 'GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user IDs."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1530 was patched at 2024-05-15

3506. Remote Code Execution - Unknown Product (CVE-2008-3547) - Medium [285]

Description: {'vulners_cve_data_all': 'Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows remote authenticated users to cause a denial of service (persistent game disruption) or possibly execute arbitrary code via vectors involving many long names for "companies and clients."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3547 was patched at 2024-05-15

3507. Remote Code Execution - Unknown Product (CVE-2008-3827) - Medium [285]

Description: {'vulners_cve_data_all': 'Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3827 was patched at 2024-05-15

3508. Remote Code Execution - Unknown Product (CVE-2008-4201) - Medium [285]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4201 was patched at 2024-05-15

3509. Remote Code Execution - Unknown Product (CVE-2008-6070) - Medium [285]

Description: {'vulners_cve_data_all': 'Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than CVE-2007-0770. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6070 was patched at 2024-05-15

3510. Remote Code Execution - Unknown Product (CVE-2008-7249) - Medium [285]

Description: {'vulners_cve_data_all': 'Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7249 was patched at 2024-05-15

3511. Remote Code Execution - Unknown Product (CVE-2009-0490) - Medium [285]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0490 was patched at 2024-05-15

3512. Remote Code Execution - Unknown Product (CVE-2009-1577) - Medium [285]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in the putstring function in find.c in Cscope before 15.6 allow user-assisted remote attackers to execute arbitrary code via a long (1) function name or (2) symbol in a source-code file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1577 was patched at 2024-05-15

3513. Remote Code Execution - Unknown Product (CVE-2009-1759) - Medium [285]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1759 was patched at 2024-05-15

3514. Remote Code Execution - Unknown Product (CVE-2009-1788) - Medium [285]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1788 was patched at 2024-05-15

3515. Remote Code Execution - Unknown Product (CVE-2009-1791) - Medium [285]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1791 was patched at 2024-05-15

3516. Remote Code Execution - Unknown Product (CVE-2009-3476) - Medium [285]

Description: {'vulners_cve_data_all': 'Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3476 was patched at 2024-05-15

3517. Remote Code Execution - Unknown Product (CVE-2009-3994) - Medium [285]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the GetUID function in src-IL/src/il_dicom.c in DevIL 1.7.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted DICOM file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3994 was patched at 2024-05-15

3518. Remote Code Execution - Unknown Product (CVE-2009-4035) - Medium [285]

Description: {'vulners_cve_data_all': 'The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4035 was patched at 2024-05-15

3519. Remote Code Execution - Unknown Product (CVE-2009-4897) - Medium [285]

Description: {'vulners_cve_data_all': 'Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4897 was patched at 2024-05-15

3520. Remote Code Execution - Unknown Product (CVE-2010-0280) - Medium [285]

Description: {'vulners_cve_data_all': 'Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in Google SketchUp 7.x before 7.1 M2, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via crafted structures in a 3DS file, probably related to mesh.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0280 was patched at 2024-05-15

3521. Remote Code Execution - Unknown Product (CVE-2010-0364) - Medium [285]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows user-assisted remote attackers to execute arbitrary code via an ogg file with a crafted Advanced SubStation Alpha Subtitle (.ass) file, probably involving the Dialogue field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0364 was patched at 2024-05-15

3522. Remote Code Execution - Unknown Product (CVE-2010-1628) - Medium [285]

Description: {'vulners_cve_data_all': 'Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1628 was patched at 2024-05-15

3523. Remote Code Execution - Unknown Product (CVE-2010-1869) - Medium [285]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1869 was patched at 2024-05-15

3524. Remote Code Execution - Unknown Product (CVE-2010-3434) - Medium [285]

Description: {'vulners_cve_data_all': 'Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3434 was patched at 2024-05-15

3525. Remote Code Execution - Unknown Product (CVE-2010-3907) - Medium [285]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3907 was patched at 2024-05-15

3526. Remote Code Execution - Unknown Product (CVE-2011-0021) - Medium [285]

Description: {'vulners_cve_data_all': 'Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0021 was patched at 2024-05-15

3527. Remote Code Execution - Unknown Product (CVE-2011-2194) - Medium [285]

Description: {'vulners_cve_data_all': 'Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2194 was patched at 2024-05-15

3528. Remote Code Execution - Unknown Product (CVE-2011-2685) - Medium [285]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2685 was patched at 2024-05-15

3529. Remote Code Execution - Unknown Product (CVE-2011-2940) - Medium [285]

Description: {'vulners_cve_data_all': 'stunnel 4.40 and 4.41 might allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2940 was patched at 2024-05-15

3530. Remote Code Execution - Unknown Product (CVE-2011-3625) - Medium [285]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a SAMI subtitle file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3625 was patched at 2024-05-15

3531. Remote Code Execution - Unknown Product (CVE-2011-4000) - Medium [285]

Description: {'vulners_cve_data_all': 'Buffer overflow in ChaSen 2.4.x allows remote attackers to execute arbitrary code via a crafted string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4000 was patched at 2024-05-15

3532. Remote Code Execution - Unknown Product (CVE-2011-4620) - Medium [285]

Description: {'vulners_cve_data_all': 'Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a crafted acc file for TORCS. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4620 was patched at 2024-05-15

3533. Remote Code Execution - Unknown Product (CVE-2012-0023) - Medium [285]

Description: {'vulners_cve_data_all': 'Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TiVo (TY) file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0023 was patched at 2024-05-15

3534. Remote Code Execution - Unknown Product (CVE-2012-0210) - Medium [285]

Description: {'vulners_cve_data_all': 'debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0210 was patched at 2024-05-15

3535. Remote Code Execution - Unknown Product (CVE-2012-0211) - Medium [285]

Description: {'vulners_cve_data_all': 'debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0211 was patched at 2024-05-15

3536. Remote Code Execution - Unknown Product (CVE-2012-0212) - Medium [285]

Description: {'vulners_cve_data_all': 'debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via shell metacharacters in the file name argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0212 was patched at 2024-05-15

3537. Remote Code Execution - Unknown Product (CVE-2012-1189) - Medium [285]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in an xml configuration file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1189 was patched at 2024-05-15

3538. Remote Code Execution - Unknown Product (CVE-2012-1616) - Medium [285]

Description: {'vulners_cve_data_all': 'Use-after-free vulnerability in icclib before 2.13, as used by Argyll CMS before 1.4 and possibly other programs, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted ICC profile file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1616 was patched at 2024-05-15

3539. Remote Code Execution - Unknown Product (CVE-2012-1776) - Medium [285]

Description: {'vulners_cve_data_all': 'Multiple heap-based buffer overflows in VideoLAN VLC media player before 2.0.1 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Real RTSP stream.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1776 was patched at 2024-05-15

3540. Remote Code Execution - Unknown Product (CVE-2012-2090) - Medium [285]

Description: {'vulners_cve_data_all': 'Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph model to simgear/simgear/scene/model/SGText.cxx.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2090 was patched at 2024-05-15

3541. Remote Code Execution - Unknown Product (CVE-2012-2091) - Medium [285]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) long string in a rotor tag of an aircraft xml model to the Rotor::getValueforFGSet function in src/FDM/YASim/Rotor.cpp or (2) a crafted UDP packet to the SGSocketUDP::read function in simgear/simgear/simgear/io/sg_socket_udp.cxx.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2091 was patched at 2024-05-15

3542. Remote Code Execution - Unknown Product (CVE-2012-2106) - Medium [285]

Description: {'vulners_cve_data_all': 'Integer overflow in the pv_import function in util/pv_import.c in Csound 5.16.6, when converting a file, allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2106 was patched at 2024-05-15

3543. Remote Code Execution - Unknown Product (CVE-2012-2107) - Medium [285]

Description: {'vulners_cve_data_all': 'Integer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2107 was patched at 2024-05-15

3544. Remote Code Execution - Unknown Product (CVE-2012-2108) - Medium [285]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2108 was patched at 2024-05-15

3545. Remote Code Execution - Unknown Product (CVE-2012-4434) - Medium [285]

Description: {'vulners_cve_data_all': 'fwknop before 2.0.3 allow remote authenticated users to cause a denial of service (server crash) or possibly execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4434 was patched at 2024-05-15

3546. Remote Code Execution - Unknown Product (CVE-2012-6535) - Medium [285]

Description: {'vulners_cve_data_all': 'DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, VuDroid, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted DjVu (aka .djv) file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6535 was patched at 2024-05-15

3547. Remote Code Execution - Unknown Product (CVE-2013-1640) - Medium [285]

Description: {'vulners_cve_data_all': 'The (1) template and (2) inline_template functions in the master server in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users to execute arbitrary code via a crafted catalog request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1640 was patched at 2024-05-15

3548. Remote Code Execution - Unknown Product (CVE-2014-8166) - Medium [285]

Description: {'vulners_cve_data_all': 'The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8166 was patched at 2024-05-15

3549. Remote Code Execution - Unknown Product (CVE-2015-5259) - Medium [285]

Description: {'vulners_cve_data_all': 'Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5259 was patched at 2024-05-15

3550. Remote Code Execution - Unknown Product (CVE-2015-6602) - Medium [285]

Description: {'vulners_cve_data_all': 'libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-6602 was patched at 2024-05-15

3551. Remote Code Execution - Unknown Product (CVE-2015-7849) - Medium [285]

Description: {'vulners_cve_data_all': 'Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7849 was patched at 2024-05-15

3552. Remote Code Execution - Unknown Product (CVE-2015-7854) - Medium [285]

Description: {'vulners_cve_data_all': 'Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7854 was patched at 2024-05-15

3553. Remote Code Execution - Unknown Product (CVE-2016-7408) - Medium [285]

Description: {'vulners_cve_data_all': 'The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7408 was patched at 2024-05-15

3554. Remote Code Execution - Unknown Product (CVE-2017-1000600) - Medium [285]

Description: {'vulners_cve_data_all': 'WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000600 was patched at 2024-05-15

3555. Remote Code Execution - Unknown Product (CVE-2017-14151) - Medium [285]

Description: {'vulners_cve_data_all': 'An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14151 was patched at 2024-05-15

3556. Remote Code Execution - Unknown Product (CVE-2017-17536) - Medium [285]

Description: {'vulners_cve_data_all': 'Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17536 was patched at 2024-05-15

3557. Remote Code Execution - Unknown Product (CVE-2017-2292) - Medium [285]

Description: {'vulners_cve_data_all': 'Versions of MCollective prior to 2.10.4 deserialized YAML from agents without calling safe_load, allowing the potential for arbitrary code execution on the server. The fix for this is to call YAML.safe_load on input. This has been tested in all Puppet-supplied MCollective plugins, but there is a chance that third-party plugins could rely on this insecure behavior.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2292 was patched at 2024-05-15

3558. Remote Code Execution - Unknown Product (CVE-2017-9105) - Medium [285]

Description: {'vulners_cve_data_all': 'An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9105 was patched at 2024-05-15

3559. Remote Code Execution - Unknown Product (CVE-2018-10895) - Medium [285]

Description: {'vulners_cve_data_all': 'qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10895 was patched at 2024-05-15

3560. Remote Code Execution - Unknown Product (CVE-2018-3846) - Medium [285]

Description: {'vulners_cve_data_all': 'In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-3846 was patched at 2024-05-15

3561. Remote Code Execution - Unknown Product (CVE-2018-3847) - Medium [285]

Description: {'vulners_cve_data_all': 'Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-3847 was patched at 2024-05-15

3562. Remote Code Execution - Unknown Product (CVE-2018-3848) - Medium [285]

Description: {'vulners_cve_data_all': 'In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-3848 was patched at 2024-05-15

3563. Remote Code Execution - Unknown Product (CVE-2018-3849) - Medium [285]

Description: {'vulners_cve_data_all': 'In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-3849 was patched at 2024-05-15

3564. Remote Code Execution - Unknown Product (CVE-2018-5809) - Medium [285]

Description: {'vulners_cve_data_all': 'An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-5809 was patched at 2024-05-15

3565. Remote Code Execution - Unknown Product (CVE-2019-5057) - Medium [285]

Description: {'vulners_cve_data_all': 'An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5057 was patched at 2024-05-15

3566. Remote Code Execution - Unknown Product (CVE-2019-5058) - Medium [285]

Description: {'vulners_cve_data_all': 'An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5058 was patched at 2024-05-15

3567. Remote Code Execution - Unknown Product (CVE-2019-5059) - Medium [285]

Description: {'vulners_cve_data_all': 'An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5059 was patched at 2024-05-15

3568. Remote Code Execution - Unknown Product (CVE-2019-5060) - Medium [285]

Description: {'vulners_cve_data_all': 'An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5060 was patched at 2024-05-15

3569. Remote Code Execution - Unknown Product (CVE-2019-5063) - Medium [285]

Description: {'vulners_cve_data_all': 'An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An attacker can provide a specially crafted file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5063 was patched at 2024-05-15

3570. Remote Code Execution - Unknown Product (CVE-2020-10030) - Medium [285]

Description: {'vulners_cve_data_all': 'An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\\0' termination.) Under some conditions, this issue can lead to the writing of one '\\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10030 was patched at 2024-05-15

3571. Remote Code Execution - Unknown Product (CVE-2020-15094) - Medium [285]

Description: {'vulners_cve_data_all': 'In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was initially written with surrogate caching and ESI support in mind (all HTTP calls come from a trusted backend in that scenario). But when used by CachingHttpClient and if an attacker can control the response for a request being made by the CachingHttpClient, remote code execution is possible. This has been fixed in versions 4.4.13 and 5.1.5.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15094 was patched at 2024-05-15

3572. Remote Code Execution - Unknown Product (CVE-2020-24614) - Medium [285]

Description: {'vulners_cve_data_all': 'Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24614 was patched at 2024-05-15

3573. Remote Code Execution - Unknown Product (CVE-2020-24972) - Medium [285]

Description: {'vulners_cve_data_all': 'The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24972 was patched at 2024-05-15

3574. Remote Code Execution - Unknown Product (CVE-2020-36152) - Medium [285]

Description: {'vulners_cve_data_all': 'Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmysofa 0.5 - 1.1 allows attackers to execute arbitrary code via a crafted SOFA.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36152 was patched at 2024-05-15

3575. Remote Code Execution - Unknown Product (CVE-2020-7452) - Medium [285]

Description: {'vulners_cve_data_all': 'In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r357489, and 11.3-RELEASE before 11.3-RELEASE-p7, incorrect use of a user-controlled pointer in the epair virtual network module allowed vnet jailed privileged users to panic the host system and potentially execute arbitrary code in the kernel.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7452 was patched at 2024-05-15

3576. Remote Code Execution - Unknown Product (CVE-2021-21305) - Medium [285]

Description: {'vulners_cve_data_all': 'CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. In CarrierWave before versions 1.3.2 and 2.1.1, there is a code injection vulnerability. The "#manipulate!" method inappropriately evals the content of mutation option(:read/:write), allowing attackers to craft a string that can be executed as a Ruby code. If an application developer supplies untrusted inputs to the option, it will lead to remote code execution(RCE). This is fixed in versions 1.3.2 and 2.1.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-21305 was patched at 2024-05-15

3577. Remote Code Execution - Unknown Product (CVE-2021-21372) - Medium [285]

Description: {'vulners_cve_data_all': 'Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-21372 was patched at 2024-05-15

3578. Remote Code Execution - Unknown Product (CVE-2022-40983) - Medium [285]

Description: {'vulners_cve_data_all': 'An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-40983 was patched at 2024-05-15

3579. Remote Code Execution - Unknown Product (CVE-2022-43591) - Medium [285]

Description: {'vulners_cve_data_all': 'A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-43591 was patched at 2024-05-15

3580. Remote Code Execution - Unknown Product (CVE-2023-0189) - Medium [285]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0189 was patched at 2024-05-15

3581. Remote Code Execution - Unknown Product (CVE-2023-42295) - Medium [285]

Description: {'vulners_cve_data_all': 'An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-42295 was patched at 2024-05-15

3582. Remote Code Execution - Unknown Product (CVE-2023-45664) - Medium [285]

Description: {'vulners_cve_data_all': 'stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45664 was patched at 2024-05-15

3583. Remote Code Execution - Unknown Product (CVE-2024-22636) - Medium [285]

Description: {'vulners_cve_data_all': 'PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22636 was patched at 2024-05-15

3584. Remote Code Execution - Unknown Product (CVE-2024-3119) - Medium [285]

Description: {'vulners_cve_data_all': 'A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of 'Call-ID' and 'X-Call-ID' SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3119 was patched at 2024-05-15

3585. Remote Code Execution - Unknown Product (CVE-2024-3120) - Medium [285]

Description: {'vulners_cve_data_all': 'A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying 'Content-Length' and 'Warning' headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP\xa0messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3120 was patched at 2024-05-15

3586. Unknown Vulnerability Type - Kerberos (CVE-2014-8650) - Medium [285]

Description: {'vulners_cve_data_all': 'python-requests-Kerberos through 0.5 does not handle mutual authentication', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8650 was patched at 2024-05-15

3587. Unknown Vulnerability Type - Kerberos (CVE-2017-11462) - Medium [285]

Description: {'vulners_cve_data_all': 'Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11462 was patched at 2024-05-15

3588. Unknown Vulnerability Type - Kerberos (CVE-2021-40874) - Medium [285]

Description: {'vulners_cve_data_all': 'An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combination authentication plug-in, any password will be recognized as valid for an existing user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40874 was patched at 2024-05-15

3589. Unknown Vulnerability Type - Unknown Product (CVE-2007-6170) - Medium [285]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Asterisk CDR_PGSQL SQL注入漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6170 was patched at 2024-05-15

3590. Unknown Vulnerability Type - Unknown Product (CVE-2008-1103) - Medium [285]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in Blender have unknown impact and attack vectors, related to "temporary file issues."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Blender创建不安全临时文件漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1103 was patched at 2024-05-15

3591. Unknown Vulnerability Type - Unknown Product (CVE-2008-1218) - Medium [285]

Description: {'vulners_cve_data_all': 'Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] dovecot-disclose.txt, [seebug] Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit, [seebug] Dovecot IMAP 1.0.10 <= 1.1rc2 Remote Email Disclosure Exploit, [exploitpack] Dovecot IMAP 1.0.10 1.1rc2 - Remote Email Disclosure, [exploitdb] Dovecot IMAP 1.0.10 < 1.1rc2 - Remote Email Disclosure)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1218 was patched at 2024-05-15

3592. Unknown Vulnerability Type - Unknown Product (CVE-2008-3972) - Medium [285]

Description: {'vulners_cve_data_all': 'pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of CVE-2008-2235.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenSC CardOS M4智能卡不安全权限漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3972 was patched at 2024-05-15

3593. Unknown Vulnerability Type - Unknown Product (CVE-2009-0759) - Medium [285]

Description: {'vulners_cve_data_all': 'Multiple CRLF injection vulnerabilities in webadmin in ZNC before 0.066 allow remote authenticated users to modify the znc.conf configuration file and gain privileges via CRLF sequences in the quit message and other vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] ZNC Webadmin模块回车换行符注入漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0759 was patched at 2024-05-15

3594. Unknown Vulnerability Type - Unknown Product (CVE-2009-3580) - Medium [285]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password parameters in a preferences action.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] SQL-Ledger XSS / XSRF / SQL Injection / LFI)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3580 was patched at 2024-05-15

3595. Unknown Vulnerability Type - Unknown Product (CVE-2009-3582) - Medium [285]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] SQL-Ledger ERP多个输入验证和绕过安全限制漏洞, [packetstorm] SQL-Ledger XSS / XSRF / SQL Injection / LFI)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3582 was patched at 2024-05-15

3596. Unknown Vulnerability Type - Unknown Product (CVE-2009-4498) - Medium [285]

Description: {'vulners_cve_data_all': 'The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Zabbix Server Arbitrary Command Execution)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4498 was patched at 2024-05-15

3597. Unknown Vulnerability Type - Unknown Product (CVE-2010-0301) - Medium [285]

Description: {'vulners_cve_data_all': 'main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the .mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] maildrop 2.3.0本地权限提升漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0301 was patched at 2024-05-15

3598. Unknown Vulnerability Type - Unknown Product (CVE-2012-2095) - Medium [285]

Description: {'vulners_cve_data_all': 'The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Wicd 'SetWirelessProperty()'本地特权提升漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2095 was patched at 2024-05-15

3599. Unknown Vulnerability Type - Unknown Product (CVE-2013-2088) - Medium [285]

Description: {'vulners_cve_data_all': 'contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Subversion 1.6.61.6.12 - Code Execution, [seebug] Apache Subversion 命令注入漏洞(CVE-2013-2088), [zdt] Subversion 1.6.6 / 1.6.12 - Code Execution, [packetstorm] Subversion 1.6.6 / 1.6.12 Code Execution, [exploitdb] Subversion 1.6.6/1.6.12 - Code Execution)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2088 was patched at 2024-05-15

3600. Unknown Vulnerability Type - Unknown Product (CVE-2013-7050) - Medium [285]

Description: {'vulners_cve_data_all': 'The get_main_source_dir function in scripts/uscan.pl in devscripts before 2.13.8, when using USCAN_EXCLUSION, allows remote attackers to execute arbitrary commands via shell metacharacters in a directory name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Debian devscripts 'uscan'远程命令执行漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7050 was patched at 2024-05-15

3601. Unknown Vulnerability Type - Unknown Product (CVE-2013-7262) - Medium [285]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MapServer PostGIS TIME Filter SQL注入漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7262 was patched at 2024-05-15

3602. Unknown Vulnerability Type - Unknown Product (CVE-2014-7208) - Medium [285]

Description: {'vulners_cve_data_all': 'GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] G-Parted 0.14.1 Command Execution, [zdt] GParted 0.14.1 - OS Command Execution Vulnerability, [exploitpack] GParted 0.14.1 - OS Command Execution, [exploitdb] GParted 0.14.1 - OS Command Execution)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-7208 was patched at 2024-05-15

3603. Unknown Vulnerability Type - Unknown Product (CVE-2016-1549) - Medium [285]

Description: {'vulners_cve_data_all': 'A malicious authenticated peer can create arbitrarily-many ephemeral associations in order to win the clock selection algorithm in ntpd in NTP 4.2.8p4 and earlier and NTPsec 3e160db8dc248a0bcb053b56a80167dc742d2b74 and a5fb34b9cc89b92a8fef2f459004865c93bb7f92 and modify a victim's clock.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Network Time Protocol Ephemeral Association Time Spoofing Vulnerability(CVE-2016-1549))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1549 was patched at 2024-05-15

3604. Unknown Vulnerability Type - Unknown Product (CVE-2016-4484) - Medium [285]

Description: {'vulners_cve_data_all': 'The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([vulnerlab] CryptSetup Ubuntu 16.4 CVE2016-4484 - Privilege Escalate, [vulnerlab] CryptSetup Ubuntu 16.4 CVE2016-4484 - Privilege Escalate, [zdt] Cryptsetup 2:1.7.3-2 Root Initramfs Shell Vulnerability, [seebug] Cryptsetup Initrd LUKS root Shell privilege escalation vulnerability)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4484 was patched at 2024-05-15

3605. Unknown Vulnerability Type - Unknown Product (CVE-2018-8036) - Medium [285]

Description: {'vulners_cve_data_all': 'In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Apache PDFBox 1.8.14 / 2.0.10 Denial Of Service Vulnerability)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-8036 was patched at 2024-05-15

3606. Unknown Vulnerability Type - Unknown Product (CVE-2019-1010266) - Medium [285]

Description: {'vulners_cve_data_all': 'lodash prior to 4.17.11 is affected by: CWE-400: Uncontrolled Resource Consumption. The impact is: Denial of service. The component is: Date handler. The attack vector is: Attacker provides very long strings, which the library attempts to match using a regular expression. The fixed version is: 4.17.11.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Allocation of Resources Without Limits or Throttling in Lodash)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010266 was patched at 2024-05-15

3607. Unknown Vulnerability Type - Unknown Product (CVE-2019-6445) - Medium [285]

Description: {'vulners_cve_data_all': 'An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] NTPsec 1.1.2 - ntp_control Authenticated NULL Pointer Dereference Exploit, [exploitpack] NTPsec 1.1.2 - ntp_control (Authenticated) NULL Pointer Dereference (PoC), [packetstorm] NTPsec 1.1.2 ntp_control Null Pointer Dereference, [exploitdb] NTPsec 1.1.2 - 'ntp_control' (Authenticated) NULL Pointer Dereference (PoC))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6445 was patched at 2024-05-15

3608. Unknown Vulnerability Type - Unknown Product (CVE-2020-25265) - Medium [285]

Description: {'vulners_cve_data_all': 'AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Vulnerability in Appimage Libappimage)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25265 was patched at 2024-05-15

3609. Unknown Vulnerability Type - Unknown Product (CVE-2020-25860) - Medium [285]

Description: {'vulners_cve_data_all': 'The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Pengutronix Rauc)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25860 was patched at 2024-05-15

3610. Unknown Vulnerability Type - Unknown Product (CVE-2021-26197) - Medium [285]

Description: {'vulners_cve_data_all': 'An issue was discovered in JerryScript 2.4.0. There is a SEGV in main_print_unhandled_exception in main-utils.c file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26197 was patched at 2024-05-15

3611. Denial of Service - Apache ActiveMQ (CVE-2011-4905) - Medium [284]

Description: Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4905 was patched at 2024-05-15

3612. Denial of Service - Eclipse Mosquitto (CVE-2019-11778) - Medium [284]

Description: If an MQTT v5 client connects to Eclipse Mosquitto versions 1.6.0 to 1.6.4 inclusive, sets a last will and testament, sets a will delay interval, sets a session expiry interval, and the will delay interval is set longer than the session expiry interval, then a use after free error occurs, which has the potential to cause a crash in some situations.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Eclipse Mosquitto provides a lightweight server implementation of the MQTT protocol that is suitable for all situations from full power machines to embedded and low power machines
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11778 was patched at 2024-05-15

3613. Denial of Service - ImageMagick (CVE-2005-0759) - Medium [284]

Description: ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0759 was patched at 2024-05-15

3614. Denial of Service - ImageMagick (CVE-2005-0760) - Medium [284]

Description: The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0760 was patched at 2024-05-15

3615. Denial of Service - ImageMagick (CVE-2005-0761) - Medium [284]

Description: Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0761 was patched at 2024-05-15

3616. Denial of Service - ImageMagick (CVE-2005-1275) - Medium [284]

Description: Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1275 was patched at 2024-05-15

3617. Denial of Service - ImageMagick (CVE-2005-1739) - Medium [284]

Description: The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1739 was patched at 2024-05-15

3618. Denial of Service - Perl (CVE-2002-1175) - Medium [284]

Description: The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1175 was patched at 2024-05-15

3619. Denial of Service - Perl (CVE-2002-1593) - Medium [284]

Description: mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in a preforked multi-processing module.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1593 was patched at 2024-05-15

3620. Denial of Service - Perl (CVE-2003-0145) - Medium [284]

Description: Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0145 was patched at 2024-05-15

3621. Denial of Service - Perl (CVE-2003-0189) - Medium [284]

Description: The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0189 was patched at 2024-05-15

3622. Denial of Service - Perl (CVE-2003-0253) - Medium [284]

Description: The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0253 was patched at 2024-05-15

3623. Denial of Service - Perl (CVE-2003-0688) - Medium [284]

Description: The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdnsbl" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0688 was patched at 2024-05-15

3624. Denial of Service - Perl (CVE-2003-0777) - Medium [284]

Description: saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0777 was patched at 2024-05-15

3625. Denial of Service - Perl (CVE-2003-0778) - Medium [284]

Description: saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0778 was patched at 2024-05-15

3626. Denial of Service - Perl (CVE-2003-0792) - Medium [284]

Description: Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service (crash) via a certain email.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0792 was patched at 2024-05-15

3627. Denial of Service - Perl (CVE-2004-1343) - Medium [284]

Description: CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1343 was patched at 2024-05-15

3628. Denial of Service - Perl (CVE-2005-1127) - Medium [284]

Description: Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1127 was patched at 2024-05-15

3629. Denial of Service - Perl (CVE-2005-1267) - Medium [284]

Description: The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1267 was patched at 2024-05-15

3630. Denial of Service - Perl (CVE-2005-1279) - Medium [284]

Description: tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1279 was patched at 2024-05-15

3631. Denial of Service - Perl (CVE-2005-2917) - Medium [284]

Description: Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2917 was patched at 2024-05-15

3632. Denial of Service - Perl (CVE-2005-3573) - Medium [284]

Description: Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3573 was patched at 2024-05-15

3633. Denial of Service - Perl (CVE-2007-1662) - Medium [284]

Description: Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1662 was patched at 2024-05-15

3634. Denial of Service - Perl (CVE-2008-0983) - Medium [284]

Description: lighttpd 1.4.18, and possibly other versions before 1.5.0, does not properly calculate the size of a file descriptor array, which allows remote attackers to cause a denial of service (crash) via a large number of connections, which triggers an out-of-bounds access.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0983 was patched at 2024-05-15

3635. Denial of Service - Perl (CVE-2008-7280) - Medium [284]

Description: Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket Request System (OTRS) before 2.2.7 does not properly handle e-mail messages containing malformed UTF-8 characters, which allows remote attackers to cause a denial of service (e-mail retrieval outage) via a crafted message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7280 was patched at 2024-05-15

3636. Denial of Service - Perl (CVE-2009-0756) - Medium [284]

Description: The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and triggers an invalid memory dereference.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0756 was patched at 2024-05-15

3637. Denial of Service - Perl (CVE-2009-2661) - Medium [284]

Description: The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before 4.2.17, and 4.3 before 4.3.3 does not properly handle X.509 certificates with crafted Relative Distinguished Names (RDNs), which allows remote attackers to cause a denial of service (pluto IKE daemon crash) via malformed ASN.1 data. NOTE: this is due to an incomplete fix for CVE-2009-2185.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2661 was patched at 2024-05-15

3638. Denial of Service - Perl (CVE-2009-3085) - Medium [284]

Description: The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3085 was patched at 2024-05-15

3639. Denial of Service - Perl (CVE-2010-0969) - Medium [284]

Description: Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0969 was patched at 2024-05-15

3640. Denial of Service - Perl (CVE-2010-2432) - Medium [284]

Description: The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2432 was patched at 2024-05-15

3641. Denial of Service - Perl (CVE-2010-2534) - Medium [284]

Description: The NetworkSyncCommandQueue function in network/network_command.cpp in OpenTTD before 1.0.3 does not properly clear a pointer in a linked list, which allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted request, related to the client command queue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2534 was patched at 2024-05-15

3642. Denial of Service - Perl (CVE-2010-3476) - Medium [284]

Description: Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 does not properly handle the matching of Perl regular expressions against HTML e-mail messages, which allows remote attackers to cause a denial of service (CPU consumption) via a large message, a different vulnerability than CVE-2010-2080.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3476 was patched at 2024-05-15

3643. Denial of Service - Perl (CVE-2010-4767) - Medium [284]

Description: Open Ticket Request System (OTRS) before 2.3.6 does not properly handle e-mail messages in which the From line contains UTF-8 characters associated with diacritical marks and an invalid charset, which allows remote attackers to cause a denial of service (duplicate tickets and duplicate auto-responses) by sending a crafted message to a POP3 mailbox.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4767 was patched at 2024-05-15

3644. Denial of Service - Perl (CVE-2011-0015) - Medium [284]

Description: Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly check the amount of compression in zlib-compressed data, which allows remote attackers to cause a denial of service via a large compression factor.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0015 was patched at 2024-05-15

3645. Denial of Service - Perl (CVE-2011-0431) - Medium [284]

Description: The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel module in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions does not properly handle errors, which allows attackers to cause a denial of service via unknown vectors. NOTE: some of these details are obtained from third party information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0431 was patched at 2024-05-15

3646. Denial of Service - Perl (CVE-2011-1753) - Medium [284]

Description: expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1753 was patched at 2024-05-15

3647. Denial of Service - Perl (CVE-2011-1756) - Medium [284]

Description: modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1756 was patched at 2024-05-15

3648. Denial of Service - Perl (CVE-2011-1947) - Medium [284]

Description: fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1947 was patched at 2024-05-15

3649. Denial of Service - Perl (CVE-2011-2188) - Medium [284]

Description: LuaExpat before 1.2.0 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2188 was patched at 2024-05-15

3650. Denial of Service - Perl (CVE-2011-2205) - Medium [284]

Description: Prosody before 0.8.1 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2205 was patched at 2024-05-15

3651. Denial of Service - Perl (CVE-2011-2529) - Medium [284]

Description: chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x before 1.6.2.18.1 and 1.8.x before 1.8.4.3 does not properly handle '\0' characters in SIP packets, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2529 was patched at 2024-05-15

3652. Denial of Service - Perl (CVE-2011-2721) - Medium [284]

Description: Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2721 was patched at 2024-05-15

3653. Denial of Service - Perl (CVE-2011-4957) - Medium [284]

Description: The make_clickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service (crash) via a comment with a crafted URL that triggers many recursive calls.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4957 was patched at 2024-05-15

3654. Denial of Service - Perl (CVE-2011-5055) - Medium [284]

Description: MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-5055 was patched at 2024-05-15

3655. Denial of Service - Perl (CVE-2012-1152) - Medium [284]

Description: Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1152 was patched at 2024-05-15

3656. Denial of Service - Perl (CVE-2012-3421) - Medium [284]

Description: The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3421 was patched at 2024-05-15

3657. Denial of Service - Perl (CVE-2012-3436) - Medium [284]

Description: OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to clear a water tile, which allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a certain sequence of steps related to "the water/coast aspect of tiles which also have railtracks on one half."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3436 was patched at 2024-05-15

3658. Denial of Service - Perl (CVE-2012-3518) - Medium [284]

Description: The networkstatus_parse_vote_from_string function in routerparse.c in Tor before 0.2.2.38 does not properly handle an invalid flavor name, which allows remote attackers to cause a denial of service (out-of-bounds read and daemon crash) via a crafted (1) vote document or (2) consensus document.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3518 was patched at 2024-05-15

3659. Denial of Service - Perl (CVE-2012-4419) - Medium [284]

Description: The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a zero-valued port field that is not properly handled during policy comparison.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4419 was patched at 2024-05-15

3660. Denial of Service - Perl (CVE-2012-4538) - Medium [284]

Description: The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not properly check the pagetable state when running on shadow pagetables, which allows a local HVM guest OS to cause a denial of service (hypervisor crash) via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4538 was patched at 2024-05-15

3661. Denial of Service - Perl (CVE-2012-4922) - Medium [284]

Description: The tor_timegm function in common/util.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.22-rc, does not properly validate time values, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed directory object, a different vulnerability than CVE-2012-4419.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4922 was patched at 2024-05-15

3662. Denial of Service - Perl (CVE-2012-5510) - Medium [284]

Description: Xen 4.x, when downgrading the grant table version, does not properly remove the status page from the tracking list when freeing the page, which allows local guest OS administrators to cause a denial of service (hypervisor crash) via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5510 was patched at 2024-05-15

3663. Denial of Service - Perl (CVE-2012-5514) - Medium [284]

Description: The guest_physmap_mark_populate_on_demand function in Xen 4.2 and earlier does not properly unlock the subject GFNs when checking if they are in use, which allows local guest HVM administrators to cause a denial of service (hang) via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5514 was patched at 2024-05-15

3664. Denial of Service - Perl (CVE-2013-1919) - Medium [284]

Description: Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1919 was patched at 2024-05-15

3665. Denial of Service - Perl (CVE-2013-2125) - Medium [284]

Description: OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2125 was patched at 2024-05-15

3666. Denial of Service - Perl (CVE-2013-2686) - Medium [284]

Description: main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2686 was patched at 2024-05-15

3667. Denial of Service - Perl (CVE-2014-3243) - Medium [284]

Description: SOAPpy 0.12.5 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted SOAP request containing a large number of nested entity references.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3243 was patched at 2024-05-15

3668. Denial of Service - Perl (CVE-2014-4044) - Medium [284]

Description: OpenAFS 1.6.8 does not properly clear the fields in the host structure, which allows remote attackers to cause a denial of service (uninitialized memory access and crash) via unspecified vectors related to TMAY requests.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4044 was patched at 2024-05-15

3669. Denial of Service - Perl (CVE-2014-4715) - Medium [284]

Description: Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run, a different vulnerability than CVE-2014-4611.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4715 was patched at 2024-05-15

3670. Denial of Service - Perl (CVE-2014-7250) - Medium [284]

Description: The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly 2.0, and OpenBSD possibly 3.6, does not properly implement the session timer, which allows remote attackers to cause a denial of service (resource consumption) via crafted packets.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-7250 was patched at 2024-05-15

3671. Denial of Service - Perl (CVE-2014-8124) - Medium [284]

Description: OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before 2014.2.1 does not properly handle session records when using a db or memcached session engine, which allows remote attackers to cause a denial of service via a large number of requests to the login page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8124 was patched at 2024-05-15

3672. Denial of Service - Perl (CVE-2014-8414) - Medium [284]

Description: ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial of service (channel hang and memory consumption) by causing transitions to be delayed, which triggers a state change from hung up to waiting for media.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8414 was patched at 2024-05-15

3673. Denial of Service - Perl (CVE-2014-9066) - Medium [284]

Description: Xen 4.4.x and earlier, when using a large number of VCPUs, does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability than CVE-2014-9065.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9066 was patched at 2024-05-15

3674. Denial of Service - Perl (CVE-2017-1000122) - Medium [284]

Description: The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release assertion) of the UI process. This vulnerability does not affect Apple products.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000122 was patched at 2024-05-15

3675. Denial of Service - Python (CVE-2006-0052) - Medium [284]

Description: The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0052 was patched at 2024-05-15

3676. Denial of Service - Python (CVE-2008-6549) - Medium [284]

Description: The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6549 was patched at 2024-05-15

3677. Denial of Service - Python (CVE-2010-3492) - Medium [284]

Description: The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3492 was patched at 2024-05-15

3678. Denial of Service - Python (CVE-2011-1156) - Medium [284]

Description: feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0.1 allows remote attackers to cause a denial of service (application crash) via a malformed DOCTYPE declaration.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1156 was patched at 2024-05-15

3679. Denial of Service - Python (CVE-2011-4137) - Medium [284]

Description: The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service (resource consumption) via a URL associated with (1) a slow response, (2) a completed TCP connection with no application data sent, or (3) a large amount of application data, a related issue to CVE-2011-1521.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4137 was patched at 2024-05-15

3680. Denial of Service - Python (CVE-2013-1664) - Medium [284]

Description: The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1664 was patched at 2024-05-15

3681. Denial of Service - Python (CVE-2013-2131) - Medium [284]

Description: Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2131 was patched at 2024-05-15

3682. Denial of Service - Roundcube (CVE-2011-4078) - Medium [284]

Description: include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET request for an arbitrary URL, and cause a denial of service (resource consumption and inbox outage), via a Subject header containing only a URL, a related issue to CVE-2011-3379.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4078 was patched at 2024-05-15

3683. Denial of Service - Wireshark (CVE-2006-3627) - Medium [284]

Description: Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (aka Ethereal) 0.10.11 to 0.99.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3627 was patched at 2024-05-15

3684. Denial of Service - Wireshark (CVE-2006-3631) - Medium [284]

Description: Unspecified vulnerability in the SSH dissector in Wireshark (aka Ethereal) 0.9.10 to 0.99.0 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3631 was patched at 2024-05-15

3685. Denial of Service - Wireshark (CVE-2006-4331) - Medium [284]

Description: Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4331 was patched at 2024-05-15

3686. Denial of Service - Wireshark (CVE-2006-4333) - Medium [284]

Description: The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4333 was patched at 2024-05-15

3687. Denial of Service - Wireshark (CVE-2006-4805) - Medium [284]

Description: epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4805 was patched at 2024-05-15

3688. Denial of Service - Wireshark (CVE-2006-5468) - Medium [284]

Description: Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5468 was patched at 2024-05-15

3689. Denial of Service - Wireshark (CVE-2006-5469) - Medium [284]

Description: Unspecified vulnerability in the WBXML dissector in Wireshark (formerly Ethereal) 0.10.11 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger a null dereference.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5469 was patched at 2024-05-15

3690. Denial of Service - Wireshark (CVE-2006-5740) - Medium [284]

Description: Unspecified vulnerability in the LDAP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via a crafted LDAP packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5740 was patched at 2024-05-15

3691. Denial of Service - Wireshark (CVE-2008-3139) - Medium [284]

Description: The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3139 was patched at 2024-05-15

3692. Denial of Service - Wireshark (CVE-2008-3140) - Medium [284]

Description: The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3140 was patched at 2024-05-15

3693. Denial of Service - Wireshark (CVE-2009-2559) - Medium [284]

Description: Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2559 was patched at 2024-05-15

3694. Denial of Service - Wireshark (CVE-2009-2561) - Medium [284]

Description: Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2561 was patched at 2024-05-15

3695. Denial of Service - Wireshark (CVE-2010-2992) - Medium [284]

Description: packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through 1.2.9 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2992 was patched at 2024-05-15

3696. Denial of Service - Wireshark (CVE-2010-2993) - Medium [284]

Description: The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2993 was patched at 2024-05-15

3697. Denial of Service - Wireshark (CVE-2011-1142) - Medium [284]

Description: Stack consumption vulnerability in the dissect_ber_choice function in the BER dissector in Wireshark 1.2.x through 1.2.15 and 1.4.x through 1.4.4 might allow remote attackers to cause a denial of service (infinite loop) via vectors involving self-referential ASN.1 CHOICE values.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1142 was patched at 2024-05-15

3698. Denial of Service - Wireshark (CVE-2012-1596) - Medium [284]

Description: The mp2t_process_fragmented_payload function in epan/dissectors/packet-mp2t.c in the MP2T dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (application crash) via a packet containing an invalid pointer value that triggers an incorrect memory-allocation attempt.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1596 was patched at 2024-05-15

3699. Denial of Service - Wireshark (CVE-2012-4287) - Medium [284]

Description: epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a small value for a BSON document length.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4287 was patched at 2024-05-15

3700. Denial of Service - Wireshark (CVE-2013-2488) - Medium [284]

Description: The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not validate the fragment offset before invoking the reassembly state machine, which allows remote attackers to cause a denial of service (application crash) via a large offset value that triggers write access to an invalid memory location.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2488 was patched at 2024-05-15

3701. Denial of Service - Wireshark (CVE-2013-4920) - Medium [284]

Description: The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4920 was patched at 2024-05-15

3702. Denial of Service - Wireshark (CVE-2013-4921) - Medium [284]

Description: Off-by-one error in the dissect_radiotap function in epan/dissectors/packet-ieee80211-radiotap.c in the Radiotap dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4921 was patched at 2024-05-15

3703. Denial of Service - Wireshark (CVE-2013-4922) - Medium [284]

Description: Double free vulnerability in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4922 was patched at 2024-05-15

3704. Denial of Service - Wireshark (CVE-2013-4923) - Medium [284]

Description: Memory leak in the dissect_dcom_ActivationProperties function in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (memory consumption) via crafted packets.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4923 was patched at 2024-05-15

3705. Denial of Service - Wireshark (CVE-2013-4924) - Medium [284]

Description: epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly validate certain index values, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4924 was patched at 2024-05-15

3706. Denial of Service - Wireshark (CVE-2013-4925) - Medium [284]

Description: Integer signedness error in epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4925 was patched at 2024-05-15

3707. Denial of Service - Wireshark (CVE-2013-4926) - Medium [284]

Description: epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator dissector in Wireshark 1.10.x before 1.10.1 does not properly determine whether there is remaining packet data to process, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4926 was patched at 2024-05-15

3708. Denial of Service - Wireshark (CVE-2015-0559) - Medium [284]

Description: Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0559 was patched at 2024-05-15

3709. Denial of Service - Wireshark (CVE-2015-0560) - Medium [284]

Description: The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0560 was patched at 2024-05-15

3710. Denial of Service - Wireshark (CVE-2015-0561) - Medium [284]

Description: asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0561 was patched at 2024-05-15

3711. Denial of Service - Wireshark (CVE-2015-2187) - Medium [284]

Description: The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2187 was patched at 2024-05-15

3712. Denial of Service - Wireshark (CVE-2015-2190) - Medium [284]

Description: epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2190 was patched at 2024-05-15

3713. Denial of Service - Wireshark (CVE-2015-2192) - Medium [284]

Description: Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length field in a packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2192 was patched at 2024-05-15

3714. Denial of Service - Wireshark (CVE-2020-26419) - Medium [284]

Description: Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-26419 was patched at 2024-05-15

3715. Denial of Service - Wireshark (CVE-2020-26420) - Medium [284]

Description: Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-26420 was patched at 2024-05-15

3716. Incorrect Calculation - Perl (CVE-2021-41253) - Medium [284]

Description: Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in `zycore` in order to append untrusted user data to the formatter buffer within their custom formatter hooks can run into heap buffer overflows. Older versions of Zydis failed to properly initialize the string object within the formatter buffer, forgetting to initialize a few fields, leaving their value to chance. This could then in turn cause zycore functions like `ZyanStringAppend` to make incorrect calculations for the new target size, resulting in heap memory corruption. This does not affect the regular uncustomized Zydis formatter, because Zydis internally doesn't use the string functions in zycore that act upon these fields. However, because the zycore string functions are the intended way to work with the formatter buffer for users of the library that wish to extend the formatter, we still consider this to be a vulnerability in Zydis. This bug is patched starting in version 3.2.1. As a workaround, users may refrain from using zycore string functions in their formatter hooks until updating to a patched version.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41253 was patched at 2024-05-15

3717. Memory Corruption - Exim (CVE-2022-37451) - Medium [284]

Description: {'vulners_cve_data_all': 'Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Exim is a mail transfer agent (MTA) used on Unix-like operating systems
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-37451 was patched at 2024-05-15

3718. Memory Corruption - FreeRDP (CVE-2019-17178) - Medium [284]

Description: HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17178 was patched at 2024-05-15

3719. Memory Corruption - FreeRDP (CVE-2024-32661) - Medium [284]

Description: {'vulners_cve_data_all': 'FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32661 was patched at 2024-05-15

ubuntu: CVE-2024-32661 was patched at 2024-04-25, 2024-04-29

3720. Memory Corruption - FreeRDP (CVE-2024-32662) - Medium [284]

Description: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

ubuntu: CVE-2024-32662 was patched at 2024-04-29

3721. Memory Corruption - ImageMagick (CVE-2014-9825) - Medium [284]

Description: Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9825 was patched at 2024-05-15

3722. Memory Corruption - ImageMagick (CVE-2017-14137) - Medium [284]

Description: {'vulners_cve_data_all': 'ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue where memory allocation is excessive because it depends only on a length field in a header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14137 was patched at 2024-05-15

3723. Memory Corruption - ImageMagick (CVE-2017-5509) - Medium [284]

Description: coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5509 was patched at 2024-05-15

3724. Memory Corruption - Wireshark (CVE-2017-13766) - Medium [284]

Description: In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could crash with an out-of-bounds write. This was addressed in plugins/profinet/packet-dcerpc-pn-io.c by adding string validation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-13766 was patched at 2024-05-15

3725. Memory Corruption - Wireshark (CVE-2018-11360) - Medium [284]

Description: In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11360 was patched at 2024-05-15

3726. Memory Corruption - Wireshark (CVE-2018-11361) - Medium [284]

Description: In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11361 was patched at 2024-05-15

3727. Memory Corruption - Wireshark (CVE-2018-9264) - Medium [284]

Description: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector could crash with a heap-based buffer overflow. This was addressed in epan/dissectors/packet-adb.c by checking for a length inconsistency.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-9264 was patched at 2024-05-15

3728. Memory Corruption - Wireshark (CVE-2018-9266) - Medium [284]

Description: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-isup.c has a memory leak.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-9266 was patched at 2024-05-15

3729. Memory Corruption - Wireshark (CVE-2018-9271) - Medium [284]

Description: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-multipart.c has a memory leak.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-9271 was patched at 2024-05-15

3730. Memory Corruption - Wireshark (CVE-2018-9272) - Medium [284]

Description: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-h223.c has a memory leak.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-9272 was patched at 2024-05-15

3731. Memory Corruption - Wireshark (CVE-2018-9273) - Medium [284]

Description: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-9273 was patched at 2024-05-15

3732. Memory Corruption - Wireshark (CVE-2018-9274) - Medium [284]

Description: In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-9274 was patched at 2024-05-15

3733. Memory Corruption - Wireshark (CVE-2020-25866) - Medium [284]

Description: {'vulners_cve_data_all': 'In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25866 was patched at 2024-05-15

3734. Path Traversal - Perl (CVE-2006-4731) - Medium [284]

Description: Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4731 was patched at 2024-05-15

3735. Path Traversal - Perl (CVE-2015-2060) - Medium [284]

Description: cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2060 was patched at 2024-05-15

3736. Path Traversal - Python (CVE-2023-40587) - Medium [284]

Description: Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be disclosed accidentally is `index.html`. Pyramid version 2.0.2 rejects any path that contains a null-byte out of caution. While valid in directory/file names, we would strongly consider it a mistake to use null-bytes in naming files/directories. Secondly, Python 3.11, and 3.12 has fixed the underlying issue in `os.path.normpath` to no longer truncate on the first `0x00` found, returning the behavior to pre-3.11 Python, un an as of yet unreleased version. Fixes will be available in:Python 3.12.0rc2 and 3.11.5. Some workarounds are available. Use a version of Python 3 that is not affected, downgrade to Python 3.10 series temporarily, or wait until Python 3.11.5 is released and upgrade to the latest version of Python 3.11 series.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-40587 was patched at 2024-05-15

3737. Information Disclosure - Perl (CVE-2006-1045) - Medium [283]

Description: The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1045 was patched at 2024-05-15

3738. Information Disclosure - Roundcube (CVE-2011-1491) - Medium [283]

Description: The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a "login CSRF" issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1491 was patched at 2024-05-15

3739. Authentication Bypass - Unknown Product (CVE-2022-24976) - Medium [282]

Description: {'vulners_cve_data_all': 'Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24976 was patched at 2024-05-15

3740. Denial of Service - GNOME desktop (CVE-2013-2190) - Medium [282]

Description: The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which causes the gnome-shell to crash and allows physically proximate attackers to access the previous gnome-shell session via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2190 was patched at 2024-05-15

3741. Denial of Service - GNOME desktop (CVE-2013-7273) - Medium [282]

Description: GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a user name.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7273 was patched at 2024-05-15

3742. Denial of Service - RPC (CVE-2013-4292) - Medium [282]

Description: libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of service (memory consumption) via a large number of domain migrate parameters in certain RPC calls in (1) daemon/remote.c and (2) remote/remote_driver.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4292 was patched at 2024-05-15

3743. Memory Corruption - APT (CVE-2013-1064) - Medium [282]

Description: apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1064 was patched at 2024-05-15

3744. Memory Corruption - GNU C Library (CVE-2021-3470) - Medium [282]

Description: {'vulners_cve_data_all': 'A heap overflow issue was found in Redis in versions before 5.0.10, before 6.0.9 and before 6.2.0 when using a heap allocator other than jemalloc or glibc's malloc, leading to potential out of bound write or process crash. Effectively this flaw does not affect the vast majority of users, who use jemalloc or glibc malloc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3470 was patched at 2024-05-15

3745. Memory Corruption - Mozilla Firefox (CVE-2006-1742) - Medium [282]

Description: The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1742 was patched at 2024-05-15

3746. Code Injection - Unknown Product (CVE-2021-27021) - Medium [280]

Description: {'vulners_cve_data_all': 'A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-27021 was patched at 2024-05-15

3747. Code Injection - Unknown Product (CVE-2023-26032) - Medium [280]

Description: {'vulners_cve_data_all': 'ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain SQL Injection via malicious jason web token. The Username field of the JWT token was trusted when performing an SQL query to load the user. If an attacker could determine the HASH key used by ZoneMinder, they could generate a malicious JWT token and use it to execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26032 was patched at 2024-05-15

3748. Command Injection - Unknown Product (CVE-2013-2024) - Medium [280]

Description: {'vulners_cve_data_all': 'OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2024 was patched at 2024-05-15

3749. Command Injection - Unknown Product (CVE-2016-5397) - Medium [280]

Description: {'vulners_cve_data_all': 'The Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. Affected Apache Thrift 0.9.3 and older, Fixed in Apache Thrift 0.10.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5397 was patched at 2024-05-15

3750. Command Injection - Unknown Product (CVE-2016-7051) - Medium [280]

Description: {'vulners_cve_data_all': 'XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7051 was patched at 2024-05-15

3751. Command Injection - Unknown Product (CVE-2017-1000190) - Medium [280]

Description: {'vulners_cve_data_all': 'SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000190 was patched at 2024-05-15

3752. Command Injection - Unknown Product (CVE-2022-30321) - Medium [280]

Description: {'vulners_cve_data_all': 'go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-30321 was patched at 2024-05-15

3753. Cross Site Scripting - Git (CVE-2021-38559) - Medium [280]

Description: DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38559 was patched at 2024-05-15

3754. Cross Site Scripting - Git (CVE-2022-2523) - Medium [280]

Description: Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2523 was patched at 2024-05-15

3755. Cross Site Scripting - Git (CVE-2022-2589) - Medium [280]

Description: Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.3.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2589 was patched at 2024-05-15

debian: CVE-2022-25896 was patched at 2024-05-15

3756. XXE Injection - Unknown Product (CVE-2015-1832) - Medium [280]

Description: {'vulners_cve_data_all': 'XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1832 was patched at 2024-05-15

3757. XXE Injection - Unknown Product (CVE-2016-10127) - Medium [280]

Description: {'vulners_cve_data_all': 'PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10127 was patched at 2024-05-15

3758. Denial of Service - Libarchive (CVE-2015-8927) - Medium [279]

Description: The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Multi-format archive and compression library
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8927 was patched at 2024-05-15

3759. Denial of Service - Libarchive (CVE-2015-8929) - Medium [279]

Description: Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Multi-format archive and compression library
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8929 was patched at 2024-05-15

3760. Denial of Service - TLS (CVE-2021-44718) - Medium [279]

Description: wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TLS
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44718 was patched at 2024-05-15

3761. Denial of Service - TLS (CVE-2021-46853) - Medium [279]

Description: Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TLS
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46853 was patched at 2024-05-15

3762. Denial of Service - TRIE (CVE-2023-45680) - Medium [279]

Description: stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45680 was patched at 2024-05-15

3763. Denial of Service - TRIE (CVE-2024-25112) - Medium [279]

Description: Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25112 was patched at 2024-05-15

3764. Denial of Service - libjpeg (CVE-2012-2845) - Medium [279]

Description: Integer overflow in the jpeg_data_load_data function in jpeg-data.c in libjpeg in exif 0.6.20 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain potentially sensitive information via a crafted JPEG file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2845 was patched at 2024-05-15

3765. Information Disclosure - TRIE (CVE-2007-5934) - Medium [279]

Description: The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5934 was patched at 2024-05-15

3766. Memory Corruption - FRRouting (CVE-2023-41359) - Medium [279]

Description: An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514Free Range Routing or FRRouting or FRR is a network routing software suite running on Unix-like platforms, particularly Linux, Solaris, OpenBSD, FreeBSD and NetBSD
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-41359 was patched at 2024-04-30

oraclelinux: CVE-2023-41359 was patched at 2024-05-02

redhat: CVE-2023-41359 was patched at 2024-04-30

3767. Path Traversal - Docker (CVE-2016-7569) - Medium [279]

Description: Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.514Docker
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7569 was patched at 2024-05-15

3768. Security Feature Bypass - Unknown Product (CVE-2013-4366) - Medium [279]

Description: {'vulners_cve_data_all': 'http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4366 was patched at 2024-05-15

3769. Security Feature Bypass - Unknown Product (CVE-2020-1953) - Medium [279]

Description: {'vulners_cve_data_all': 'Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control of the host application.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-1953 was patched at 2024-05-15

3770. Security Feature Bypass - Unknown Product (CVE-2020-26892) - Medium [279]

Description: {'vulners_cve_data_all': 'The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-26892 was patched at 2024-05-15

3771. Security Feature Bypass - Unknown Product (CVE-2023-35853) - Medium [279]

Description: {'vulners_cve_data_all': 'In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-35853 was patched at 2024-05-15

3772. Cross Site Scripting - Internet Explorer (CVE-2011-4345) - Medium [278]

Description: Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when Internet Explorer 6 or 7 is used, allows remote attackers to inject arbitrary web script or HTML via a cookie.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4345 was patched at 2024-05-15

3773. Cross Site Scripting - Internet Explorer (CVE-2012-0287) - Medium [278]

Description: Cross-site scripting (XSS) vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected" feature.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0287 was patched at 2024-05-15

3774. Cross Site Scripting - Internet Explorer (CVE-2012-1253) - Medium [278]

Description: Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image attachment.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1253 was patched at 2024-05-15

3775. Cross Site Scripting - Perl (CVE-2011-0728) - Medium [278]

Description: Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0728 was patched at 2024-05-15

3776. Cross Site Scripting - Perl (CVE-2011-3591) - Medium [278]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to (1) js/functions.js and (2) js/tbl_structure.js.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3591 was patched at 2024-05-15

3777. Cross Site Scripting - Perl (CVE-2011-3592) - Medium [278]

Description: Multiple cross-site scripting (XSS) vulnerabilities in the PMA_unInlineEditRow function in js/sql.js in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a (1) database name, (2) table name, or (3) column name that is not properly handled after an inline-editing operation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3592 was patched at 2024-05-15

3778. Cross Site Scripting - Perl (CVE-2012-3383) - Medium [278]

Description: The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3383 was patched at 2024-05-15

3779. Cross Site Scripting - Perl (CVE-2014-4348) - Medium [278]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4348 was patched at 2024-05-15

3780. Cross Site Scripting - Perl (CVE-2014-4954) - Medium [278]

Description: Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4954 was patched at 2024-05-15

3781. Cross Site Scripting - Perl (CVE-2014-4955) - Medium [278]

Description: Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4955 was patched at 2024-05-15

3782. Cross Site Scripting - Perl (CVE-2014-4986) - Medium [278]

Description: Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4986 was patched at 2024-05-15

3783. Cross Site Scripting - Perl (CVE-2014-7217) - Medium [278]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-7217 was patched at 2024-05-15

3784. Cross Site Scripting - Perl (CVE-2015-0862) - Medium [278]

Description: Multiple cross-site scripting (XSS) vulnerabilities in the management web UI in the RabbitMQ management plugin before 3.4.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) message details when a message is unqueued, such as headers or arguments; (2) policy names, which are not properly handled when viewing policies; (3) details for AMQP network clients, such as the version; allow remote authenticated administrators to inject arbitrary web script or HTML via (4) user names, (5) the cluster name; or allow RabbitMQ cluster administrators to (6) modify unspecified content.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0862 was patched at 2024-05-15

3785. Cross Site Scripting - Perl (CVE-2015-5667) - Medium [278]

Description: Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5667 was patched at 2024-05-15

3786. Cross Site Scripting - Roundcube (CVE-2015-8105) - Medium [278]

Description: Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name in a drag-n-drop file upload.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8105 was patched at 2024-05-15

3787. Denial of Service - Curl (CVE-2020-19909) - Medium [277]

Description: Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-19909 was patched at 2024-05-15

3788. Denial of Service - MediaWiki (CVE-2015-8001) - Medium [277]

Description: The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file size.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8001 was patched at 2024-05-15

3789. Denial of Service - QEMU (CVE-2013-4375) - Medium [277]

Description: The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.310CVSS Base Score is 2.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4375 was patched at 2024-05-15

3790. Memory Corruption - BIND (CVE-2021-45935) - Medium [277]

Description: Grok 9.5.0 has a heap-based buffer overflow in openhtj2k::T1OpenHTJ2K::decompress (called from std::__1::__packaged_task_func<std::__1::__bind<grk::T1DecompressScheduler::deco and std::__1::packaged_task<int).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45935 was patched at 2024-05-15

3791. Memory Corruption - FFmpeg (CVE-2016-7555) - Medium [277]

Description: The avi_read_header function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to memory leak when decoding an AVI file that has a crafted "strh" structure.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7555 was patched at 2024-05-15

3792. Memory Corruption - vim (CVE-2021-3875) - Medium [277]

Description: vim is vulnerable to Heap-based Buffer Overflow

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714Vim is a free and open-source, screen-based text editor program
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3875 was patched at 2024-05-15

3793. Security Feature Bypass - Curl (CVE-2024-2379) - Medium [277]

Description: {'vulners_cve_data_all': 'libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-2379 was patched at 2024-05-15

3794. Arbitrary File Writing - GDI (CVE-2005-3331) - Medium [276]

Description: viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common0.514GDI
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3331 was patched at 2024-05-15

3795. Arbitrary File Writing - Unknown Product (CVE-2010-2452) - Medium [276]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2452 was patched at 2024-05-15

3796. Denial of Service - Git (CVE-2022-1534) - Medium [275]

Description: Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Git
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1534 was patched at 2024-05-15

3797. Denial of Service - Linux Kernel (CVE-2021-47210) - Medium [275]

Description: In the Linux kernel, the following vulnerability has been resolved: usb: typec: tipd: Remove WARN_ON in tps6598x_block_read Calling tps6598x_block_read with a higher than allowed len can be handled by just returning an error. There's no need to crash systems with panic-on-warn enabled.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47210 was patched at 2024-05-15

3798. Denial of Service - Linux Kernel (CVE-2022-48630) - Medium [275]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ\n\nThe commit referenced in the Fixes tag removed the 'break' from the else\nbranch in qcom_rng_read(), causing an infinite loop whenever 'max' is\nnot a multiple of WORD_SZ. This can be reproduced e.g. by running:\n\n kcapi-rng -b 67 >/dev/null\n\nThere are many ways to fix this without adding back the 'break', but\nthey all seem more awkward than simply adding it back, so do just that.\n\nTested on a machine with Qualcomm Amberwing processor.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48630 was patched at 2024-05-15

3799. Denial of Service - Linux Kernel (CVE-2022-48644) - Medium [275]

Description: In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc->destroy() gets called even if qdisc->init() never succeeded, not exclusively since commit 87b60cfacf9f ("net_sched: fix error recovery at qdisc creation"), but apparently also earlier (in the case of qdisc_create_dflt()). The taprio qdisc does not fully acknowledge this when it attempts full offload, because it starts off with q->flags = TAPRIO_FLAGS_INVALID in taprio_init(), then it replaces q->flags with TCA_TAPRIO_ATTR_FLAGS parsed from netlink (in taprio_change(), tail called from taprio_init()). But in taprio_destroy(), we call taprio_disable_offload(), and this determines what to do based on FULL_OFFLOAD_IS_ENABLED(q->flags). But looking at the implementation of FULL_OFFLOAD_IS_ENABLED() (a bitwise check of bit 1 in q->flags), it is invalid to call this macro on q->flags when it contains TAPRIO_FLAGS_INVALID, because that is set to U32_MAX, and therefore FULL_OFFLOAD_IS_ENABLED() will return true on an invalid set of flags. As a result, it is possible to crash the kernel if user space forces an error between setting q->flags = TAPRIO_FLAGS_INVALID, and the calling of taprio_enable_offload(). This is because drivers do not expect the offload to be disabled when it was never enabled. The error that we force here is to attach taprio as a non-root qdisc, but instead as child of an mqprio root qdisc: $ tc qdisc add dev swp0 root handle 1: \ mqprio num_tc 8 map 0 1 2 3 4 5 6 7 \ queues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 hw 0 $ tc qdisc replace dev swp0 parent 1:1 \ taprio num_tc 8 map 0 1 2 3 4 5 6 7 \ queues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 base-time 0 \ sched-entry S 0x7f 990000 sched-entry S 0x80 100000 \ flags 0x0 clockid CLOCK_TAI Unable to handle kernel paging request at virtual address fffffffffffffff8 [fffffffffffffff8] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 96000004 [#1] PREEMPT SMP Call trace: taprio_dump+0x27c/0x310 vsc9959_port_setup_tc+0x1f4/0x460 felix_port_setup_tc+0x24/0x3c dsa_slave_setup_tc+0x54/0x27c taprio_disable_offload.isra.0+0x58/0xe0 taprio_destroy+0x80/0x104 qdisc_create+0x240/0x470 tc_modify_qdisc+0x1fc/0x6b0 rtnetlink_rcv_msg+0x12c/0x390 netlink_rcv_skb+0x5c/0x130 rtnetlink_rcv+0x1c/0x2c Fix this by keeping track of the operations we made, and undo the offload only if we actually did it. I've added "bool offloaded" inside a 4 byte hole between "int clockid" and "atomic64_t picos_per_byte". Now the first cache line looks like below: $ pahole -C taprio_sched net/sched/sch_taprio.o struct taprio_sched { struct Qdisc * * qdiscs; /* 0 8 */ struct Qdisc * root; /* 8 8 */ u32 flags; /* 16 4 */ enum tk_offsets tk_offset; /* 20 4 */ int clockid; /* 24 4 */ bool offloaded; /* 28 1 */ /* XXX 3 bytes hole, try to pack */ atomic64_t picos_per_byte; /* 32 0 */ /* XXX 8 bytes hole, try to pack */ spinlock_t current_entry_lock; /* 40 0 */ /* XXX 8 bytes hole, try to pack */ struct sched_entry * current_entry; /* 48 8 */ struct sched_gate_list * oper_sched; /* 56 8 */ /* --- cacheline 1 boundary (64 bytes) --- */

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48644 was patched at 2024-05-15

3800. Denial of Service - Linux Kernel (CVE-2023-52494) - Medium [275]

Description: In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Add alignment check for event ring read pointer Though we do check the event ring read pointer by "is_valid_ring_ptr" to make sure it is in the buffer range, but there is another risk the pointer may be not aligned. Since we are expecting event ring elements are 128 bits(struct mhi_ring_element) aligned, an unaligned read pointer could lead to multiple issues like DoS or ring buffer memory corruption. So add a alignment check for event ring read pointer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52494 was patched at 2024-05-15

ubuntu: CVE-2023-52494 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

3801. Denial of Service - Linux Kernel (CVE-2023-52569) - Medium [275]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: remove BUG() after failure to insert delayed dir index item\n\nInstead of calling BUG() when we fail to insert a delayed dir index item\ninto the delayed node's tree, we can just release all the resources we\nhave allocated/acquired before and return the error to the caller. This is\nfine because all existing call chains undo anything they have done before\ncalling btrfs_insert_delayed_dir_index() or BUG_ON (when creating pending\nsnapshots in the transaction commit path).\n\nSo remove the BUG() call and do proper error handling.\n\nThis relates to a syzbot report linked below, but does not fix it because\nit only prevents hitting a BUG(), it does not fix the issue where somehow\nwe attempt to use twice the same index number for different index items.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52569 was patched at 2024-05-15

3802. Denial of Service - Linux Kernel (CVE-2023-7042) - Medium [275]

Description: A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-7042 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-7042 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

3803. Denial of Service - Linux Kernel (CVE-2024-0639) - Medium [275]

Description: A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-0639 was patched at 2024-05-15

ubuntu: CVE-2024-0639 was patched at 2024-04-19

3804. Denial of Service - Linux Kernel (CVE-2024-25741) - Medium [275]

Description: printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25741 was patched at 2024-05-15

3805. Denial of Service - Linux Kernel (CVE-2024-26621) - Medium [275]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: huge_memory: don't force huge page alignment on 32 bit\n\ncommit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP\nboundaries") caused two issues [1] [2] reported on 32 bit system or compat\nuserspace.\n\nIt doesn't make too much sense to force huge page alignment on 32 bit\nsystem due to the constrained virtual address space.\n\n[1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/\n[2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26621 was patched at 2024-05-15

3806. Denial of Service - Linux Kernel (CVE-2024-26798) - Medium [275]

Description: In the Linux kernel, the following vulnerability has been resolved: fbcon: always restore the old font data in fbcon_do_set_font() Commit a5a923038d70 (fbdev: fbcon: Properly revert changes when vc_resize() failed) started restoring old font data upon failure (of vc_resize()). But it performs so only for user fonts. It means that the "system"/internal fonts are not restored at all. So in result, the very first call to fbcon_do_set_font() performs no restore at all upon failing vc_resize(). This can be reproduced by Syzkaller to crash the system on the next invocation of font_get(). It's rather hard to hit the allocation failure in vc_resize() on the first font_set(), but not impossible. Esp. if fault injection is used to aid the execution/failure. It was demonstrated by Sirius: BUG: unable to handle page fault for address: fffffffffffffff8 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD cb7b067 P4D cb7b067 PUD cb7d067 PMD 0 Oops: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 8007 Comm: poc Not tainted 6.7.0-g9d1694dc91ce #20 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:fbcon_get_font+0x229/0x800 drivers/video/fbdev/core/fbcon.c:2286 Call Trace: <TASK> con_font_get drivers/tty/vt/vt.c:4558 [inline] con_font_op+0x1fc/0xf20 drivers/tty/vt/vt.c:4673 vt_k_ioctl drivers/tty/vt/vt_ioctl.c:474 [inline] vt_ioctl+0x632/0x2ec0 drivers/tty/vt/vt_ioctl.c:752 tty_ioctl+0x6f8/0x1570 drivers/tty/tty_io.c:2803 vfs_ioctl fs/ioctl.c:51 [inline] ... So restore the font data in any case, not only for user fonts. Note the later 'if' is now protected by 'old_userfont' and not 'old_data' as the latter is always set now. (And it is supposed to be non-NULL. Otherwise we would see the bug above again.)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26798 was patched at 2024-05-15

ubuntu: CVE-2024-26798 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

3807. Denial of Service - Linux Kernel (CVE-2024-26964) - Medium [275]

Description: In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Add error handling in xhci_map_urb_for_dma Currently xhci_map_urb_for_dma() creates a temporary buffer and copies the SG list to the new linear buffer. But if the kzalloc_node() fails, then the following sg_pcopy_to_buffer() can lead to crash since it tries to memcpy to NULL pointer. So return -ENOMEM if kzalloc returns null pointer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26964 was patched at 2024-06-05

debian: CVE-2024-26964 was patched at 2024-05-15

oraclelinux: CVE-2024-26964 was patched at 2024-06-05

redhat: CVE-2024-26964 was patched at 2024-06-05

ubuntu: CVE-2024-26964 was patched at 2024-06-07, 2024-06-11, 2024-06-14

3808. Denial of Service - Linux Kernel (CVE-2024-27059) - Medium [275]

Description: In the Linux kernel, the following vulnerability has been resolved: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values in the ATA ID information to calculate cylinder and head values when creating a CDB for READ or WRITE commands. The calculation involves division and modulus operations, which will cause a crash if either of these values is 0. While this never happens with a genuine device, it could happen with a flawed or subversive emulation, as reported by the syzbot fuzzer. Protect against this possibility by refusing to bind to the device if either the ATA_ID_HEADS or ATA_ID_SECTORS value in the device's ID information is 0. This requires isd200_Initialization() to return a negative error code when initialization fails; currently it always returns 0 (even when there is an error).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-27059 was patched at 2024-06-05

debian: CVE-2024-27059 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-27059 was patched at 2024-06-05

redhat: CVE-2024-27059 was patched at 2024-06-05

3809. Denial of Service - Microsoft SCOM (CVE-2024-31852) - Medium [275]

Description: LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low, because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So, if this function is covered by any testing, the miscompile is most likely to be discovered before the binary is shipped to production."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914System Center Operations Manager
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31852 was patched at 2024-05-15

3810. Denial of Service - Windows Encrypting File System (CVE-2023-52648) - Medium [275]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the variable indicating whether the surface is currently mapped was not being reset. This leads to crashes as the duplicated state, incorrectly, indicates the that surface is mapped even when no surface is present. That's because after unreferencing the surface it's perfectly possible for the plane to be backed by a bo instead of a surface. Reset the surface mapped flag when unreferencing the plane state surface to fix null derefs in cleanup. Fixes crashes in KDE KWin 6.0 on Wayland: Oops: 0000 [#1] PREEMPT SMP PTI CPU: 4 PID: 2533 Comm: kwin_wayland Not tainted 6.7.0-rc3-vmwgfx #2 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 RIP: 0010:vmw_du_cursor_plane_cleanup_fb+0x124/0x140 [vmwgfx] Code: 00 00 00 75 3a 48 83 c4 10 5b 5d c3 cc cc cc cc 48 8b b3 a8 00 00 00 48 c7 c7 99 90 43 c0 e8 93 c5 db ca 48 8b 83 a8 00 00 00 <48> 8b 78 28 e8 e3 f> RSP: 0018:ffffb6b98216fa80 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff969d84cdcb00 RCX: 0000000000000027 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff969e75f21600 RBP: ffff969d4143dc50 R08: 0000000000000000 R09: ffffb6b98216f920 R10: 0000000000000003 R11: ffff969e7feb3b10 R12: 0000000000000000 R13: 0000000000000000 R14: 000000000000027b R15: ffff969d49c9fc00 FS: 00007f1e8f1b4180(0000) GS:ffff969e75f00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000028 CR3: 0000000104006004 CR4: 00000000003706f0 Call Trace: <TASK> ? __die+0x23/0x70 ? page_fault_oops+0x171/0x4e0 ? exc_page_fault+0x7f/0x180 ? asm_exc_page_fault+0x26/0x30 ? vmw_du_cursor_plane_cleanup_fb+0x124/0x140 [vmwgfx] drm_atomic_helper_cleanup_planes+0x9b/0xc0 commit_tail+0xd1/0x130 drm_atomic_helper_commit+0x11a/0x140 drm_atomic_commit+0x97/0xd0 ? __pfx___drm_printfn_info+0x10/0x10 drm_atomic_helper_update_plane+0xf5/0x160 drm_mode_cursor_universal+0x10e/0x270 drm_mode_cursor_common+0x102/0x230 ? __pfx_drm_mode_cursor2_ioctl+0x10/0x10 drm_ioctl_kernel+0xb2/0x110 drm_ioctl+0x26d/0x4b0 ? __pfx_drm_mode_cursor2_ioctl+0x10/0x10 ? __pfx_drm_ioctl+0x10/0x10 vmw_generic_ioctl+0xa4/0x110 [vmwgfx] __x64_sys_ioctl+0x94/0xd0 do_syscall_64+0x61/0xe0 ? __x64_sys_ioctl+0xaf/0xd0 ? syscall_exit_to_user_mode+0x2b/0x40 ? do_syscall_64+0x70/0xe0 ? __x64_sys_ioctl+0xaf/0xd0 ? syscall_exit_to_user_mode+0x2b/0x40 ? do_syscall_64+0x70/0xe0 ? exc_page_fault+0x7f/0x180 entry_SYSCALL_64_after_hwframe+0x6e/0x76 RIP: 0033:0x7f1e93f279ed Code: 04 25 28 00 00 00 48 89 45 c8 31 c0 48 8d 45 10 c7 45 b0 10 00 00 00 48 89 45 b8 48 8d 45 d0 48 89 45 c0 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff f> RSP: 002b:00007ffca0faf600 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000055db876ed2c0 RCX: 00007f1e93f279ed RDX: 00007ffca0faf6c0 RSI: 00000000c02464bb RDI: 0000000000000015 RBP: 00007ffca0faf650 R08: 000055db87184010 R09: 0000000000000007 R10: 000055db886471a0 R11: 0000000000000246 R12: 00007ffca0faf6c0 R13: 00000000c02464bb R14: 0000000000000015 R15: 00007ffca0faf790 </TASK> Modules linked in: snd_seq_dummy snd_hrtimer nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_ine> CR2: 0000000000000028 ---[ end trace 0000000000000000 ]--- RIP: 0010:vmw_du_cursor_plane_cleanup_fb+0x124/0x140 [vmwgfx] Code: 00 00 00 75 3a 48 83 c4 10 5b 5d c3 cc cc cc cc 48 8b b3 a8 00 00 00 48 c7 c7 99 90 43 c0 e8 93 c5 db ca 48 8b 83 a8 00 00 00 <48> 8b 78 28 e8 e3 f> RSP: 0018:ffffb6b98216fa80 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff969d84cdcb00 RCX: 0000000000000027 RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff969e75f21600 RBP: ffff969d4143 ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.914Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52648 was patched at 2024-05-15

ubuntu: CVE-2023-52648 was patched at 2024-06-07, 2024-06-11, 2024-06-14

3811. Memory Corruption - GPAC (CVE-2020-11558) - Medium [275]

Description: An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audio_sample_entry_Read in isomedia/box_code_base.c does not properly decide when to make gf_isom_box_del calls. This leads to various use-after-free outcomes involving mdia_Read, gf_isom_delete_movie, and gf_isom_parse_movie_boxes.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11558 was patched at 2024-05-15

3812. Security Feature Bypass - Git (CVE-2024-32020) - Medium [275]

Description: {'vulners_cve_data_all': 'Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user. Cloning local repositories will cause Git to either copy or hardlink files of the source repository into the target repository. This significantly speeds up such local clones compared to doing a "proper" clone and saves both disk space and compute time. When cloning a repository located on the same disk that is owned by a different user than the current user we also end up creating such hardlinks. These files will continue to be owned and controlled by the potentially-untrusted user and can be rewritten by them at will in the future. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.414Git
CVSS Base Score0.410CVSS Base Score is 3.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32020 was patched at 2024-05-15

redos: CVE-2024-32020 was patched at 2024-05-27

ubuntu: CVE-2024-32020 was patched at 2024-05-28

3813. Command Injection - Redis (CVE-2024-3019) - Medium [273]

Description: A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common0.614Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-3019 was patched at 2024-04-30, 2024-05-22

debian: CVE-2024-3019 was patched at 2024-05-15

oraclelinux: CVE-2024-3019 was patched at 2024-05-08, 2024-05-29

redhat: CVE-2024-3019 was patched at 2024-04-30, 2024-05-22, 2024-05-23, 2024-05-28

3814. Cross Site Scripting - Cacti (CVE-2008-0783) - Medium [273]

Description: Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the action parameter to the draw_navigation_text function in lib/functions.php, reachable through index.php (aka the login page) or data_input.php; or (4) the login_username parameter to index.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0783 was patched at 2024-05-15

3815. Cross Site Scripting - Cacti (CVE-2010-1644) - Medium [273]

Description: Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1644 was patched at 2024-05-15

3816. Cross Site Scripting - Cacti (CVE-2010-2544) - Medium [273]

Description: Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2544 was patched at 2024-05-15

3817. Cross Site Scripting - Cacti (CVE-2010-2545) - Medium [273]

Description: Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php, (11) graph_templates_inputs.php, (12) graph_templates_items.php, (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, (19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php, and (25) user_admin.php.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2545 was patched at 2024-05-15

3818. Cross Site Scripting - VBScript (CVE-2010-2230) - Medium [273]

Description: The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514VBScript
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2230 was patched at 2024-05-15

3819. Denial of Service - Unknown Product (CVE-2023-26586) - Medium [273]

Description: {'vulners_cve_data_all': 'Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26586 was patched at 2024-05-15

3820. Memory Corruption - Unknown Product (CVE-2022-1247) - Medium [273]

Description: {'vulners_cve_data_all': 'An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1247 was patched at 2024-05-15

3821. Remote Code Execution - Unknown Product (CVE-2001-0775) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux allows remote attackers to execute arbitrary code via a FACES format image containing a long (1) Firstname or (2) Lastname field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2001-0775 was patched at 2024-05-15

3822. Remote Code Execution - Unknown Product (CVE-2001-1413) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the comprexx function for ncompress 4.2.4 and earlier, when used in situations that cross security boundaries (such as FTP server), may allow remote attackers to execute arbitrary code via a long filename argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2001-1413 was patched at 2024-05-15

3823. Remote Code Execution - Unknown Product (CVE-2001-1566) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in libvanessa_logger 0.0.1 in Perdition 0.1.8 allows remote attackers to execute arbitrary code via format string specifiers in the __vanessa_logger_log function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2001-1566 was patched at 2024-05-15

3824. Remote Code Execution - Unknown Product (CVE-2002-0380) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0380 was patched at 2024-05-15

3825. Remote Code Execution - Unknown Product (CVE-2002-0713) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0713 was patched at 2024-05-15

3826. Remote Code Execution - Unknown Product (CVE-2002-0844) - Medium [273]

Description: {'vulners_cve_data_all': 'Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0844 was patched at 2024-05-15

3827. Remote Code Execution - Unknown Product (CVE-2002-0847) - Medium [273]

Description: {'vulners_cve_data_all': 'tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (double-free).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0847 was patched at 2024-05-15

3828. Remote Code Execution - Unknown Product (CVE-2002-0906) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0906 was patched at 2024-05-15

3829. Remote Code Execution - Unknown Product (CVE-2002-1050) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long line of image data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1050 was patched at 2024-05-15

3830. Remote Code Execution - Unknown Product (CVE-2002-1090) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in read_smtp_response of protocol.c in libesmtp before 0.8.11 allows a remote SMTP server to (1) execute arbitrary code via a certain response or (2) cause a denial of service via long server responses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1090 was patched at 2024-05-15

3831. Remote Code Execution - Unknown Product (CVE-2002-1275) - Medium [273]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when used within LPRng, allows remote attackers to execute arbitrary code via "unsanitized input."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1275 was patched at 2024-05-15

3832. Remote Code Execution - Unknown Product (CVE-2002-1365) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1365 was patched at 2024-05-15

3833. Remote Code Execution - Unknown Product (CVE-2002-1368) - Medium [273]

Description: {'vulners_cve_data_all': 'Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1368 was patched at 2024-05-15

3834. Remote Code Execution - Unknown Product (CVE-2002-1391) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1391 was patched at 2024-05-15

3835. Remote Code Execution - Unknown Product (CVE-2002-1565) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in url_filename function for wget 1.8.1 allows attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1565 was patched at 2024-05-15

3836. Remote Code Execution - Unknown Product (CVE-2002-1580) - Medium [273]

Description: {'vulners_cve_data_all': 'Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1580 was patched at 2024-05-15

3837. Remote Code Execution - Unknown Product (CVE-2002-1788) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the nn_exitmsg function in nn 6.6.0 through 6.6.3 allows remote NNTP servers to execute arbitrary code via format strings in server responses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1788 was patched at 2024-05-15

3838. Remote Code Execution - Unknown Product (CVE-2003-0107) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0107 was patched at 2024-05-15

3839. Remote Code Execution - Unknown Product (CVE-2003-0140) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0140 was patched at 2024-05-15

3840. Remote Code Execution - Unknown Product (CVE-2003-0146) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0146 was patched at 2024-05-15

3841. Remote Code Execution - Unknown Product (CVE-2003-0167) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0167 was patched at 2024-05-15

3842. Remote Code Execution - Unknown Product (CVE-2003-0296) - Medium [273]

Description: {'vulners_cve_data_all': 'The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0296 was patched at 2024-05-15

3843. Remote Code Execution - Unknown Product (CVE-2003-0297) - Medium [273]

Description: {'vulners_cve_data_all': 'c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0297 was patched at 2024-05-15

3844. Remote Code Execution - Unknown Product (CVE-2003-0328) - Medium [273]

Description: {'vulners_cve_data_all': 'EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later versions, allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via a CTCP request from a large nickname, which causes an incorrect length calculation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0328 was patched at 2024-05-15

3845. Remote Code Execution - Unknown Product (CVE-2003-0380) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possibly later versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0380 was patched at 2024-05-15

3846. Remote Code Execution - Unknown Product (CVE-2003-0427) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to execute arbitrary code via an archive file that contains a file with a long filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0427 was patched at 2024-05-15

3847. Remote Code Execution - Unknown Product (CVE-2003-0435) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier allows remote attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0435 was patched at 2024-05-15

3848. Remote Code Execution - Unknown Product (CVE-2003-0445) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in webfs before 1.17.1 allows remote attackers to execute arbitrary code via an HTTP request with a long Request-URI.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0445 was patched at 2024-05-15

3849. Remote Code Execution - Unknown Product (CVE-2003-0577) - Medium [273]

Description: {'vulners_cve_data_all': 'mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0577 was patched at 2024-05-15

3850. Remote Code Execution - Unknown Product (CVE-2003-0581) - Medium [273]

Description: {'vulners_cve_data_all': 'X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a (1) FS_QueryXExtents8 or (2) FS_QueryXBitmaps8 packet, and possibly other types of packets, with a large num_ranges value, which causes an out-of-bounds array access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0581 was patched at 2024-05-15

3851. Remote Code Execution - Unknown Product (CVE-2003-0685) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0685 was patched at 2024-05-15

3852. Remote Code Execution - Unknown Product (CVE-2003-0709) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0709 was patched at 2024-05-15

3853. Remote Code Execution - Unknown Product (CVE-2003-0723) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow remote attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0723 was patched at 2024-05-15

3854. Remote Code Execution - Unknown Product (CVE-2003-0761) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0761 was patched at 2024-05-15

3855. Remote Code Execution - Unknown Product (CVE-2003-0805) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0805 was patched at 2024-05-15

3856. Remote Code Execution - Unknown Product (CVE-2003-0833) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in webfs before 1.20 allows attackers to execute arbitrary code by creating directories that result in a long pathname.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0833 was patched at 2024-05-15

3857. Remote Code Execution - Unknown Product (CVE-2003-0850) - Medium [273]

Description: {'vulners_cve_data_all': 'The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause "memory corruption" and possibly execute arbitrary code via "overlarge TCP packets."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0850 was patched at 2024-05-15

3858. Remote Code Execution - Unknown Product (CVE-2003-0865) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0865 was patched at 2024-05-15

3859. Remote Code Execution - Unknown Product (CVE-2003-0946) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a "MAIL FROM" command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0946 was patched at 2024-05-15

3860. Remote Code Execution - Unknown Product (CVE-2003-0963) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0963 was patched at 2024-05-15

3861. Remote Code Execution - Unknown Product (CVE-2003-0969) - Medium [273]

Description: {'vulners_cve_data_all': 'mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0969 was patched at 2024-05-15

3862. Remote Code Execution - Unknown Product (CVE-2003-1023) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-1023 was patched at 2024-05-15

3863. Remote Code Execution - Unknown Product (CVE-2003-1557) - Medium [273]

Description: {'vulners_cve_data_all': 'Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-1557 was patched at 2024-05-15

3864. Remote Code Execution - Unknown Product (CVE-2004-0014) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier allows remote web servers to execute arbitrary code via certain long strings.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0014 was patched at 2024-05-15

3865. Remote Code Execution - Unknown Product (CVE-2004-0045) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0045 was patched at 2024-05-15

3866. Remote Code Execution - Unknown Product (CVE-2004-0078) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0078 was patched at 2024-05-15

3867. Remote Code Execution - Unknown Product (CVE-2004-0110) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0110 was patched at 2024-05-15

3868. Remote Code Execution - Unknown Product (CVE-2004-0224) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0224 was patched at 2024-05-15

3869. Remote Code Execution - Unknown Product (CVE-2004-0227) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0227 was patched at 2024-05-15

3870. Remote Code Execution - Unknown Product (CVE-2004-0398) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0398 was patched at 2024-05-15

3871. Remote Code Execution - Unknown Product (CVE-2004-0408) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the child_service function in the ident2 ident daemon allows remote attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0408 was patched at 2024-05-15

3872. Remote Code Execution - Unknown Product (CVE-2004-0409) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 to 2.0.8, with socks5 traversal enabled, allows remote attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0409 was patched at 2024-05-15

3873. Remote Code Execution - Unknown Product (CVE-2004-0488) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0488 was patched at 2024-05-15

3874. Remote Code Execution - Unknown Product (CVE-2004-0560) - Medium [273]

Description: {'vulners_cve_data_all': 'Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted content of a certain size that triggers the overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0560 was patched at 2024-05-15

3875. Remote Code Execution - Unknown Product (CVE-2004-0561) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the log routine for gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0561 was patched at 2024-05-15

3876. Remote Code Execution - Unknown Product (CVE-2004-0777) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0777 was patched at 2024-05-15

3877. Remote Code Execution - Unknown Product (CVE-2004-0783) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0783 was patched at 2024-05-15

3878. Remote Code Execution - Unknown Product (CVE-2004-0803) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0803 was patched at 2024-05-15

3879. Remote Code Execution - Unknown Product (CVE-2004-0805) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0805 was patched at 2024-05-15

3880. Remote Code Execution - Unknown Product (CVE-2004-0991) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0991 was patched at 2024-05-15

3881. Remote Code Execution - Unknown Product (CVE-2004-0998) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in telnetd-ssl 0.17 and earlier allows remote attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0998 was patched at 2024-05-15

3882. Remote Code Execution - Unknown Product (CVE-2004-1176) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1176 was patched at 2024-05-15

3883. Remote Code Execution - Unknown Product (CVE-2004-1307) - Medium [273]

Description: {'vulners_cve_data_all': 'Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1307 was patched at 2024-05-15

3884. Remote Code Execution - Unknown Product (CVE-2004-1440) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1440 was patched at 2024-05-15

3885. Remote Code Execution - Unknown Product (CVE-2004-1717) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1717 was patched at 2024-05-15

3886. Remote Code Execution - Unknown Product (CVE-2004-1773) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1773 was patched at 2024-05-15

3887. Remote Code Execution - Unknown Product (CVE-2004-1915) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the parse_all_client_messages function in LCDproc 0.4.x up to 0.4.4 allows remote attackers to execute arbitrary code via a large number of arguments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1915 was patched at 2024-05-15

3888. Remote Code Execution - Unknown Product (CVE-2004-1916) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x versions up to 0.4.4, allows remote attackers to execute arbitrary code via (1) a long invalid command to parse_all_client_messages function, or (2) long argv command to test_func_func function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1916 was patched at 2024-05-15

3889. Remote Code Execution - Unknown Product (CVE-2004-1917) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in test_func_func in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1917 was patched at 2024-05-15

3890. Remote Code Execution - Unknown Product (CVE-2004-2026) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2026 was patched at 2024-05-15

3891. Remote Code Execution - Unknown Product (CVE-2004-2167) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2167 was patched at 2024-05-15

3892. Remote Code Execution - Unknown Product (CVE-2004-2461) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2461 was patched at 2024-05-15

3893. Remote Code Execution - Unknown Product (CVE-2005-0012) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0012 was patched at 2024-05-15

3894. Remote Code Execution - Unknown Product (CVE-2005-0064) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0064 was patched at 2024-05-15

3895. Remote Code Execution - Unknown Product (CVE-2005-0100) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0100 was patched at 2024-05-15

3896. Remote Code Execution - Unknown Product (CVE-2005-0211) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0211 was patched at 2024-05-15

3897. Remote Code Execution - Unknown Product (CVE-2005-0373) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0373 was patched at 2024-05-15

3898. Remote Code Execution - Unknown Product (CVE-2005-0390) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the HTTP redirection capability in conn.c for Axel before 1.0b may allow remote attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0390 was patched at 2024-05-15

3899. Remote Code Execution - Unknown Product (CVE-2005-0467) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been allocated.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0467 was patched at 2024-05-15

3900. Remote Code Execution - Unknown Product (CVE-2005-0468) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0468 was patched at 2024-05-15

3901. Remote Code Execution - Unknown Product (CVE-2005-0469) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0469 was patched at 2024-05-15

3902. Remote Code Execution - Unknown Product (CVE-2005-0639) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0639 was patched at 2024-05-15

3903. Remote Code Execution - Unknown Product (CVE-2005-0686) - Medium [273]

Description: {'vulners_cve_data_all': 'Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf support enabled, allows remote attackers to execute arbitrary code via a large image file that is used as a background.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0686 was patched at 2024-05-15

3904. Remote Code Execution - Unknown Product (CVE-2005-0706) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0706 was patched at 2024-05-15

3905. Remote Code Execution - Unknown Product (CVE-2005-0753) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0753 was patched at 2024-05-15

3906. Remote Code Execution - Unknown Product (CVE-2005-0764) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote attackers to execute arbitrary code via a crafted file containing long escape sequences.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0764 was patched at 2024-05-15

3907. Remote Code Execution - Unknown Product (CVE-2005-0825) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in LTris before 1.0.10 allows local users to execute arbitrary code via a crafted highscores file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0825 was patched at 2024-05-15

3908. Remote Code Execution - Unknown Product (CVE-2005-0838) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow attackers to cause a denial of service and possibly execute arbitrary code via (1) a long test value in an xsl:when tag, (2) a long test value in an xsl:if tag, or (3) a long select value in an xsl:value-of tag.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0838 was patched at 2024-05-15

3909. Remote Code Execution - Unknown Product (CVE-2005-1100) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1100 was patched at 2024-05-15

3910. Remote Code Execution - Unknown Product (CVE-2005-1142) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the readpgm function in pnm.c for GOCR 0.40, when it is not using netpbm, allows remote attackers to execute arbitrary code via a P3 format PNM file with more data than implied by its width and height values.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1142 was patched at 2024-05-15

3911. Remote Code Execution - Unknown Product (CVE-2005-1344) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1344 was patched at 2024-05-15

3912. Remote Code Execution - Unknown Product (CVE-2005-1349) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1349 was patched at 2024-05-15

3913. Remote Code Execution - Unknown Product (CVE-2005-1391) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1391 was patched at 2024-05-15

3914. Remote Code Execution - Unknown Product (CVE-2005-1520) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1520 was patched at 2024-05-15

3915. Remote Code Execution - Unknown Product (CVE-2005-1521) - Medium [273]

Description: {'vulners_cve_data_all': 'Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1521 was patched at 2024-05-15

3916. Remote Code Execution - Unknown Product (CVE-2005-1523) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1523 was patched at 2024-05-15

3917. Remote Code Execution - Unknown Product (CVE-2005-1544) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1544 was patched at 2024-05-15

3918. Remote Code Execution - Unknown Product (CVE-2005-1796) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1796 was patched at 2024-05-15

3919. Remote Code Execution - Unknown Product (CVE-2005-1857) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in simpleproxy before 3.4 allows remote malicious HTTP proxies to execute arbitrary code via format string specifiers in a reply.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1857 was patched at 2024-05-15

3920. Remote Code Execution - Unknown Product (CVE-2005-2627) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple integer underflows in Kismet before 2005-08-R1 allow remote attackers to execute arbitrary code via (1) kernel headers in a pcap file or (2) data frame dissection, which leads to heap-based buffer overflows.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2627 was patched at 2024-05-15

3921. Remote Code Execution - Unknown Product (CVE-2005-2661) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the ParseBannerAndCapability function in main.c for up-imapproxy 1.2.3 and 1.2.4 allows remote IMAP servers to execute arbitrary code via format string specifiers in a banner or capability line.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2661 was patched at 2024-05-15

3922. Remote Code Execution - Unknown Product (CVE-2005-2878) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2878 was patched at 2024-05-15

3923. Remote Code Execution - Unknown Product (CVE-2005-2920) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2920 was patched at 2024-05-15

3924. Remote Code Execution - Unknown Product (CVE-2005-2933) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2933 was patched at 2024-05-15

3925. Remote Code Execution - Unknown Product (CVE-2005-2964) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2964 was patched at 2024-05-15

3926. Remote Code Execution - Unknown Product (CVE-2005-2976) - Medium [273]

Description: {'vulners_cve_data_all': 'Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2976 was patched at 2024-05-15

3927. Remote Code Execution - Unknown Product (CVE-2005-2978) - Medium [273]

Description: {'vulners_cve_data_all': 'pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2978 was patched at 2024-05-15

3928. Remote Code Execution - Unknown Product (CVE-2005-3150) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, 2.6.1, and possibly other versions allows remote FTP servers to execute arbitrary code via format strings in filenames.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3150 was patched at 2024-05-15

3929. Remote Code Execution - Unknown Product (CVE-2005-3151) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in blenderplay in Blender Player 2.37a allows attackers to execute arbitrary code via a long command line argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3151 was patched at 2024-05-15

3930. Remote Code Execution - Unknown Product (CVE-2005-3186) - Medium [273]

Description: {'vulners_cve_data_all': 'Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3186 was patched at 2024-05-15

3931. Remote Code Execution - Unknown Product (CVE-2005-3192) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3192 was patched at 2024-05-15

3932. Remote Code Execution - Unknown Product (CVE-2005-3303) - Medium [273]

Description: {'vulners_cve_data_all': 'The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3303 was patched at 2024-05-15

3933. Remote Code Execution - Unknown Product (CVE-2005-3393) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3393 was patched at 2024-05-15

3934. Remote Code Execution - Unknown Product (CVE-2005-3486) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, and possibly other unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3486 was patched at 2024-05-15

3935. Remote Code Execution - Unknown Product (CVE-2005-3534) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the Network Block Device (nbd) server 2.7.5 and earlier, and 2.8.0 through 2.8.2, allows remote attackers to execute arbitrary code via a large request, which is written past the end of the buffer because nbd does not account for memory taken by the reply header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3534 was patched at 2024-05-15

3936. Remote Code Execution - Unknown Product (CVE-2005-3535) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary code via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3535 was patched at 2024-05-15

3937. Remote Code Execution - Unknown Product (CVE-2005-3540) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in petris before 1.0.1 allows remote attackers to execute arbitrary code via unspecified attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3540 was patched at 2024-05-15

3938. Remote Code Execution - Unknown Product (CVE-2005-3628) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3628 was patched at 2024-05-15

3939. Remote Code Execution - Unknown Product (CVE-2005-3862) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in unalz before 0.53 allows remote attackers to execute arbitrary code via long file names in ALZ archives.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3862 was patched at 2024-05-15

3940. Remote Code Execution - Unknown Product (CVE-2005-4470) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4470 was patched at 2024-05-15

3941. Remote Code Execution - Unknown Product (CVE-2005-4591) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using Unicode databases, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "invalid input sequences" that lead to heap corruption when bogofilter or bogolexer converts character sets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4591 was patched at 2024-05-15

3942. Remote Code Execution - Unknown Product (CVE-2005-4592) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via words that are longer than the input buffer used by flex.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4592 was patched at 2024-05-15

3943. Remote Code Execution - Unknown Product (CVE-2005-4816) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4816 was patched at 2024-05-15

3944. Remote Code Execution - Unknown Product (CVE-2006-0056) - Medium [273]

Description: {'vulners_cve_data_all': 'Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double free of a pointer that was created by the pam_get_item function. NOTE: this issue only occurs in certain configurations in which there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0056 was patched at 2024-05-15

3945. Remote Code Execution - Unknown Product (CVE-2006-0058) - Medium [273]

Description: {'vulners_cve_data_all': 'Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0058 was patched at 2024-05-15

3946. Remote Code Execution - Unknown Product (CVE-2006-0162) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0162 was patched at 2024-05-15

3947. Remote Code Execution - Unknown Product (CVE-2006-0301) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0301 was patched at 2024-05-15

3948. Remote Code Execution - Unknown Product (CVE-2006-0459) - Medium [273]

Description: {'vulners_cve_data_all': 'flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0459 was patched at 2024-05-15

3949. Remote Code Execution - Unknown Product (CVE-2006-0804) - Medium [273]

Description: {'vulners_cve_data_all': 'Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0804 was patched at 2024-05-15

3950. Remote Code Execution - Unknown Product (CVE-2006-1060) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such as a CMYK or YCCK color space, which causes less memory to be allocated than required.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1060 was patched at 2024-05-15

3951. Remote Code Execution - Unknown Product (CVE-2006-1514) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in the abcmidi-yaps translator in abcmidi 20050101, and other versions, allow remote attackers to execute arbitrary code via crafted ABC music files that trigger the overflows during translation into PostScript.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1514 was patched at 2024-05-15

3952. Remote Code Execution - Unknown Product (CVE-2006-1515) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the addnewword function in typespeed 0.4.4 and earlier might allow remote attackers to execute arbitrary code via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1515 was patched at 2024-05-15

3953. Remote Code Execution - Unknown Product (CVE-2006-1861) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1861 was patched at 2024-05-15

3954. Remote Code Execution - Unknown Product (CVE-2006-1905) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1905 was patched at 2024-05-15

3955. Remote Code Execution - Unknown Product (CVE-2006-2083) - Medium [273]

Description: {'vulners_cve_data_all': 'Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2083 was patched at 2024-05-15

3956. Remote Code Execution - Unknown Product (CVE-2006-2191) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2191 was patched at 2024-05-15

3957. Remote Code Execution - Unknown Product (CVE-2006-2656) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2656 was patched at 2024-05-15

3958. Remote Code Execution - Unknown Product (CVE-2006-2875) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2875 was patched at 2024-05-15

3959. Remote Code Execution - Unknown Product (CVE-2006-2898) - Medium [273]

Description: {'vulners_cve_data_all': 'The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2898 was patched at 2024-05-15

3960. Remote Code Execution - Unknown Product (CVE-2006-3124) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3124 was patched at 2024-05-15

3961. Remote Code Execution - Unknown Product (CVE-2006-3125) - Medium [273]

Description: {'vulners_cve_data_all': 'Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows remote attackers to execute arbitrary code via a packet specifying a negative number of players, which is used as an array index.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3125 was patched at 2024-05-15

3962. Remote Code Execution - Unknown Product (CVE-2006-3409) - Medium [273]

Description: {'vulners_cve_data_all': 'Integer overflow in Tor before 0.1.1.20 allows remote attackers to execute arbitrary code via crafted large inputs, which result in a buffer overflow when elements are added to smartlists.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3409 was patched at 2024-05-15

3963. Remote Code Execution - Unknown Product (CVE-2006-3467) - Medium [273]

Description: {'vulners_cve_data_all': 'Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3467 was patched at 2024-05-15

3964. Remote Code Execution - Unknown Product (CVE-2006-3668) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an envelope with a large number of nodes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3668 was patched at 2024-05-15

3965. Remote Code Execution - Unknown Product (CVE-2006-3913) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3913 was patched at 2024-05-15

3966. Remote Code Execution - Unknown Product (CVE-2006-4018) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4018 was patched at 2024-05-15

3967. Remote Code Execution - Unknown Product (CVE-2006-4345) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4345 was patched at 2024-05-15

3968. Remote Code Execution - Unknown Product (CVE-2006-4514) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE document, which causes the ole_init_info function to allocate insufficient memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4514 was patched at 2024-05-15

3969. Remote Code Execution - Unknown Product (CVE-2006-5379) - Medium [273]

Description: {'vulners_cve_data_all': 'The accelerated rendering functionality of NVIDIA Binary Graphics Driver (binary blob driver) For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite arbitrary memory locations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5379 was patched at 2024-05-15

3970. Remote Code Execution - Unknown Product (CVE-2006-5444) - Medium [273]

Description: {'vulners_cve_data_all': 'Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5444 was patched at 2024-05-15

3971. Remote Code Execution - Unknown Product (CVE-2006-5925) - Medium [273]

Description: {'vulners_cve_data_all': 'Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5925 was patched at 2024-05-15

3972. Remote Code Execution - Unknown Product (CVE-2006-6172) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6172 was patched at 2024-05-15

3973. Remote Code Execution - Unknown Product (CVE-2006-6692) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6692 was patched at 2024-05-15

3974. Remote Code Execution - Unknown Product (CVE-2006-6693) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6693 was patched at 2024-05-15

3975. Remote Code Execution - Unknown Product (CVE-2007-0317) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0317 was patched at 2024-05-15

3976. Remote Code Execution - Unknown Product (CVE-2007-1246) - Medium [273]

Description: {'vulners_cve_data_all': 'The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1387.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1246 was patched at 2024-05-15

3977. Remote Code Execution - Unknown Product (CVE-2007-1997) - Medium [273]

Description: {'vulners_cve_data_all': 'Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1997 was patched at 2024-05-15

3978. Remote Code Execution - Unknown Product (CVE-2007-2293) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in the process_sdp function in chan_sip.c of the SIP channel T.38 SDP parser in Asterisk before 1.4.3 allow remote attackers to execute arbitrary code via a long (1) T38FaxRateManagement or (2) T38FaxUdpEC SDP parameter in an SIP message, as demonstrated using SIP INVITE.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2293 was patched at 2024-05-15

3979. Remote Code Execution - Unknown Product (CVE-2007-3121) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the zvbi-ntsc-cc tool in Zapping VBI Library (ZVBI) before 0.2.25 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long data during a reception error. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3121 was patched at 2024-05-15

3980. Remote Code Execution - Unknown Product (CVE-2007-3506) - Medium [273]

Description: {'vulners_cve_data_all': 'The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buffer overwrite bug."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3506 was patched at 2024-05-15

3981. Remote Code Execution - Unknown Product (CVE-2007-4974) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the flac_buffer_copy function in libsndfile 1.0.17 and earlier might allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data containing a block with a size that exceeds the previous block size.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4974 was patched at 2024-05-15

3982. Remote Code Execution - Unknown Product (CVE-2007-6353) - Medium [273]

Description: {'vulners_cve_data_all': 'Integer overflow in exif.cpp in exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6353 was patched at 2024-05-15

3983. Remote Code Execution - Unknown Product (CVE-2007-6697) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6697 was patched at 2024-05-15

3984. Remote Code Execution - Unknown Product (CVE-2008-0100) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the Scene::errorf function in Scene.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via a long string in a .WRL file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0100 was patched at 2024-05-15

3985. Remote Code Execution - Unknown Product (CVE-2008-0101) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the swDebugf function in DuneApp.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a .WRL file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0101 was patched at 2024-05-15

3986. Remote Code Execution - Unknown Product (CVE-2008-0295) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0295 was patched at 2024-05-15

3987. Remote Code Execution - Unknown Product (CVE-2008-1108) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1108 was patched at 2024-05-15

3988. Remote Code Execution - Unknown Product (CVE-2008-1833) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1833 was patched at 2024-05-15

3989. Remote Code Execution - Unknown Product (CVE-2008-1959) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the get_remote_video_port_media function in call.cpp in SIPp 3.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SIP message. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1959 was patched at 2024-05-15

3990. Remote Code Execution - Unknown Product (CVE-2008-2085) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in the (1) get_remote_ip_media and (2) get_remote_ipv6_media functions in call.cpp in SIPp 3.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted SIP message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2085 was patched at 2024-05-15

3991. Remote Code Execution - Unknown Product (CVE-2008-4555) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the push_subg function in parser.y (lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a DOT file with a large number of Agraph_t elements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4555 was patched at 2024-05-15

3992. Remote Code Execution - Unknown Product (CVE-2008-5286) - Medium [273]

Description: {'vulners_cve_data_all': 'Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5286 was patched at 2024-05-15

3993. Remote Code Execution - Unknown Product (CVE-2009-0363) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0363 was patched at 2024-05-15

3994. Remote Code Execution - Unknown Product (CVE-2009-1438) - Medium [273]

Description: {'vulners_cve_data_all': 'Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted (1) song comment or (2) song name, which triggers a heap-based buffer overflow, as exploited in the wild in August 2008.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1438 was patched at 2024-05-15

3995. Remote Code Execution - Unknown Product (CVE-2009-2295) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to execute arbitrary code via a crafted PNG image with large width and height values that trigger a heap-based buffer overflow in the (1) read_png_file or (2) read_png_file_as_rgb24 function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2295 was patched at 2024-05-15

3996. Remote Code Execution - Unknown Product (CVE-2009-5028) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in Namazu before 2.0.20 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted request containing an empty uri field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5028 was patched at 2024-05-15

3997. Remote Code Execution - Unknown Product (CVE-2010-0793) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted CC: header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0793 was patched at 2024-05-15

3998. Remote Code Execution - Unknown Product (CVE-2010-1441) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple heap-based buffer overflows in VideoLAN VLC media player before 1.0.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) A/52, (2) DTS, or (3) MPEG Audio decoder.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1441 was patched at 2024-05-15

3999. Remote Code Execution - Unknown Product (CVE-2010-1442) - Medium [273]

Description: {'vulners_cve_data_all': 'VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1442 was patched at 2024-05-15

4000. Remote Code Execution - Unknown Product (CVE-2010-1444) - Medium [273]

Description: {'vulners_cve_data_all': 'The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1444 was patched at 2024-05-15

4001. Remote Code Execution - Unknown Product (CVE-2010-1445) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted byte stream in an RTMP session.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1445 was patched at 2024-05-15

4002. Remote Code Execution - Unknown Product (CVE-2010-2062) - Medium [273]

Description: {'vulners_cve_data_all': 'Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2062 was patched at 2024-05-15

4003. Remote Code Execution - Unknown Product (CVE-2010-2725) - Medium [273]

Description: {'vulners_cve_data_all': 'BarnOwl before 1.6.2 does not check the return code of calls to the (1) ZPending and (2) ZReceiveNotice functions in libzephyr, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2725 was patched at 2024-05-15

4004. Remote Code Execution - Unknown Product (CVE-2010-3441) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote attackers to execute arbitrary code via (1) a crafted input file, related to the PUT0 and PUT1 output macros; (2) a crafted input file, related to the trim_title function; and possibly (3) a long -O option on a command line.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3441 was patched at 2024-05-15

4005. Remote Code Execution - Unknown Product (CVE-2010-3444) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU FriBidi 0.19.1, 0.19.2, and possibly other versions, as used in PyFriBidi 0.10.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Arabic UTF-8 string that causes original 2-byte UTF-8 sequences to be transformed into 3-byte sequences.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3444 was patched at 2024-05-15

4006. Remote Code Execution - Unknown Product (CVE-2010-4261) - Medium [273]

Description: {'vulners_cve_data_all': 'Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4261 was patched at 2024-05-15

4007. Remote Code Execution - Unknown Product (CVE-2010-4479) - Medium [273]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4479 was patched at 2024-05-15

4008. Remote Code Execution - Unknown Product (CVE-2011-0430) - Medium [273]

Description: {'vulners_cve_data_all': 'Double free vulnerability in the Rx server process in OpenAFS 1.4.14, 1.4.12, 1.4.7, and possibly other versions allows remote attackers to cause a denial of service and execute arbitrary code via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0430 was patched at 2024-05-15

4009. Remote Code Execution - Unknown Product (CVE-2011-0520) - Medium [273]

Description: {'vulners_cve_data_all': 'The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long DNS hostname with a large number of labels, which triggers a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0520 was patched at 2024-05-15

4010. Remote Code Execution - Unknown Product (CVE-2011-0530) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device (nbd) before 2.9.20 might allow remote attackers to execute arbitrary code via a long request. NOTE: this issue exists because of a CVE-2005-3534 regression.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0530 was patched at 2024-05-15

4011. Remote Code Execution - Unknown Product (CVE-2011-1782) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the read_channel_data function in file-psp.c in the Paint Shop Pro (PSP) plugin in GIMP 2.6.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a PSP_COMP_RLE (aka RLE compression) image file that begins a long run count at the end of the image. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4543.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1782 was patched at 2024-05-15

4012. Remote Code Execution - Unknown Product (CVE-2011-2199) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in tftp-hpa before 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the utimeout option.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2199 was patched at 2024-05-15

4013. Remote Code Execution - Unknown Product (CVE-2011-2704) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before 5.6.7 allows remote attackers to execute arbitrary code via vectors related to OGC filter encoding.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2704 was patched at 2024-05-15

4014. Remote Code Execution - Unknown Product (CVE-2011-2778) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by (1) establishing a SOCKS connection to SocksPort or (2) leveraging a SOCKS proxy configuration.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2778 was patched at 2024-05-15

4015. Remote Code Execution - Unknown Product (CVE-2011-3341) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3341 was patched at 2024-05-15

4016. Remote Code Execution - Unknown Product (CVE-2011-3342) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or (4) AIPL (aka AI config) chunk loading from a savegame.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3342 was patched at 2024-05-15

4017. Remote Code Execution - Unknown Product (CVE-2011-3601) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative value in a label_len value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3601 was patched at 2024-05-15

4018. Remote Code Execution - Unknown Product (CVE-2011-3623) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in VideoLAN VLC media player before 1.0.2 allow remote attackers to execute arbitrary code via (1) a crafted ASF file, related to the ASF_ObjectDumpDebug function in modules/demux/asf/libasf.c; (2) a crafted AVI file, related to the AVI_ChunkDumpDebug_level function in modules/demux/avi/libavi.c; or (3) a crafted MP4 file, related to the __MP4_BoxDumpStructure function in modules/demux/mp4/libmp4.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3623 was patched at 2024-05-15

4019. Remote Code Execution - Unknown Product (CVE-2011-4405) - Medium [273]

Description: {'vulners_cve_data_all': 'The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4405 was patched at 2024-05-15

4020. Remote Code Execution - Unknown Product (CVE-2012-1184) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the ast_parse_digest function in main/utils.c in Asterisk 1.8.x before 1.8.10.1 and 10.x before 10.2.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in an HTTP Digest Authentication header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1184 was patched at 2024-05-15

4021. Remote Code Execution - Unknown Product (CVE-2012-2369) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2369 was patched at 2024-05-15

4022. Remote Code Execution - Unknown Product (CVE-2012-2944) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2944 was patched at 2024-05-15

4023. Remote Code Execution - Unknown Product (CVE-2012-3456) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3456 was patched at 2024-05-15

4024. Remote Code Execution - Unknown Product (CVE-2012-4560) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4560 was patched at 2024-05-15

4025. Remote Code Execution - Unknown Product (CVE-2012-4562) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4562 was patched at 2024-05-15

4026. Remote Code Execution - Unknown Product (CVE-2012-5468) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an email containing a base64 string that is decoded to incomplete multibyte characters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5468 was patched at 2024-05-15

4027. Remote Code Execution - Unknown Product (CVE-2012-5580) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the print_proxies function in bin/proxy.c in libproxy 0.3.1 might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a proxy name, as demonstrated using the http_proxy environment variable or a PAC file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5580 was patched at 2024-05-15

4028. Remote Code Execution - Unknown Product (CVE-2012-6063) - Medium [273]

Description: {'vulners_cve_data_all': 'Double free vulnerability in the sftp_mkdir function in sftp.c in libssh before 0.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vector than CVE-2012-4559.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6063 was patched at 2024-05-15

4029. Remote Code Execution - Unknown Product (CVE-2012-6089) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in the canoniseFileName function in os/pl-os.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6089 was patched at 2024-05-15

4030. Remote Code Execution - Unknown Product (CVE-2012-6090) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in the expand function in os/pl-glob.c in SWI-Prolog before 6.2.5 and 6.3.x before 6.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6090 was patched at 2024-05-15

4031. Remote Code Execution - Unknown Product (CVE-2012-6129) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6129 was patched at 2024-05-15

4032. Remote Code Execution - Unknown Product (CVE-2013-1655) - Medium [273]

Description: {'vulners_cve_data_all': 'Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1655 was patched at 2024-05-15

4033. Remote Code Execution - Unknown Product (CVE-2013-2126) - Medium [273]

Description: {'vulners_cve_data_all': 'Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2126 was patched at 2024-05-15

4034. Remote Code Execution - Unknown Product (CVE-2013-4385) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the "read-string!" procedure in the "extras" unit in CHICKEN stable before 4.8.0.5 and development snapshots before 4.8.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4385 was patched at 2024-05-15

4035. Remote Code Execution - Unknown Product (CVE-2013-6283) - Medium [273]

Description: {'vulners_cve_data_all': 'VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a URL in a m3u file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6283 was patched at 2024-05-15

4036. Remote Code Execution - Unknown Product (CVE-2014-1235) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-0978.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1235 was patched at 2024-05-15

4037. Remote Code Execution - Unknown Product (CVE-2014-2029) - Medium [273]

Description: {'vulners_cve_data_all': 'The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2029 was patched at 2024-05-15

4038. Remote Code Execution - Unknown Product (CVE-2014-3776) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer overflow in the "read-u8vector!" procedure in the srfi-4 unit in CHICKEN stable 4.8.0.7 and development snapshots before 4.9.1 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via a "#f" value in the NUM argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3776 was patched at 2024-05-15

4039. Remote Code Execution - Unknown Product (CVE-2014-6396) - Medium [273]

Description: {'vulners_cve_data_all': 'The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 0.8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written to an arbitrary memory location.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-6396 was patched at 2024-05-15

4040. Remote Code Execution - Unknown Product (CVE-2014-8321) - Medium [273]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8321 was patched at 2024-05-15

4041. Remote Code Execution - Unknown Product (CVE-2014-9114) - Medium [273]

Description: {'vulners_cve_data_all': 'Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9114 was patched at 2024-05-15

4042. Remote Code Execution - Unknown Product (CVE-2015-2785) - Medium [273]

Description: {'vulners_cve_data_all': 'The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2785 was patched at 2024-05-15

4043. Remote Code Execution - Unknown Product (CVE-2015-8026) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) or possibly execute arbitrary code via a crafted filesystem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8026 was patched at 2024-05-15

4044. Remote Code Execution - Unknown Product (CVE-2015-8106) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \\keywords command in a crafted TeX file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8106 was patched at 2024-05-15

4045. Remote Code Execution - Unknown Product (CVE-2015-8107) - Medium [273]

Description: {'vulners_cve_data_all': 'Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8107 was patched at 2024-05-15

4046. Remote Code Execution - Unknown Product (CVE-2016-3180) - Medium [273]

Description: {'vulners_cve_data_all': 'Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3180 was patched at 2024-05-15

4047. Remote Code Execution - Unknown Product (CVE-2016-6762) - Medium [273]

Description: {'vulners_cve_data_all': 'An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31251826.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6762 was patched at 2024-05-15

4048. Remote Code Execution - Unknown Product (CVE-2017-0841) - Medium [273]

Description: {'vulners_cve_data_all': 'A remote code execution vulnerability in the Android system (libutils). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37723026.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0841 was patched at 2024-05-15

4049. Remote Code Execution - Unknown Product (CVE-2017-11311) - Medium [273]

Description: {'vulners_cve_data_all': 'soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11311 was patched at 2024-05-15

4050. Remote Code Execution - Unknown Product (CVE-2017-11570) - Medium [273]

Description: {'vulners_cve_data_all': 'FontForge 20161012 is vulnerable to a buffer over-read in umodenc (parsettf.c) resulting in DoS or code execution via a crafted otf file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11570 was patched at 2024-05-15

4051. Remote Code Execution - Unknown Product (CVE-2017-11573) - Medium [273]

Description: {'vulners_cve_data_all': 'FontForge 20161012 is vulnerable to a buffer over-read in ValidatePostScriptFontName (parsettf.c) resulting in DoS or code execution via a crafted otf file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11573 was patched at 2024-05-15

4052. Remote Code Execution - Unknown Product (CVE-2017-14409) - Medium [273]

Description: {'vulners_cve_data_all': 'A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14409 was patched at 2024-05-15

4053. Remote Code Execution - Unknown Product (CVE-2017-14411) - Medium [273]

Description: {'vulners_cve_data_all': 'A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14411 was patched at 2024-05-15

4054. Remote Code Execution - Unknown Product (CVE-2017-14749) - Medium [273]

Description: {'vulners_cve_data_all': 'JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \\ characters cause incorrect 0x00 characters in bytecode.literal data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14749 was patched at 2024-05-15

4055. Remote Code Execution - Unknown Product (CVE-2017-17840) - Medium [273]

Description: {'vulners_cve_data_all': 'An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17840 was patched at 2024-05-15

4056. Remote Code Execution - Unknown Product (CVE-2017-2579) - Medium [273]

Description: {'vulners_cve_data_all': 'An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the application to crash or possibly allows code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2579 was patched at 2024-05-15

4057. Remote Code Execution - Unknown Product (CVE-2017-2580) - Medium [273]

Description: {'vulners_cve_data_all': 'An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2580 was patched at 2024-05-15

4058. Remote Code Execution - Unknown Product (CVE-2017-2581) - Medium [273]

Description: {'vulners_cve_data_all': 'An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2581 was patched at 2024-05-15

4059. Remote Code Execution - Unknown Product (CVE-2017-5330) - Medium [273]

Description: {'vulners_cve_data_all': 'ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5330 was patched at 2024-05-15

4060. Remote Code Execution - Unknown Product (CVE-2017-9274) - Medium [273]

Description: {'vulners_cve_data_all': 'A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9274 was patched at 2024-05-15

4061. Remote Code Execution - Unknown Product (CVE-2018-1000038) - Medium [273]

Description: {'vulners_cve_data_all': 'In MuPDF 1.12.0 and earlier, a stack buffer overflow in function pdf_lookup_cmap_full in pdf/pdf-cmap.c could allow an attacker to execute arbitrary code via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000038 was patched at 2024-05-15

4062. Remote Code Execution - Unknown Product (CVE-2018-1000039) - Medium [273]

Description: {'vulners_cve_data_all': 'In MuPDF 1.12.0 and earlier, multiple heap use after free bugs in the PDF parser could allow an attacker to execute arbitrary code, read memory, or cause a denial of service via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000039 was patched at 2024-05-15

4063. Remote Code Execution - Unknown Product (CVE-2018-1000546) - Medium [273]

Description: {'vulners_cve_data_all': 'Triplea version <= 1.9.0.0.10291 contains a XML External Entity (XXE) vulnerability in Importing game data that can result in Possible information disclosure, server-side request forgery, or remote code execution. This attack appear to be exploitable via Specially crafted game data file (XML).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000546 was patched at 2024-05-15

4064. Remote Code Execution - Unknown Product (CVE-2018-1000657) - Medium [273]

Description: {'vulners_cve_data_all': 'Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary code execution, but no proof-of-concept exploit is currently published.. This vulnerability appears to have been fixed in after commit fdfafb510b1a38f727e920dccbeeb638d39a8e60; stable release 1.22.0 and later.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000657 was patched at 2024-05-15

4065. Remote Code Execution - Unknown Product (CVE-2018-1046) - Medium [273]

Description: {'vulners_cve_data_all': 'pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the -ecs-stamp option of dnsreplay is used.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1046 was patched at 2024-05-15

4066. Remote Code Execution - Unknown Product (CVE-2018-4022) - Medium [273]

Description: {'vulners_cve_data_all': 'A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-4022 was patched at 2024-05-15

4067. Remote Code Execution - Unknown Product (CVE-2019-13106) - Medium [273]

Description: {'vulners_cve_data_all': 'Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-13106 was patched at 2024-05-15

4068. Remote Code Execution - Unknown Product (CVE-2019-19648) - Medium [273]

Description: {'vulners_cve_data_all': 'In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19648 was patched at 2024-05-15

4069. Remote Code Execution - Unknown Product (CVE-2019-5164) - Medium [273]

Description: {'vulners_cve_data_all': 'An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specially crafted network packets sent to ss-manager can cause an arbitrary binary to run, resulting in code execution and privilege escalation. An attacker can send network packets to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5164 was patched at 2024-05-15

4070. Remote Code Execution - Unknown Product (CVE-2020-14939) - Medium [273]

Description: {'vulners_cve_data_all': 'An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-14939 was patched at 2024-05-15

4071. Remote Code Execution - Unknown Product (CVE-2020-24696) - Medium [273]

Description: {'vulners_cve_data_all': 'An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24696 was patched at 2024-05-15

4072. Remote Code Execution - Unknown Product (CVE-2020-24889) - Medium [273]

Description: {'vulners_cve_data_all': 'A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24889 was patched at 2024-05-15

4073. Remote Code Execution - Unknown Product (CVE-2020-25559) - Medium [273]

Description: {'vulners_cve_data_all': 'gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-dependent arbitrary code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25559 was patched at 2024-05-15

4074. Remote Code Execution - Unknown Product (CVE-2020-28599) - Medium [273]

Description: {'vulners_cve_data_all': 'A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28599 was patched at 2024-05-15

4075. Remote Code Execution - Unknown Product (CVE-2020-28840) - Medium [273]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28840 was patched at 2024-05-15

4076. Remote Code Execution - Unknown Product (CVE-2020-5209) - Medium [273]

Description: {'vulners_cve_data_all': 'In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5209 was patched at 2024-05-15

4077. Remote Code Execution - Unknown Product (CVE-2020-5210) - Medium [273]

Description: {'vulners_cve_data_all': 'In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5210 was patched at 2024-05-15

4078. Remote Code Execution - Unknown Product (CVE-2020-5991) - Medium [273]

Description: {'vulners_cve_data_all': 'NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5991 was patched at 2024-05-15

4079. Remote Code Execution - Unknown Product (CVE-2020-6070) - Medium [273]

Description: {'vulners_cve_data_all': 'An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-6070 was patched at 2024-05-15

4080. Remote Code Execution - Unknown Product (CVE-2020-6108) - Medium [273]

Description: {'vulners_cve_data_all': 'An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-6108 was patched at 2024-05-15

4081. Remote Code Execution - Unknown Product (CVE-2020-8131) - Medium [273]

Description: {'vulners_cve_data_all': 'Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-8131 was patched at 2024-05-15

4082. Remote Code Execution - Unknown Product (CVE-2021-23521) - Medium [273]

Description: {'vulners_cve_data_all': 'This affects the package juce-framework/JUCE before 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic link. When extracted, the symbolic link is followed outside of the target dir allowing writing arbitrary files on the target host. In some cases, this can allow an attacker to execute arbitrary code. The vulnerable code is in the ZipFile::uncompressEntry function in juce_ZipFile.cpp and is executed when the archive is extracted upon calling uncompressTo() on a ZipFile object.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-23521 was patched at 2024-05-15

4083. Remote Code Execution - Unknown Product (CVE-2021-26825) - Medium [273]

Description: {'vulners_cve_data_all': 'An integer overflow issue exists in Godot Engine up to v3.2 that can be triggered when loading specially crafted.TGA image files. The vulnerability exists in ImageLoaderTGA::load_image() function at line: const size_t buffer_size = (tga_header.image_width * tga_header.image_height) * pixel_size; The bug leads to Dynamic stack buffer overflow. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26825 was patched at 2024-05-15

4084. Remote Code Execution - Unknown Product (CVE-2021-26826) - Medium [273]

Description: {'vulners_cve_data_all': 'A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26826 was patched at 2024-05-15

4085. Remote Code Execution - Unknown Product (CVE-2021-30145) - Medium [273]

Description: {'vulners_cve_data_all': 'A format string vulnerability in mpv through 0.33.0 allows user-assisted remote attackers to achieve code execution via a crafted m3u playlist file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30145 was patched at 2024-05-15

4086. Remote Code Execution - Unknown Product (CVE-2021-30184) - Medium [273]

Description: {'vulners_cve_data_all': 'GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30184 was patched at 2024-05-15

4087. Remote Code Execution - Unknown Product (CVE-2021-3404) - Medium [273]

Description: {'vulners_cve_data_all': 'In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3404 was patched at 2024-05-15

4088. Remote Code Execution - Unknown Product (CVE-2021-34119) - Medium [273]

Description: {'vulners_cve_data_all': 'A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-34119 was patched at 2024-05-15

4089. Remote Code Execution - Unknown Product (CVE-2021-34121) - Medium [273]

Description: {'vulners_cve_data_all': 'An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-34121 was patched at 2024-05-15

4090. Remote Code Execution - Unknown Product (CVE-2021-43518) - Medium [273]

Description: {'vulners_cve_data_all': 'Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client's stack causing denial of service or code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43518 was patched at 2024-05-15

4091. Remote Code Execution - Unknown Product (CVE-2022-21821) - Medium [273]

Description: {'vulners_cve_data_all': 'NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-21821 was patched at 2024-05-15

4092. Remote Code Execution - Unknown Product (CVE-2022-28085) - Medium [273]

Description: {'vulners_cve_data_all': 'A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-28085 was patched at 2024-05-15

4093. Remote Code Execution - Unknown Product (CVE-2022-30065) - Medium [273]

Description: {'vulners_cve_data_all': 'A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-30065 was patched at 2024-05-15

4094. Remote Code Execution - Unknown Product (CVE-2022-33064) - Medium [273]

Description: {'vulners_cve_data_all': 'An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-33064 was patched at 2024-05-15

4095. Remote Code Execution - Unknown Product (CVE-2022-42260) - Medium [273]

Description: {'vulners_cve_data_all': 'NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-42260 was patched at 2024-05-15

4096. Remote Code Execution - Unknown Product (CVE-2023-33551) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-33551 was patched at 2024-05-15

4097. Remote Code Execution - Unknown Product (CVE-2023-33552) - Medium [273]

Description: {'vulners_cve_data_all': 'Heap Buffer Overflow in the erofs_read_one_data function at data.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-33552 was patched at 2024-05-15

4098. Remote Code Execution - Unknown Product (CVE-2023-34318) - Medium [273]

Description: {'vulners_cve_data_all': 'A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. This flaw can lead to a denial of service, code execution, or information disclosure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34318 was patched at 2024-05-15

4099. Remote Code Execution - Unknown Product (CVE-2023-34432) - Medium [273]

Description: {'vulners_cve_data_all': 'A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34432 was patched at 2024-05-15

4100. Remote Code Execution - Unknown Product (CVE-2023-37476) - Medium [273]

Description: {'vulners_cve_data_all': ' OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as possible. Users unable to upgrade should only import OpenRefine projects from trusted sources.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-37476 was patched at 2024-05-15

4101. Remote Code Execution - Unknown Product (CVE-2023-39070) - Medium [273]

Description: {'vulners_cve_data_all': 'An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39070 was patched at 2024-05-15

4102. Remote Code Execution - Unknown Product (CVE-2023-40826) - Medium [273]

Description: {'vulners_cve_data_all': 'An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-40826 was patched at 2024-05-15

4103. Remote Code Execution - Unknown Product (CVE-2023-40827) - Medium [273]

Description: {'vulners_cve_data_all': 'An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-40827 was patched at 2024-05-15

4104. Remote Code Execution - Unknown Product (CVE-2023-40828) - Medium [273]

Description: {'vulners_cve_data_all': 'An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-40828 was patched at 2024-05-15

4105. Remote Code Execution - Unknown Product (CVE-2023-44428) - Medium [273]

Description: {'vulners_cve_data_all': 'MuseScore CAP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MuseScore. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CAP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20769.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-44428 was patched at 2024-05-15

4106. Remote Code Execution - Unknown Product (CVE-2023-45675) - Medium [273]

Description: {'vulners_cve_data_all': 'stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45675 was patched at 2024-05-15

4107. Remote Code Execution - Unknown Product (CVE-2023-45676) - Medium [273]

Description: {'vulners_cve_data_all': 'stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45676 was patched at 2024-05-15

4108. Remote Code Execution - Unknown Product (CVE-2023-45677) - Medium [273]

Description: {'vulners_cve_data_all': 'stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45677 was patched at 2024-05-15

4109. Remote Code Execution - Unknown Product (CVE-2023-45678) - Medium [273]

Description: {'vulners_cve_data_all': 'stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45678 was patched at 2024-05-15

4110. Remote Code Execution - Unknown Product (CVE-2023-45679) - Medium [273]

Description: {'vulners_cve_data_all': 'stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45679 was patched at 2024-05-15

4111. Remote Code Execution - Unknown Product (CVE-2023-45681) - Medium [273]

Description: {'vulners_cve_data_all': 'stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45681 was patched at 2024-05-15

4112. Remote Code Execution - Unknown Product (CVE-2023-50292) - Medium [273]

Description: {'vulners_cve_data_all': 'Incorrect Permission Assignment for Critical Resource, Improper Control of Dynamically-Managed Code Resources vulnerability in Apache Solr.\n\nThis issue affects Apache Solr: from 8.10.0 through 8.11.2, from 9.0.0 before 9.3.0.\n\nThe Schema Designer was introduced to allow users to more easily configure and test new Schemas and configSets.\nHowever, when the feature was created, the "trust" (authentication) of these configSets was not considered.\nExternal library loading is only available to configSets that are "trusted" (created by authenticated users), thus non-authenticated users are unable to perform Remote Code Execution.\nSince the Schema Designer loaded configSets without taking their "trust" into account, configSets that were created by unauthenticated users were allowed to load external libraries when used in the Schema Designer.\n\nUsers are recommended to upgrade to version 9.3.0, which fixes the issue.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50292 was patched at 2024-05-15

4113. Remote Code Execution - Unknown Product (CVE-2024-23833) - Medium [273]

Description: {'vulners_cve_data_all': 'OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest version of OpenRefine (8.0.30), there is no associated deserialization utilization point, so original code execution cannot be achieved, but attackers can use this vulnerability to read sensitive files on the target server. This issue has been addressed in version 3.7.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23833 was patched at 2024-05-15

4114. Remote Code Execution - Unknown Product (CVE-2024-28130) - Medium [273]

Description: {'vulners_cve_data_all': 'An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28130 was patched at 2024-05-15

4115. Unknown Vulnerability Type - Kerberos (CVE-2007-5894) - Medium [273]

Description: {'vulners_cve_data_all': 'The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating " The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5894 was patched at 2024-05-15

4116. Unknown Vulnerability Type - Kerberos (CVE-2007-5972) - Medium [273]

Description: {'vulners_cve_data_all': 'Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5972 was patched at 2024-05-15

4117. Unknown Vulnerability Type - Unknown Product (CVE-2008-3337) - Medium [273]

Description: {'vulners_cve_data_all': 'PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] BIND 9.x - Remote DNS Cache Poisoning, [exploitpack] BIND 9.4.1 9.4.2 - Remote DNS Cache Poisoning (Metasploit), [exploitpack] BIND 9.x - Remote DNS Cache Poisoning (Python), [seebug] BIND 9.4.1-9.4.2 - Remote DNS Cache Poisoning Flaw Exploit (meta), [seebug] BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py), [seebug] BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (meta), [seebug] BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c), [seebug] BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (py), [packetstorm] bind9x-poison.txt, [packetstorm] bailiwicked_domain.rb.txt, [packetstorm] bailiwicked_host.rb.txt)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3337 was patched at 2024-05-15

4118. Unknown Vulnerability Type - Unknown Product (CVE-2008-4100) - Medium [273]

Description: {'vulners_cve_data_all': 'GNU adns 1.4 and earlier uses a fixed source port and sequential transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: the vendor reports that this is intended behavior and is compatible with the product's intended role in a trusted environment.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] BIND 9.x - Remote DNS Cache Poisoning, [exploitpack] BIND 9.4.1 9.4.2 - Remote DNS Cache Poisoning (Metasploit), [exploitpack] BIND 9.x - Remote DNS Cache Poisoning (Python), [seebug] BIND 9.4.1-9.4.2 - Remote DNS Cache Poisoning Flaw Exploit (meta), [seebug] BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py), [seebug] BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (meta), [seebug] BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c), [seebug] BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (py), [packetstorm] bind9x-poison.txt, [packetstorm] bailiwicked_domain.rb.txt, [packetstorm] bailiwicked_host.rb.txt)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4100 was patched at 2024-05-15

4119. Unknown Vulnerability Type - Unknown Product (CVE-2008-4392) - Medium [273]

Description: {'vulners_cve_data_all': 'dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent simultaneous identical outbound DNS queries, which makes it easier for remote attackers to spoof DNS responses, as demonstrated by a spoofed A record in the Additional section of a response to a Start of Authority (SOA) query.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] djbdns dnscache SOA请求远程缓存中毒漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4392 was patched at 2024-05-15

4120. Unknown Vulnerability Type - Unknown Product (CVE-2011-4314) - Medium [273]

Description: {'vulners_cve_data_all': 'message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Red Hat Security Advisory 2011-1798-01)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4314 was patched at 2024-05-15

4121. Unknown Vulnerability Type - Unknown Product (CVE-2012-4520) - Medium [273]

Description: {'vulners_cve_data_all': 'The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host header values.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Django 1.3.1 'HttpRequest.get_host()'信息泄露漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4520 was patched at 2024-05-15

4122. Unknown Vulnerability Type - Unknown Product (CVE-2013-0335) - Medium [273]

Description: {'vulners_cve_data_all': 'OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenStack Nova 安全绕过漏洞(CVE-2013-0335))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0335 was patched at 2024-05-15

4123. Unknown Vulnerability Type - Unknown Product (CVE-2013-2255) - Medium [273]

Description: {'vulners_cve_data_all': 'HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenStack多个产品SSL证书校验漏洞(CVE-2013-2255))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2255 was patched at 2024-05-15

4124. Unknown Vulnerability Type - Unknown Product (CVE-2013-3221) - Medium [273]

Description: {'vulners_cve_data_all': 'The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attacks against Ruby on Rails applications via a crafted value, as demonstrated by unintended interaction between the "typed XML" feature and a MySQL database.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Ruby on Rails Active Record 数据类型注入漏洞(CVE-2013-3221))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-3221 was patched at 2024-05-15

4125. Unknown Vulnerability Type - Unknown Product (CVE-2013-6391) - Medium [273]

Description: {'vulners_cve_data_all': 'The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenStack Keystone EC2-style令牌校验特权提升漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6391 was patched at 2024-05-15

4126. Unknown Vulnerability Type - Unknown Product (CVE-2014-4336) - Medium [273]

Description: {'vulners_cve_data_all': 'The generate_local_queue function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote IPP printers to execute arbitrary commands via shell metacharacters in the host name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] cups-filters cups-browsed OS命令注入漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4336 was patched at 2024-05-15

4127. Unknown Vulnerability Type - Unknown Product (CVE-2016-3116) - Medium [273]

Description: {'vulners_cve_data_all': 'CRLF injection vulnerability in Dropbear SSH before 2016.72 allows remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Dropbear SSHD xauth Command Injection / Bypass, [zdt] DropBearSSHD 2015.71 - Command Injection, [exploitpack] DropBearSSHD 2015.71 - Command Injection, [exploitdb] DropBearSSHD 2015.71 - Command Injection)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3116 was patched at 2024-05-15

4128. Unknown Vulnerability Type - Unknown Product (CVE-2017-16231) - Medium [273]

Description: {'vulners_cve_data_all': 'In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] PCRE 8.41 Buffer Overflow)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16231 was patched at 2024-05-15

4129. Unknown Vulnerability Type - Unknown Product (CVE-2017-17688) - Medium [273]

Description: {'vulners_cve_data_all': 'The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenPGP、S/MIME information disclosure (CVE-2017-17688,CVE-2017-17689))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17688 was patched at 2024-05-15

4130. Unknown Vulnerability Type - Unknown Product (CVE-2017-17689) - Medium [273]

Description: {'vulners_cve_data_all': 'The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenPGP、S/MIME information disclosure (CVE-2017-17688,CVE-2017-17689))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17689 was patched at 2024-05-15

4131. Unknown Vulnerability Type - Unknown Product (CVE-2017-5591) - Medium [273]

Description: {'vulners_cve_data_all': 'An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for SleekXMPP up to 1.3.1 and Slixmpp all versions up to 1.2.3, as bundled in poezio (0.8 - 0.10) and other products.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] XMPP Clients User Impersonation Vulnerability)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5591 was patched at 2024-05-15

4132. Unknown Vulnerability Type - Unknown Product (CVE-2020-36471) - Medium [273]

Description: {'vulners_cve_data_all': 'An issue was discovered in the generator crate before 0.7.0 for Rust. It does not ensure that a function (for yielding values) has Send bounds.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36471 was patched at 2024-05-15

4133. Unknown Vulnerability Type - Unknown Product (CVE-2023-48104) - Medium [273]

Description: {'vulners_cve_data_all': 'Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for Cross-site Scripting in Alinto Sogo)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-48104 was patched at 2024-05-15

4134. Arbitrary File Reading - Perl (CVE-2012-2737) - Medium [272]

Description: The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2737 was patched at 2024-05-15

4135. Denial of Service - Exim (CVE-2010-2023) - Medium [272]

Description: transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Exim is a mail transfer agent (MTA) used on Unix-like operating systems
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2023 was patched at 2024-05-15

4136. Denial of Service - Exim (CVE-2010-2024) - Medium [272]

Description: transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Exim is a mail transfer agent (MTA) used on Unix-like operating systems
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2024 was patched at 2024-05-15

4137. Denial of Service - Perl (CVE-2006-6017) - Medium [272]

Description: WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6017 was patched at 2024-05-15

4138. Denial of Service - Perl (CVE-2007-4996) - Medium [272]

Description: libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an invalid memory location."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4996 was patched at 2024-05-15

4139. Denial of Service - Perl (CVE-2008-2009) - Medium [272]

Description: Xiph.org libvorbis before 1.0 does not properly check for underpopulated Huffman trees, which allows remote attackers to cause a denial of service (crash) via a crafted OGG file that triggers memory corruption during execution of the _make_decode_tree function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2009 was patched at 2024-05-15

4140. Denial of Service - Perl (CVE-2010-1167) - Medium [272]

Description: fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1167 was patched at 2024-05-15

4141. Denial of Service - Perl (CVE-2010-2444) - Medium [272]

Description: parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03, does not properly handle hostnames that do not end in a "." (dot) character, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted csv2 zone file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2444 was patched at 2024-05-15

4142. Denial of Service - Perl (CVE-2010-2482) - Medium [272]

Description: LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2482 was patched at 2024-05-15

4143. Denial of Service - Perl (CVE-2010-2630) - Medium [272]

Description: The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2630 was patched at 2024-05-15

4144. Denial of Service - Perl (CVE-2010-2631) - Medium [272]

Description: LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2010-2481.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2631 was patched at 2024-05-15

4145. Denial of Service - Perl (CVE-2010-3696) - Medium [272]

Description: The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3696 was patched at 2024-05-15

4146. Denial of Service - Perl (CVE-2010-3697) - Medium [272]

Description: The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x before 2.1.10, in certain circumstances involving long-term database outages, does not properly handle long queue times for requests, which allows remote attackers to cause a denial of service (daemon crash) by sending many requests.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3697 was patched at 2024-05-15

4147. Denial of Service - Perl (CVE-2010-4759) - Medium [272]

Description: Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of service (daemon hang) via a fulltext search.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4759 was patched at 2024-05-15

4148. Denial of Service - Perl (CVE-2010-4777) - Medium [272]

Description: The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4777 was patched at 2024-05-15

4149. Denial of Service - Perl (CVE-2011-2485) - Medium [272]

Description: The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in gdk-pixbuf before 2.23.5 does not properly handle certain return values, which allows remote attackers to cause a denial of service (memory consumption) via a crafted GIF image file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2485 was patched at 2024-05-15

4150. Denial of Service - Perl (CVE-2011-3184) - Medium [272]

Description: The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3184 was patched at 2024-05-15

4151. Denial of Service - Perl (CVE-2011-5268) - Medium [272]

Description: connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes, a different vulnerability than CVE-2013-4550. NOTE: this issue was SPLIT from CVE-2013-4550 because it is a different type of issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-5268 was patched at 2024-05-15

4152. Denial of Service - Perl (CVE-2012-0885) - Medium [272]

Description: chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0885 was patched at 2024-05-15

4153. Denial of Service - Perl (CVE-2012-3863) - Medium [272]

Description: channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3863 was patched at 2024-05-15

4154. Denial of Service - Perl (CVE-2012-4435) - Medium [272]

Description: fwknop before 2.0.3 does not properly validate IP addresses, which allows remote authenticated users to cause a denial of service (server crash) via a long IP address.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4435 was patched at 2024-05-15

4155. Denial of Service - Perl (CVE-2013-1838) - Medium [272]

Description: OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) does not properly implement a quota for fixed IPs, which allows remote authenticated users to cause a denial of service (resource exhaustion and failure to spawn new instances) via a large number of calls to the addFixedIp function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1838 was patched at 2024-05-15

4156. Denial of Service - Perl (CVE-2014-2980) - Medium [272]

Description: Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run in daemon mode, does not properly handle the file descriptor for the logger, which allows remote attackers to cause a denial of service (abort) via an invalid request.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2980 was patched at 2024-05-15

4157. Denial of Service - Perl (CVE-2014-5147) - Medium [272]

Description: Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5147 was patched at 2024-05-15

4158. Denial of Service - Perl (CVE-2014-9065) - Medium [272]

Description: common/spinlock.c in Xen 4.4.x and earlier does not properly handle read and write locks, which allows local x86 guest users to cause a denial of service (write denial or NMI watchdog timeout and host crash) via a large number of read requests, a different vulnerability to CVE-2014-9066.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9065 was patched at 2024-05-15

4159. Denial of Service - Perl (CVE-2014-9732) - Medium [272]

Description: The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9732 was patched at 2024-05-15

4160. Denial of Service - Perl (CVE-2015-4467) - Medium [272]

Description: The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted CHM file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-4467 was patched at 2024-05-15

4161. Denial of Service - Wireshark (CVE-2006-4330) - Medium [272]

Description: Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4330 was patched at 2024-05-15

4162. Denial of Service - Wireshark (CVE-2011-1138) - Medium [272]

Description: Off-by-one error in the dissect_6lowpan_iphc function in packet-6lowpan.c in Wireshark 1.4.0 through 1.4.3 on 32-bit platforms allows remote attackers to cause a denial of service (application crash) via a malformed 6LoWPAN IPv6 packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1138 was patched at 2024-05-15

4163. Denial of Service - Wireshark (CVE-2011-1956) - Medium [272]

Description: The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect pointer argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via arbitrary TCP traffic.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1956 was patched at 2024-05-15

4164. Denial of Service - Wireshark (CVE-2011-3482) - Medium [272]

Description: The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3482 was patched at 2024-05-15

4165. Denial of Service - Wireshark (CVE-2011-3483) - Medium [272]

Description: Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability."

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3483 was patched at 2024-05-15

4166. Denial of Service - Wireshark (CVE-2011-3484) - Medium [272]

Description: The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3484 was patched at 2024-05-15

4167. Denial of Service - Wireshark (CVE-2011-4100) - Medium [272]

Description: The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.3 does not initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4100 was patched at 2024-05-15

4168. Denial of Service - Wireshark (CVE-2011-4101) - Medium [272]

Description: The dissect_infiniband_common function in epan/dissectors/packet-infiniband.c in the Infiniband dissector in Wireshark 1.4.0 through 1.4.9 and 1.6.x before 1.6.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4101 was patched at 2024-05-15

4169. Denial of Service - Wireshark (CVE-2012-0068) - Medium [272]

Description: The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0068 was patched at 2024-05-15

4170. Denial of Service - Wireshark (CVE-2012-3548) - Medium [272]

Description: The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3548 was patched at 2024-05-15

4171. Denial of Service - Wireshark (CVE-2012-4286) - Medium [272]

Description: The pcapng_read_packet_block function in wiretap/pcapng.c in the pcap-ng file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted pcap-ng file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4286 was patched at 2024-05-15

4172. Denial of Service - Wireshark (CVE-2013-5717) - Medium [272]

Description: The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that is not properly handled by the wmem_block_alloc function in epan/wmem/wmem_allocator_block.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-5717 was patched at 2024-05-15

4173. Denial of Service - Wireshark (CVE-2014-2907) - Medium [272]

Description: The srtp_add_address function in epan/dissectors/packet-rtp.c in the RTP dissector in Wireshark 1.10.x before 1.10.7 does not properly update SRTP conversation data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2907 was patched at 2024-05-15

4174. Denial of Service - Wireshark (CVE-2014-4020) - Medium [272]

Description: The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4020 was patched at 2024-05-15

4175. Incorrect Calculation - Perl (CVE-2014-4860) - Medium [272]

Description: Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4860 was patched at 2024-05-15

4176. Information Disclosure - Perl (CVE-2003-0618) - Medium [272]

Description: Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0618 was patched at 2024-05-15

4177. Information Disclosure - Perl (CVE-2005-1858) - Medium [272]

Description: FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1858 was patched at 2024-05-15

4178. Information Disclosure - Perl (CVE-2007-2448) - Medium [272]

Description: Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via svn (1) propget, (2) proplist, or (3) propedit.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2448 was patched at 2024-05-15

4179. Information Disclosure - Perl (CVE-2010-3073) - Medium [272]

Description: SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3073 was patched at 2024-05-15

4180. Information Disclosure - Perl (CVE-2011-0016) - Medium [272]

Description: Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not properly manage key data in memory, which might allow local users to obtain sensitive information by leveraging the ability to read memory that was previously used by a different process.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0016 was patched at 2024-05-15

4181. Memory Corruption - ImageMagick (CVE-2017-14139) - Medium [272]

Description: ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14139 was patched at 2024-05-15

4182. Memory Corruption - ImageMagick (CVE-2020-27752) - Medium [272]

Description: A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27752 was patched at 2024-05-15

4183. Security Feature Bypass - Perl (CVE-2006-5298) - Medium [272]

Description: The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5298 was patched at 2024-05-15

4184. Authentication Bypass - Unknown Product (CVE-2004-1342) - Medium [270]

Description: {'vulners_cve_data_all': 'CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1342 was patched at 2024-05-15

4185. Authentication Bypass - Unknown Product (CVE-2004-1462) - Medium [270]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as (1) revert and (2) delete.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1462 was patched at 2024-05-15

4186. Authentication Bypass - Unknown Product (CVE-2006-1354) - Medium [270]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1354 was patched at 2024-05-15

4187. Authentication Bypass - Unknown Product (CVE-2007-1436) - Medium [270]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1436 was patched at 2024-05-15

4188. Authentication Bypass - Unknown Product (CVE-2007-1541) - Medium [270]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence in the login parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1541 was patched at 2024-05-15

4189. Authentication Bypass - Unknown Product (CVE-2009-0669) - Medium [270]

Description: {'vulners_cve_data_all': 'Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to bypass authentication via vectors involving the ZEO network protocol.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0669 was patched at 2024-05-15

4190. Authentication Bypass - Unknown Product (CVE-2009-4810) - Medium [270]

Description: {'vulners_cve_data_all': 'The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication via crafted input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4810 was patched at 2024-05-15

4191. Authentication Bypass - Unknown Product (CVE-2012-2388) - Medium [270]

Description: {'vulners_cve_data_all': 'The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote attackers to bypass authentication via a (1) empty or (2) zeroed RSA signature, aka "RSA signature verification vulnerability."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2388 was patched at 2024-05-15

4192. Authentication Bypass - Unknown Product (CVE-2015-8308) - Medium [270]

Description: {'vulners_cve_data_all': 'LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8308 was patched at 2024-05-15

4193. Authentication Bypass - Unknown Product (CVE-2016-9123) - Medium [270]

Description: {'vulners_cve_data_all': 'go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9123 was patched at 2024-05-15

4194. Authentication Bypass - Unknown Product (CVE-2017-11565) - Medium [270]

Description: {'vulners_cve_data_all': 'debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism. NOTE: this does not affect systems, such as default Debian stretch installations, on which Tor startup relies on a systemd unit file (instead of this tor.init script).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11565 was patched at 2024-05-15

4195. Authentication Bypass - Unknown Product (CVE-2018-12179) - Medium [270]

Description: {'vulners_cve_data_all': 'Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12179 was patched at 2024-05-15

4196. Authentication Bypass - Unknown Product (CVE-2018-2693) - Medium [270]

Description: {'vulners_cve_data_all': 'Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Guest Additions). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-2693 was patched at 2024-05-15

4197. Authentication Bypass - Unknown Product (CVE-2019-12105) - Medium [270]

Description: {'vulners_cve_data_all': 'In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. The maintainer indicated the ability to run an open server will not be removed but an additional warning was added to the documentation', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12105 was patched at 2024-05-15

4198. Authentication Bypass - Unknown Product (CVE-2022-1949) - Medium [270]

Description: {'vulners_cve_data_all': 'An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1949 was patched at 2024-05-15

4199. Denial of Service - Artifex Ghostscript (CVE-2017-7948) - Medium [270]

Description: Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via a crafted PostScript document.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.314Artifex Ghostscript is an interpreter for the PostScript® language and PDF files
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7948 was patched at 2024-05-15

4200. Denial of Service - Artifex Ghostscript (CVE-2017-9610) - Medium [270]

Description: The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.314Artifex Ghostscript is an interpreter for the PostScript® language and PDF files
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9610 was patched at 2024-05-15

4201. Denial of Service - Artifex Ghostscript (CVE-2017-9618) - Medium [270]

Description: The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted document.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.314Artifex Ghostscript is an interpreter for the PostScript® language and PDF files
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9618 was patched at 2024-05-15

4202. Denial of Service - Artifex Ghostscript (CVE-2017-9619) - Medium [270]

Description: The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (Segmentation Violation and application crash) via a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.314Artifex Ghostscript is an interpreter for the PostScript® language and PDF files
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9619 was patched at 2024-05-15

4203. Denial of Service - Artifex Ghostscript (CVE-2017-9620) - Medium [270]

Description: The xps_select_font_encoding function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document, related to the xps_encode_font_char_imp function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.314Artifex Ghostscript is an interpreter for the PostScript® language and PDF files
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9620 was patched at 2024-05-15

4204. Denial of Service - Artifex Ghostscript (CVE-2017-9740) - Medium [270]

Description: The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.314Artifex Ghostscript is an interpreter for the PostScript® language and PDF files
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9740 was patched at 2024-05-15

4205. Elevation of Privilege - Unknown Product (CVE-2011-4124) - Medium [270]

Description: {'vulners_cve_data_all': 'Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4124 was patched at 2024-05-15

4206. Elevation of Privilege - Unknown Product (CVE-2014-6311) - Medium [270]

Description: {'vulners_cve_data_all': 'generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-6311 was patched at 2024-05-15

4207. Elevation of Privilege - Unknown Product (CVE-2017-0822) - Medium [270]

Description: {'vulners_cve_data_all': 'An elevation of privilege vulnerability in the Android system (camera). Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63787722.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0822 was patched at 2024-05-15

4208. Elevation of Privilege - Unknown Product (CVE-2022-29021) - Medium [270]

Description: {'vulners_cve_data_all': 'A buffer overflow vulnerability exists in the razerkbd driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29021 was patched at 2024-05-15

4209. Elevation of Privilege - Unknown Product (CVE-2022-29022) - Medium [270]

Description: {'vulners_cve_data_all': 'A buffer overflow vulnerability exists in the razeraccessory driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29022 was patched at 2024-05-15

4210. Elevation of Privilege - Unknown Product (CVE-2022-29023) - Medium [270]

Description: {'vulners_cve_data_all': 'A buffer overflow vulnerability exists in the razermouse driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29023 was patched at 2024-05-15

4211. Cross Site Scripting - Git (CVE-2022-1726) - Medium [269]

Description: Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.414Git
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1726 was patched at 2024-05-15

4212. Unknown Vulnerability Type - Apache HTTP Server (CVE-2019-19791) - Medium [269]

Description: {'vulners_cve_data_all': 'In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used). For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19791 was patched at 2024-05-15

4213. Unknown Vulnerability Type - Linux Kernel (CVE-2016-10764) - Medium [269]

Description: {'vulners_cve_data_all': 'In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the ">" should be ">=" instead.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10764 was patched at 2024-05-15

4214. Unknown Vulnerability Type - Linux Kernel (CVE-2017-18379) - Medium [269]

Description: {'vulners_cve_data_all': 'In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-18379 was patched at 2024-05-15

4215. Unknown Vulnerability Type - Windows LDAP (CVE-2003-0734) - Medium [269]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0734 was patched at 2024-05-15

4216. Unknown Vulnerability Type - Windows LDAP (CVE-2018-12689) - Medium [269]

Description: {'vulners_cve_data_all': 'phpLDAPadmin 1.2.2 allows LDAP injection via a crafted server_id parameter in a cmd.php?cmd=login_form request, or a crafted username and password in the login panel.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12689 was patched at 2024-05-15

4217. Unknown Vulnerability Type - Windows LDAP (CVE-2022-46337) - Medium [269]

Description: {'vulners_cve_data_all': 'A cleverly devised username might bypass LDAP authentication checks. In \nLDAP-authenticated Derby installations, this could let an attacker fill \nup the disk by creating junk Derby databases. In LDAP-authenticated \nDerby installations, this could also allow the attacker to execute \nmalware which was visible to and executable by the account which booted \nthe Derby server. In LDAP-protected databases which weren't also \nprotected by SQL GRANT/REVOKE authorization, this vulnerability could \nalso let an attacker view and corrupt sensitive data and run sensitive \ndatabase functions and procedures.\n\nMitigation:\n\nUsers should upgrade to Java 21 and Derby 10.17.1.0.\n\nAlternatively, users who wish to remain on older Java versions should \nbuild their own Derby distribution from one of the release families to \nwhich the fix was backported: 10.16, 10.15, and 10.14. Those are the \nreleases which correspond, respectively, with Java LTS versions 17, 11, \nand 8.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-46337 was patched at 2024-05-15

4218. Code Injection - Unknown Product (CVE-2006-2314) - Medium [268]

Description: {'vulners_cve_data_all': 'PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2314 was patched at 2024-05-15

4219. Code Injection - Unknown Product (CVE-2023-27986) - Medium [268]

Description: {'vulners_cve_data_all': 'emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. It is fixed in 29.0.90.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-27986 was patched at 2024-05-15

4220. Code Injection - Unknown Product (CVE-2023-5764) - Medium [268]

Description: {'vulners_cve_data_all': 'A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce templating injection when supplying templating data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-5764 was patched at 2024-05-15

4221. Code Injection - Unknown Product (CVE-2024-27289) - Medium [268]

Description: {'vulners_cve_data_all': 'pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27289 was patched at 2024-05-15

4222. Command Injection - Unknown Product (CVE-2006-1865) - Medium [268]

Description: {'vulners_cve_data_all': 'Argument injection vulnerability in Beagle before 0.2.5 allows attackers to execute arbitrary commands via crafted filenames that inject command line arguments when Beagle launches external helper applications while indexing.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1865 was patched at 2024-05-15

4223. Command Injection - Unknown Product (CVE-2006-6610) - Medium [268]

Description: {'vulners_cve_data_all': 'clientcommands in Nexuiz before 2.2.1 has unknown impact and remote attack vectors related to "remote console command injection."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6610 was patched at 2024-05-15

4224. Command Injection - Unknown Product (CVE-2011-0456) - Medium [268]

Description: {'vulners_cve_data_all': 'webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0456 was patched at 2024-05-15

4225. Command Injection - Unknown Product (CVE-2015-5704) - Medium [268]

Description: {'vulners_cve_data_all': 'scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5704 was patched at 2024-05-15

4226. Command Injection - Unknown Product (CVE-2016-10729) - Medium [268]

Description: {'vulners_cve_data_all': 'An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10729 was patched at 2024-05-15

4227. Command Injection - Unknown Product (CVE-2020-11988) - Medium [268]

Description: {'vulners_cve_data_all': 'Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11988 was patched at 2024-05-15

4228. Command Injection - Unknown Product (CVE-2021-23727) - Medium [268]

Description: {'vulners_cve_data_all': 'This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-23727 was patched at 2024-05-15

4229. Command Injection - Unknown Product (CVE-2022-29631) - Medium [268]

Description: {'vulners_cve_data_all': 'Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a crafted TCP payload.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29631 was patched at 2024-05-15

4230. Command Injection - Unknown Product (CVE-2022-41721) - Medium [268]

Description: {'vulners_cve_data_all': 'A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-41721 was patched at 2024-05-15

4231. Command Injection - Unknown Product (CVE-2023-27985) - Medium [268]

Description: {'vulners_cve_data_all': 'emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. It is fixed in 29.0.90', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-27985 was patched at 2024-05-15

4232. Command Injection - Unknown Product (CVE-2023-49735) - Medium [268]

Description: {'vulners_cve_data_all': '** UNSUPPORTED WHEN ASSIGNED **\n\nThe value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles.\n\nThis issue affects Apache Tiles from version 2 onwards.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49735 was patched at 2024-05-15

4233. XXE Injection - Unknown Product (CVE-2020-14940) - Medium [268]

Description: {'vulners_cve_data_all': 'An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 (.gpx) and GP7 (.gp) tablature files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-14940 was patched at 2024-05-15

4234. XXE Injection - Unknown Product (CVE-2021-39239) - Medium [268]

Description: {'vulners_cve_data_all': 'A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39239 was patched at 2024-05-15

4235. XXE Injection - Unknown Product (CVE-2024-3572) - Medium [268]

Description: {'vulners_cve_data_all': 'The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, or circumvent firewalls by submitting specially crafted XML data. ', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3572 was patched at 2024-05-15

4236. Denial of Service - DNSSEC (CVE-2009-4008) - Medium [267]

Description: Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4008 was patched at 2024-05-15

4237. Denial of Service - Libarchive (CVE-2006-5680) - Medium [267]

Description: The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers an infinite loop that attempts to read more data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Multi-format archive and compression library
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5680 was patched at 2024-05-15

4238. Denial of Service - TLS (CVE-2009-5009) - Medium [267]

Description: Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TLS
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5009 was patched at 2024-05-15

4239. Denial of Service - TLS (CVE-2011-1175) - Medium [267]

Description: tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before 1.6.1.23, 1.6.2.x before 1.6.2.17.1, and 1.8.x before 1.8.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by establishing many short TCP sessions to services that use a certain TLS API.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TLS
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1175 was patched at 2024-05-15

4240. Denial of Service - TRIE (CVE-2007-4455) - Medium [267]

Description: The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before 1.4.11, AsteriskNOW before beta7, Asterisk Appliance Developer Kit 0.x before 0.8.0, and s800i (Asterisk Appliance) 1.x before 1.0.3 allows remote attackers to cause a denial of service (memory exhaustion) via a SIP dialog that causes a large number of history entries to be created.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4455 was patched at 2024-05-15

4241. Denial of Service - TRIE (CVE-2013-0247) - Medium [267]

Description: OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and earlier, and Grizzly grizzly-2 and earlier allows remote attackers to cause a denial of service (disk consumption) via many invalid token requests that trigger excessive generation of log entries.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0247 was patched at 2024-05-15

4242. Memory Corruption - TLS (CVE-2023-43615) - Medium [267]

Description: {'vulners_cve_data_all': 'Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-43615 was patched at 2024-05-15

4243. Memory Corruption - TRIE (CVE-2019-15878) - Medium [267]

Description: In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared key.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15878 was patched at 2024-05-15

4244. Memory Corruption - Xrdp (CVE-2008-5904) - Medium [267]

Description: The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain length variables, leading to a buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514xrdp is an open source remote desktop protocol server
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5904 was patched at 2024-05-15

4245. Path Traversal - Libarchive (CVE-2013-4668) - Medium [267]

Description: Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common0.514Multi-format archive and compression library
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4668 was patched at 2024-05-15

4246. Security Feature Bypass - Unknown Product (CVE-2019-1010023) - Medium [267]

Description: {'vulners_cve_data_all': 'GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010023 was patched at 2024-05-15

4247. Security Feature Bypass - Unknown Product (CVE-2019-17340) - Medium [267]

Description: {'vulners_cve_data_all': 'An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17340 was patched at 2024-05-15

4248. Security Feature Bypass - Unknown Product (CVE-2019-17346) - Medium [267]

Description: {'vulners_cve_data_all': 'An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17346 was patched at 2024-05-15

4249. Security Feature Bypass - Unknown Product (CVE-2019-17560) - Medium [267]

Description: {'vulners_cve_data_all': 'The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17560 was patched at 2024-05-15

4250. Security Feature Bypass - Unknown Product (CVE-2020-36388) - Medium [267]

Description: {'vulners_cve_data_all': 'In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36388 was patched at 2024-05-15

4251. Security Feature Bypass - Unknown Product (CVE-2022-43705) - Medium [267]

Description: {'vulners_cve_data_all': 'In Botan before 2.19.3, it is possible to forge OCSP responses due to a certificate verification error. This issue was introduced in Botan 1.11.34 (November 2016).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-43705 was patched at 2024-05-15

redos: CVE-2022-43705 was patched at 2024-05-27

4252. Security Feature Bypass - Unknown Product (CVE-2024-27322) - Medium [267]

Description: {'vulners_cve_data_all': 'Deserialization of untrusted data can occur in the R statistical programming language, on any version starting at 1.4.0 up to and not including 4.4.0, enabling a maliciously crafted RDS (R Data Serialization) formatted file or R package to run arbitrary code on an end user’s system when interacted with.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27322 was patched at 2024-05-15

4253. Security Feature Bypass - Unknown Product (CVE-2024-32002) - Medium [267]

Description: {'vulners_cve_data_all': '', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.0. According to BDU data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32002 was patched at 2024-05-15

redos: CVE-2024-32002 was patched at 2024-05-29

ubuntu: CVE-2024-32002 was patched at 2024-05-28

4254. Denial of Service - FFmpeg (CVE-2008-3230) - Medium [265]

Description: The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file, possibly related to gstreamer, as demonstrated by lol-giftopnm.gif.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3230 was patched at 2024-05-15

4255. Denial of Service - QEMU (CVE-2007-1366) - Medium [265]

Description: QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1366 was patched at 2024-05-15

4256. Arbitrary File Writing - Unknown Product (CVE-2007-0657) - Medium [264]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to read and overwrite arbitrary files via the gamedir command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0657 was patched at 2024-05-15

4257. Arbitrary File Writing - Unknown Product (CVE-2009-2658) - Medium [264]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in ZNC before 0.072 allows remote attackers to overwrite arbitrary files via a crafted DCC SEND request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2658 was patched at 2024-05-15

4258. Arbitrary File Writing - Unknown Product (CVE-2011-2765) - Medium [264]

Description: {'vulners_cve_data_all': 'pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2765 was patched at 2024-05-15

4259. Information Disclosure - iOS (CVE-2024-0690) - Medium [264]

Description: An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-0690 was patched at 2024-04-30, 2024-05-22

debian: CVE-2024-0690 was patched at 2024-05-15

oraclelinux: CVE-2024-0690 was patched at 2024-05-02, 2024-05-23

redhat: CVE-2024-0690 was patched at 2024-04-30, 2024-05-22

4260. Denial of Service - GPAC (CVE-2019-20628) - Medium [263]

Description: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a Use-After-Free vulnerability in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20628 was patched at 2024-05-15

4261. Denial of Service - GPAC (CVE-2019-20629) - Medium [263]

Description: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20629 was patched at 2024-05-15

4262. Denial of Service - GPAC (CVE-2019-20630) - Medium [263]

Description: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer over-read in BS_ReadByte (called from gf_bs_read_bit) in utils/bitstream.c that can cause a denial of service via a crafted MP4 file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20630 was patched at 2024-05-15

4263. Denial of Service - GPAC (CVE-2019-20631) - Medium [263]

Description: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_list_count in utils/list.c that can cause a denial of service via a crafted MP4 file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20631 was patched at 2024-05-15

4264. Denial of Service - GPAC (CVE-2019-20632) - Medium [263]

Description: An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid pointer dereference in gf_odf_delete_descriptor in odf/desc_private.c that can cause a denial of service via a crafted MP4 file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20632 was patched at 2024-05-15

4265. Denial of Service - GPAC (CVE-2020-22673) - Medium [263]

Description: Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-22673 was patched at 2024-05-15

4266. Denial of Service - GPAC (CVE-2020-22674) - Medium [263]

Description: An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, which allows attackers to cause a denial of service (DoS) via a crafted input.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-22674 was patched at 2024-05-15

4267. Denial of Service - GPAC (CVE-2020-22675) - Medium [263]

Description: An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-22675 was patched at 2024-05-15

4268. Denial of Service - GPAC (CVE-2020-22677) - Medium [263]

Description: An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-22677 was patched at 2024-05-15

4269. Denial of Service - GPAC (CVE-2020-22678) - Medium [263]

Description: An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-22678 was patched at 2024-05-15

4270. Denial of Service - GPAC (CVE-2020-22679) - Medium [263]

Description: Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-22679 was patched at 2024-05-15

4271. Denial of Service - GPAC (CVE-2020-23930) - Medium [263]

Description: An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23930 was patched at 2024-05-15

4272. Denial of Service - GPAC (CVE-2020-23932) - Medium [263]

Description: An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23932 was patched at 2024-05-15

4273. Denial of Service - GPAC (CVE-2020-25427) - Medium [263]

Description: A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25427 was patched at 2024-05-15

4274. Denial of Service - GPAC (CVE-2021-31257) - Medium [263]

Description: The HintFile function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31257 was patched at 2024-05-15

4275. Denial of Service - GPAC (CVE-2021-31258) - Medium [263]

Description: The gf_isom_set_extraction_slc function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31258 was patched at 2024-05-15

4276. Denial of Service - GPAC (CVE-2021-31260) - Medium [263]

Description: The MergeTrack function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31260 was patched at 2024-05-15

4277. Denial of Service - GPAC (CVE-2021-31262) - Medium [263]

Description: The AV1_DuplicateConfig function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31262 was patched at 2024-05-15

4278. Denial of Service - GPAC (CVE-2021-36584) - Medium [263]

Description: An issue was discovered in GPAC 1.0.1. There is a heap-based buffer overflow in the function gp_rtp_builder_do_tx3g function in ietf/rtp_pck_3gpp.c, as demonstrated by MP4Box. This can cause a denial of service (DOS).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-36584 was patched at 2024-05-15

4279. Denial of Service - GPAC (CVE-2021-40607) - Medium [263]

Description: The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40607 was patched at 2024-05-15

4280. Denial of Service - GPAC (CVE-2021-40942) - Medium [263]

Description: In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40942 was patched at 2024-05-15

4281. Denial of Service - GPAC (CVE-2021-44918) - Medium [263]

Description: A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44918 was patched at 2024-05-15

4282. Denial of Service - GPAC (CVE-2021-44919) - Medium [263]

Description: A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function in gpac 1.1.0-DEV, which causes a segmentation fault and application crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44919 was patched at 2024-05-15

4283. Denial of Service - GPAC (CVE-2021-44920) - Medium [263]

Description: An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44920 was patched at 2024-05-15

4284. Denial of Service - GPAC (CVE-2021-44921) - Medium [263]

Description: A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44921 was patched at 2024-05-15

4285. Denial of Service - GPAC (CVE-2021-44922) - Medium [263]

Description: A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44922 was patched at 2024-05-15

4286. Denial of Service - GPAC (CVE-2021-44923) - Medium [263]

Description: A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44923 was patched at 2024-05-15

4287. Denial of Service - GPAC (CVE-2021-44924) - Medium [263]

Description: An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44924 was patched at 2024-05-15

4288. Denial of Service - GPAC (CVE-2021-44925) - Medium [263]

Description: A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44925 was patched at 2024-05-15

4289. Denial of Service - GPAC (CVE-2021-44926) - Medium [263]

Description: A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in the gf_node_get_tag function, which causes a segmentation fault and application crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44926 was patched at 2024-05-15

4290. Denial of Service - GPAC (CVE-2021-44927) - Medium [263]

Description: A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44927 was patched at 2024-05-15

4291. Denial of Service - GPAC (CVE-2021-45258) - Medium [263]

Description: A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_dec_proto_list function, which causes a segmentation fault and application crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45258 was patched at 2024-05-15

4292. Denial of Service - GPAC (CVE-2021-45259) - Medium [263]

Description: An Invalid pointer reference vulnerability exists in gpac 1.1.0 via the gf_svg_node_del function, which causes a segmentation fault and application crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45259 was patched at 2024-05-15

4293. Denial of Service - GPAC (CVE-2021-45260) - Medium [263]

Description: A null pointer dereference vulnerability exists in gpac 1.1.0 in the lsr_read_id.part function, which causes a segmentation fault and application crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45260 was patched at 2024-05-15

4294. Denial of Service - GPAC (CVE-2021-46234) - Medium [263]

Description: A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46234 was patched at 2024-05-15

4295. Denial of Service - GPAC (CVE-2021-46236) - Medium [263]

Description: A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46236 was patched at 2024-05-15

4296. Denial of Service - GPAC (CVE-2021-46237) - Medium [263]

Description: An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46237 was patched at 2024-05-15

4297. Denial of Service - GPAC (CVE-2021-46238) - Medium [263]

Description: GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scenegraph/base_scenegraph.c. This vulnerability can lead to a program crash, causing a Denial of Service (DoS).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46238 was patched at 2024-05-15

4298. Denial of Service - GPAC (CVE-2021-46239) - Medium [263]

Description: The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gf_free () at utils/alloc.c. This vulnerability can lead to a Denial of Service (DoS).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46239 was patched at 2024-05-15

4299. Denial of Service - GPAC (CVE-2021-46240) - Medium [263]

Description: A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c. This vulnerability can lead to a Denial of Service (DoS).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46240 was patched at 2024-05-15

4300. Denial of Service - GPAC (CVE-2021-46311) - Medium [263]

Description: A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46311 was patched at 2024-05-15

4301. Denial of Service - GPAC (CVE-2021-46313) - Medium [263]

Description: The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46313 was patched at 2024-05-15

4302. Denial of Service - GPAC (CVE-2023-39562) - Medium [263]

Description: GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39562 was patched at 2024-05-15

4303. Denial of Service - GPAC (CVE-2023-47384) - Medium [263]

Description: MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-47384 was patched at 2024-05-15

4304. Denial of Service - GPAC (CVE-2023-50120) - Medium [263]

Description: MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50120 was patched at 2024-05-15

4305. Denial of Service - GPAC (CVE-2023-5595) - Medium [263]

Description: Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-5595 was patched at 2024-05-15

4306. Denial of Service - Git (CVE-2019-25076) - Medium [263]

Description: The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-25076 was patched at 2024-05-15

4307. Denial of Service - Git (CVE-2021-45429) - Medium [263]

Description: A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45429 was patched at 2024-05-15

4308. Denial of Service - Git (CVE-2022-1507) - Medium [263]

Description: chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1507 was patched at 2024-05-15

4309. Memory Corruption - GPAC (CVE-2023-0841) - Medium [263]

Description: A vulnerability, which was classified as critical, has been found in GPAC 2.3-DEV-rev40-g3602a5ded. This issue affects the function mp3_dmx_process of the file filters/reframe_mp3.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221087.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0841 was patched at 2024-05-15

4310. Memory Corruption - GPAC (CVE-2024-0322) - Medium [263]

Description: Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-0322 was patched at 2024-05-15

4311. Memory Corruption - Git (CVE-2023-0645) - Medium [263]

Description: An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit  https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414Git
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0645 was patched at 2024-05-15

4312. Cross Site Scripting - HID (CVE-2014-4349) - Medium [261]

Description: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514HID
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4349 was patched at 2024-05-15

4313. Cross Site Scripting - Unknown Product (CVE-2012-4331) - Medium [261]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4331 was patched at 2024-05-15

4314. Cross Site Scripting - spip (CVE-2005-4494) - Medium [261]

Description: Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) spip_login.php3 and (2) spip_pass.php3.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.514SPIP is an open-source software content management system designed for web site publishing, oriented towards online collaborative editing
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4494 was patched at 2024-05-15

4315. Remote Code Execution - Unknown Product (CVE-2001-0735) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2001-0735 was patched at 2024-05-15

4316. Remote Code Execution - Unknown Product (CVE-2001-1034) - Medium [261]

Description: {'vulners_cve_data_all': 'Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2001-1034 was patched at 2024-05-15

4317. Remote Code Execution - Unknown Product (CVE-2002-1158) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in the irw_through function for Canna 3.5b2 and earlier allows local users to execute arbitrary code as the bin user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1158 was patched at 2024-05-15

4318. Remote Code Execution - Unknown Product (CVE-2002-1384) - Medium [261]

Description: {'vulners_cve_data_all': 'Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1384 was patched at 2024-05-15

4319. Remote Code Execution - Unknown Product (CVE-2002-1896) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, allows local users to execute arbitrary code via a long (1) -f or (2) -o command line argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1896 was patched at 2024-05-15

4320. Remote Code Execution - Unknown Product (CVE-2002-2016) - Medium [261]

Description: {'vulners_cve_data_all': 'User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel address space, which allows local users to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-2016 was patched at 2024-05-15

4321. Remote Code Execution - Unknown Product (CVE-2003-0074) - Medium [261]

Description: {'vulners_cve_data_all': 'Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions (1) debuglog, (2) errorlog, and (3) infolog.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0074 was patched at 2024-05-15

4322. Remote Code Execution - Unknown Product (CVE-2003-0099) - Medium [261]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0099 was patched at 2024-05-15

4323. Remote Code Execution - Unknown Product (CVE-2004-0188) - Medium [261]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0188 was patched at 2024-05-15

4324. Remote Code Execution - Unknown Product (CVE-2004-0453) - Medium [261]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the monitor "memory dump" command in VICE 1.6 to 1.14 allows local users to cause a denial of service (emulator crash) and possibly execute arbitrary code via format string specifiers in an output string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0453 was patched at 2024-05-15

4325. Remote Code Execution - Unknown Product (CVE-2004-0454) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 allows local users to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0454 was patched at 2024-05-15

4326. Remote Code Execution - Unknown Product (CVE-2004-0579) - Medium [261]

Description: {'vulners_cve_data_all': 'Format string vulnerability in super before 3.23 allows local users to execute arbitrary code as root.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0579 was patched at 2024-05-15

4327. Remote Code Execution - Unknown Product (CVE-2004-0884) - Medium [261]

Description: {'vulners_cve_data_all': 'The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0884 was patched at 2024-05-15

4328. Remote Code Execution - Unknown Product (CVE-2004-1076) - Medium [261]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1076 was patched at 2024-05-15

4329. Remote Code Execution - Unknown Product (CVE-2004-1267) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1267 was patched at 2024-05-15

4330. Remote Code Execution - Unknown Product (CVE-2004-1471) - Medium [261]

Description: {'vulners_cve_data_all': 'Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1471 was patched at 2024-05-15

4331. Remote Code Execution - Unknown Product (CVE-2004-2269) - Medium [261]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in pads.c in Passive Asset Detection System (Pads) might allow local users to execute arbitrary code via a long report file name argument. NOTE: since Pads is not normally installed setuid, this may not be a vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2269 was patched at 2024-05-15

4332. Remote Code Execution - Unknown Product (CVE-2004-2372) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2372 was patched at 2024-05-15

4333. Remote Code Execution - Unknown Product (CVE-2004-2409) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode ("-t update"), might allow attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2409 was patched at 2024-05-15

4334. Remote Code Execution - Unknown Product (CVE-2005-0016) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in the exported_display function in xatitv in gatos before 0.0.5 allows local users to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0016 was patched at 2024-05-15

4335. Remote Code Execution - Unknown Product (CVE-2005-0020) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0020 was patched at 2024-05-15

4336. Remote Code Execution - Unknown Product (CVE-2005-1632) - Medium [261]

Description: {'vulners_cve_data_all': 'Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1632 was patched at 2024-05-15

4337. Remote Code Execution - Unknown Product (CVE-2005-4178) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4178 was patched at 2024-05-15

4338. Remote Code Execution - Unknown Product (CVE-2006-2025) - Medium [261]

Description: {'vulners_cve_data_all': 'Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2025 was patched at 2024-05-15

4339. Remote Code Execution - Unknown Product (CVE-2006-2026) - Medium [261]

Description: {'vulners_cve_data_all': 'Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2026 was patched at 2024-05-15

4340. Remote Code Execution - Unknown Product (CVE-2006-3739) - Medium [261]

Description: {'vulners_cve_data_all': 'Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3739 was patched at 2024-05-15

4341. Remote Code Execution - Unknown Product (CVE-2006-3740) - Medium [261]

Description: {'vulners_cve_data_all': 'Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3740 was patched at 2024-05-15

4342. Remote Code Execution - Unknown Product (CVE-2006-4168) - Medium [261]

Description: {'vulners_cve_data_all': 'Integer overflow in the exif_data_load_data_entry function in libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via an image with many EXIF components, which triggers a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4168 was patched at 2024-05-15

4343. Remote Code Execution - Unknown Product (CVE-2006-4811) - Medium [261]

Description: {'vulners_cve_data_all': 'Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4811 was patched at 2024-05-15

4344. Remote Code Execution - Unknown Product (CVE-2006-6101) - Medium [261]

Description: {'vulners_cve_data_all': 'Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6101 was patched at 2024-05-15

4345. Remote Code Execution - Unknown Product (CVE-2006-6103) - Medium [261]

Description: {'vulners_cve_data_all': 'Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6103 was patched at 2024-05-15

4346. Remote Code Execution - Unknown Product (CVE-2006-6169) - Medium [261]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable_string function to return a longer string than expected while constructing a prompt.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6169 was patched at 2024-05-15

4347. Remote Code Execution - Unknown Product (CVE-2006-6563) - Medium [261]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6563 was patched at 2024-05-15

4348. Remote Code Execution - Unknown Product (CVE-2007-0080) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0080 was patched at 2024-05-15

4349. Remote Code Execution - Unknown Product (CVE-2007-0667) - Medium [261]

Description: {'vulners_cve_data_all': 'The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0667 was patched at 2024-05-15

4350. Remote Code Execution - Unknown Product (CVE-2007-1002) - Medium [261]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1002 was patched at 2024-05-15

4351. Remote Code Execution - Unknown Product (CVE-2007-1387) - Medium [261]

Description: {'vulners_cve_data_all': 'The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code, a different vulnerability than CVE-2007-1246.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1387 was patched at 2024-05-15

4352. Remote Code Execution - Unknown Product (CVE-2007-1464) - Medium [261]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the whiteboard Jabber protocol in Inkscape before 0.45.1 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1464 was patched at 2024-05-15

4353. Remote Code Execution - Unknown Product (CVE-2007-1466) - Medium [261]

Description: {'vulners_cve_data_all': 'Integer overflow in the WP6GeneralTextPacket::_readContents function in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file, a different vulnerability than CVE-2007-0002.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1466 was patched at 2024-05-15

4354. Remote Code Execution - Unknown Product (CVE-2007-5007) - Medium [261]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5007 was patched at 2024-05-15

4355. Remote Code Execution - Unknown Product (CVE-2007-5037) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in the inotifytools_snprintf function in src/inotifytools.c in the inotify-tools library before 3.11 allows context-dependent attackers to execute arbitrary code via a long filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5037 was patched at 2024-05-15

4356. Remote Code Execution - Unknown Product (CVE-2007-5358) - Medium [261]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in the voicemail functionality in Asterisk 1.4.x before 1.4.13, when using IMAP storage, might allow (1) remote attackers to execute arbitrary code via a long combination of Content-type and Content-description headers, or (2) local users to execute arbitrary code via a long combination of astspooldir, voicemail context, and voicemail mailbox fields. NOTE: vector 2 requires write access to Asterisk configuration files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5358 was patched at 2024-05-15

4357. Remote Code Execution - Unknown Product (CVE-2007-5935) - Medium [261]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5935 was patched at 2024-05-15

4358. Remote Code Execution - Unknown Product (CVE-2007-5937) - Medium [261]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5937 was patched at 2024-05-15

4359. Remote Code Execution - Unknown Product (CVE-2007-6336) - Medium [261]

Description: {'vulners_cve_data_all': 'Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6336 was patched at 2024-05-15

4360. Remote Code Execution - Unknown Product (CVE-2008-0072) - Medium [261]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0072 was patched at 2024-05-15

4361. Remote Code Execution - Unknown Product (CVE-2008-0554) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in the readImageData function in giftopnm.c in netpbm before 10.27 in netpbm before 10.27 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0554 was patched at 2024-05-15

4362. Remote Code Execution - Unknown Product (CVE-2008-0630) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 allows remote attackers to execute arbitrary code via a crafted URL that prevents the IPv6 parsing code from setting a pointer to NULL, which causes the buffer to be reused by the unescape code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0630 was patched at 2024-05-15

4363. Remote Code Execution - Unknown Product (CVE-2008-2142) - Medium [261]

Description: {'vulners_cve_data_all': 'Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2142 was patched at 2024-05-15

4364. Remote Code Execution - Unknown Product (CVE-2008-2719) - Medium [261]

Description: {'vulners_cve_data_all': 'Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2719 was patched at 2024-05-15

4365. Remote Code Execution - Unknown Product (CVE-2008-2927) - Medium [261]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin before 2.4.3 and Adium before 1.3 allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, a different vulnerability than CVE-2008-2955.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2927 was patched at 2024-05-15

4366. Remote Code Execution - Unknown Product (CVE-2008-3429) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in URI processing in HTTrack and WinHTTrack before 3.42-3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3429 was patched at 2024-05-15

4367. Remote Code Execution - Unknown Product (CVE-2008-4558) - Medium [261]

Description: {'vulners_cve_data_all': 'Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4558 was patched at 2024-05-15

4368. Remote Code Execution - Unknown Product (CVE-2008-5078) - Medium [261]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5078 was patched at 2024-05-15

4369. Remote Code Execution - Unknown Product (CVE-2008-5660) - Medium [261]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5660 was patched at 2024-05-15

4370. Remote Code Execution - Unknown Product (CVE-2009-1513) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1513 was patched at 2024-05-15

4371. Remote Code Execution - Unknown Product (CVE-2009-1515) - Medium [261]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1515 was patched at 2024-05-15

4372. Remote Code Execution - Unknown Product (CVE-2009-2660) - Medium [261]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in CamlImages 2.2 might allow context-dependent attackers to execute arbitrary code via images containing large width and height values that trigger a heap-based buffer overflow, related to (1) crafted GIF files (gifread.c) and (2) crafted JPEG files (jpegread.c), a different vulnerability than CVE-2009-2295.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2660 was patched at 2024-05-15

4373. Remote Code Execution - Unknown Product (CVE-2009-3895) - Medium [261]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the exif_entry_fix function (aka the tag fixup routine) in libexif/exif-entry.c in libexif 0.6.18 allows remote attackers to cause a denial of service or possibly execute arbitrary code via an invalid EXIF image. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3895 was patched at 2024-05-15

4374. Remote Code Execution - Unknown Product (CVE-2009-4016) - Medium [261]

Description: {'vulners_cve_data_all': 'Integer underflow in the clean_string function in irc_string.c in (1) IRCD-hybrid 7.2.2 and 7.2.3, (2) ircd-ratbox before 2.2.9, and (3) oftc-hybrid before 1.6.8, when flatten_links is disabled, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a LINKS command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4016 was patched at 2024-05-15

4375. Remote Code Execution - Unknown Product (CVE-2009-4227) - Medium [261]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4227 was patched at 2024-05-15

4376. Remote Code Execution - Unknown Product (CVE-2010-0562) - Medium [261]

Description: {'vulners_cve_data_all': 'The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0562 was patched at 2024-05-15

4377. Remote Code Execution - Unknown Product (CVE-2010-0827) - Medium [261]

Description: {'vulners_cve_data_all': 'Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0827 was patched at 2024-05-15

4378. Remote Code Execution - Unknown Product (CVE-2010-1159) - Medium [261]

Description: {'vulners_cve_data_all': 'Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1159 was patched at 2024-05-15

4379. Remote Code Execution - Unknown Product (CVE-2010-1513) - Medium [261]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 allow remote attackers to execute arbitrary code via (1) a large JPG image, related to the jpg2bitmap function or (2) a large PNG image, related to the png2bitmap function, leading to heap-based buffer overflows.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1513 was patched at 2024-05-15

4380. Remote Code Execution - Unknown Product (CVE-2010-1853) - Medium [261]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1853 was patched at 2024-05-15

4381. Remote Code Execution - Unknown Product (CVE-2010-2065) - Medium [261]

Description: {'vulners_cve_data_all': 'Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TIFF file that triggers a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2065 was patched at 2024-05-15

4382. Remote Code Execution - Unknown Product (CVE-2010-2067) - Medium [261]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the TIFFFetchSubjectDistance function in tif_dirread.c in LibTIFF before 3.9.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long EXIF SubjectDistance field in a TIFF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2067 was patched at 2024-05-15

4383. Remote Code Execution - Unknown Product (CVE-2010-2350) - Medium [261]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNG file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2350 was patched at 2024-05-15

4384. Remote Code Execution - Unknown Product (CVE-2010-2497) - Medium [261]

Description: {'vulners_cve_data_all': 'Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2497 was patched at 2024-05-15

4385. Remote Code Execution - Unknown Product (CVE-2010-2575) - Medium [261]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2575 was patched at 2024-05-15

4386. Remote Code Execution - Unknown Product (CVE-2010-2799) - Medium [261]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the nestlex function in nestlex.c in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3, when bidirectional data relay is enabled, allows context-dependent attackers to execute arbitrary code via long command-line arguments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2799 was patched at 2024-05-15

4387. Remote Code Execution - Unknown Product (CVE-2010-2807) - Medium [261]

Description: {'vulners_cve_data_all': 'FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2807 was patched at 2024-05-15

4388. Remote Code Execution - Unknown Product (CVE-2010-3087) - Medium [261]

Description: {'vulners_cve_data_all': 'LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TIFF image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3087 was patched at 2024-05-15

4389. Remote Code Execution - Unknown Product (CVE-2010-3814) - Medium [261]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in FreeType 2.4.3 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted SHZ bytecode instruction, related to TrueType opcodes, as demonstrated by a PDF document with a crafted embedded font.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3814 was patched at 2024-05-15

4390. Remote Code Execution - Unknown Product (CVE-2010-4259) - Medium [261]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in FontForge 20100501 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long CHARSET_REGISTRY header in a BDF font file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4259 was patched at 2024-05-15

4391. Remote Code Execution - Unknown Product (CVE-2010-4262) - Medium [261]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a FIG image with a crafted color definition.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4262 was patched at 2024-05-15

4392. Remote Code Execution - Unknown Product (CVE-2010-4523) - Medium [261]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4523 was patched at 2024-05-15

4393. Remote Code Execution - Unknown Product (CVE-2010-4743) - Medium [261]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the getarena function in abc2ps.c in abcm2ps before 5.9.13 might allow remote attackers to execute arbitrary code via a crafted ABC file, a different vulnerability than CVE-2010-3441. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4743 was patched at 2024-05-15

4394. Remote Code Execution - Unknown Product (CVE-2011-0427) - Medium [261]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0427 was patched at 2024-05-15

4395. Remote Code Execution - Unknown Product (CVE-2011-1147) - Medium [261]

Description: {'vulners_cve_data_all': 'Multiple stack-based and heap-based buffer overflows in the (1) decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support is enabled, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted UDPTL packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1147 was patched at 2024-05-15

4396. Remote Code Execution - Unknown Product (CVE-2011-1400) - Medium [261]

Description: {'vulners_cve_data_all': 'The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1400 was patched at 2024-05-15

4397. Remote Code Execution - Unknown Product (CVE-2011-1684) - Medium [261]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1684 was patched at 2024-05-15

4398. Remote Code Execution - Unknown Product (CVE-2011-1761) - Medium [261]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) abc_new_umacro functions in src/load_abc.cpp in libmodplug before 0.8.8.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted ABC file. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1761 was patched at 2024-05-15

4399. Remote Code Execution - Unknown Product (CVE-2011-2588) - Medium [261]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the AVI_ChunkRead_strf function in libavi.c in the AVI demuxer in VideoLAN VLC media player before 1.1.11 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted AVI media file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2588 was patched at 2024-05-15

4400. Remote Code Execution - Unknown Product (CVE-2011-2911) - Medium [261]

Description: {'vulners_cve_data_all': 'Integer overflow in the CSoundFile::ReadWav function in src/load_wav.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted WAV file, which triggers a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2911 was patched at 2024-05-15

4401. Remote Code Execution - Unknown Product (CVE-2011-2912) - Medium [261]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the CSoundFile::ReadS3M function in src/load_s3m.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted S3M file with an invalid offset.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2912 was patched at 2024-05-15

4402. Remote Code Execution - Unknown Product (CVE-2011-2913) - Medium [261]

Description: {'vulners_cve_data_all': 'Off-by-one error in the CSoundFile::ReadAMS function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (stack memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of samples.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2913 was patched at 2024-05-15

4403. Remote Code Execution - Unknown Product (CVE-2011-2914) - Medium [261]

Description: {'vulners_cve_data_all': 'Off-by-one error in the CSoundFile::ReadDSM function in src/load_dms.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted DSM file with a large number of samples.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2914 was patched at 2024-05-15

4404. Remote Code Execution - Unknown Product (CVE-2011-2915) - Medium [261]

Description: {'vulners_cve_data_all': 'Off-by-one error in the CSoundFile::ReadAMS2 function in src/load_ams.cpp in libmodplug before 0.8.8.4 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted AMS file with a large number of instruments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2915 was patched at 2024-05-15

4405. Remote Code Execution - Unknown Product (CVE-2011-3581) - Medium [261]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3581 was patched at 2024-05-15

4406. Remote Code Execution - Unknown Product (CVE-2011-4458) - Medium [261]

Description: {'vulners_cve_data_all': 'Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and 4.x before 4.0.6, when the VERPPrefix and VERPDomain options are enabled, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-5092 and CVE-2011-5093.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4458 was patched at 2024-05-15

4407. Remote Code Execution - Unknown Product (CVE-2012-0806) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in Bip 0.8.8 and earlier might allow remote authenticated users to execute arbitrary code via vectors involving a series of TCP connections that triggers use of many open file descriptors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0806 was patched at 2024-05-15

4408. Remote Code Execution - Unknown Product (CVE-2012-0920) - Medium [261]

Description: {'vulners_cve_data_all': 'Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels concurrency."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0920 was patched at 2024-05-15

4409. Remote Code Execution - Unknown Product (CVE-2012-0947) - Medium [261]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the vqa_decode_chunk function in the VQA codec (vqavideo.c) in libavcodec in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted VQA media file in which the image size is not a multiple of the block size.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0947 was patched at 2024-05-15

4410. Remote Code Execution - Unknown Product (CVE-2012-1163) - Medium [261]

Description: {'vulners_cve_data_all': 'Integer overflow in the _zip_readcdir function in zip_open.c in libzip 0.10 allows remote attackers to execute arbitrary code via the size and offset values for the central directory in a zip archive, which triggers "improper restrictions of operations within the bounds of a memory buffer" and an information leak.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1163 was patched at 2024-05-15

4411. Remote Code Execution - Unknown Product (CVE-2012-4024) - Medium [261]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4024 was patched at 2024-05-15

4412. Remote Code Execution - Unknown Product (CVE-2012-4025) - Medium [261]

Description: {'vulners_cve_data_all': 'Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4025 was patched at 2024-05-15

4413. Remote Code Execution - Unknown Product (CVE-2012-4426) - Medium [261]

Description: {'vulners_cve_data_all': 'Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier might allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving (1) errors.c or (2) mcrypt.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4426 was patched at 2024-05-15

4414. Remote Code Execution - Unknown Product (CVE-2012-4527) - Medium [261]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name. NOTE: it is not clear whether this is a vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4527 was patched at 2024-05-15

4415. Remote Code Execution - Unknown Product (CVE-2012-4552) - Medium [261]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4552 was patched at 2024-05-15

4416. Remote Code Execution - Unknown Product (CVE-2012-4559) - Medium [261]

Description: {'vulners_cve_data_all': 'Multiple double free vulnerabilities in the (1) agent_sign_data function in agent.c, (2) channel_request function in channels.c, (3) ssh_userauth_pubkey function in auth.c, (4) sftp_parse_attr_3 function in sftp.c, and (5) try_publickey_from_file function in keyfiles.c in libssh before 0.5.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4559 was patched at 2024-05-15

4417. Remote Code Execution - Unknown Product (CVE-2012-6303) - Medium [261]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6303 was patched at 2024-05-15

4418. Remote Code Execution - Unknown Product (CVE-2013-0131) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in the NVIDIA GPU driver before 304.88, 310.x before 310.44, and 313.x before 313.30 for the X Window System on UNIX, when NoScanout mode is enabled, allows remote authenticated users to execute arbitrary code via a large ARGB cursor.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0131 was patched at 2024-05-15

4419. Remote Code Execution - Unknown Product (CVE-2013-1653) - Medium [261]

Description: {'vulners_cve_data_all': 'Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, when listening for incoming connections is enabled and allowing access to the "run" REST endpoint is allowed, allows remote authenticated users to execute arbitrary code via a crafted HTTP request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1653 was patched at 2024-05-15

4420. Remote Code Execution - Unknown Product (CVE-2013-1788) - Medium [261]

Description: {'vulners_cve_data_all': 'poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger an "invalid memory access" in (1) splash/Splash.cc, (2) poppler/Function.cc, and (3) poppler/Stream.cc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1788 was patched at 2024-05-15

4421. Remote Code Execution - Unknown Product (CVE-2013-1794) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver ACL entry.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1794 was patched at 2024-05-15

4422. Remote Code Execution - Unknown Product (CVE-2013-1980) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in the get_dsmp function in loaders/masi_load.c in libxmp before 4.1.0 allows remote attackers to execute arbitrary code via a crafted MASI file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1980 was patched at 2024-05-15

4423. Remote Code Execution - Unknown Product (CVE-2013-2274) - Medium [261]

Description: {'vulners_cve_data_all': 'Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 allows remote authenticated users to execute arbitrary code on the puppet master, or an agent with puppet kick enabled, via a crafted request for a report.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2274 was patched at 2024-05-15

4424. Remote Code Execution - Unknown Product (CVE-2013-6473) - Medium [261]

Description: {'vulners_cve_data_all': 'Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6473 was patched at 2024-05-15

4425. Remote Code Execution - Unknown Product (CVE-2014-3554) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3554 was patched at 2024-05-15

4426. Remote Code Execution - Unknown Product (CVE-2014-8625) - Medium [261]

Description: {'vulners_cve_data_all': 'Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8625 was patched at 2024-05-15

4427. Remote Code Execution - Unknown Product (CVE-2016-10214) - Medium [261]

Description: {'vulners_cve_data_all': 'Memory leak in the virgl_resource_attach_backing function in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (memory consumption) via a large number of VIRTIO_GPU_CMD_RESOURCE_ATTACH_BACKING commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10214 was patched at 2024-05-15

4428. Remote Code Execution - Unknown Product (CVE-2016-5714) - Medium [261]

Description: {'vulners_cve_data_all': 'Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5714 was patched at 2024-05-15

4429. Remote Code Execution - Unknown Product (CVE-2017-6438) - Medium [261]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) and possibly code execution via a crafted plist file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6438 was patched at 2024-05-15

4430. Remote Code Execution - Unknown Product (CVE-2018-14320) - Medium [261]

Description: {'vulners_cve_data_all': 'This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14320 was patched at 2024-05-15

4431. Remote Code Execution - Unknown Product (CVE-2021-32614) - Medium [261]

Description: {'vulners_cve_data_all': 'A flaw was found in dmg2img through 20170502. fill_mishblk() does not check the length of the read buffer, and copy 0xCC bytes from it. The length of the buffer is controlled by an attacker. By providing a length smaller than 0xCC, memcpy reaches out of the malloc'ed bound. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32614 was patched at 2024-05-15

4432. Remote Code Execution - Unknown Product (CVE-2021-3548) - Medium [261]

Description: {'vulners_cve_data_all': 'A flaw was found in dmg2img through 20170502. dmg2img did not validate the size of the read buffer during memcpy() inside the main() function. This possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3548 was patched at 2024-05-15

4433. Remote Code Execution - Unknown Product (CVE-2021-42383) - Medium [261]

Description: {'vulners_cve_data_all': 'A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42383 was patched at 2024-05-15

4434. Remote Code Execution - Unknown Product (CVE-2023-26923) - Medium [261]

Description: {'vulners_cve_data_all': 'Musescore 3.0 to 4.0.1 has a stack buffer overflow vulnerability that occurs when reading misconfigured midi files. If attacker can additional information, attacker can execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26923 was patched at 2024-05-15

4435. Remote Code Execution - Unknown Product (CVE-2023-38851) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38851 was patched at 2024-05-15

4436. Remote Code Execution - Unknown Product (CVE-2023-38852) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in xlstool.c:266.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38852 was patched at 2024-05-15

4437. Remote Code Execution - Unknown Product (CVE-2023-38853) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1015.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38853 was patched at 2024-05-15

4438. Remote Code Execution - Unknown Product (CVE-2023-38854) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode_latin1_to_utf8 function in xlstool.c:296.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38854 was patched at 2024-05-15

4439. Remote Code Execution - Unknown Product (CVE-2023-38855) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:395.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38855 was patched at 2024-05-15

4440. Remote Code Execution - Unknown Product (CVE-2023-38856) - Medium [261]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:411.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38856 was patched at 2024-05-15

4441. Remote Code Execution - Unknown Product (CVE-2023-50229) - Medium [261]

Description: {'vulners_cve_data_all': 'BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.\n\nThe specific flaw exists within the handling of the Phone Book Access profile. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20936.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50229 was patched at 2024-05-15

4442. Unknown Vulnerability Type - Kerberos (CVE-2003-0059) - Medium [261]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0059 was patched at 2024-05-15

4443. Unknown Vulnerability Type - Kerberos (CVE-2003-0138) - Medium [261]

Description: {'vulners_cve_data_all': 'Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0138 was patched at 2024-05-15

4444. Unknown Vulnerability Type - Kerberos (CVE-2003-0139) - Medium [261]

Description: {'vulners_cve_data_all': 'Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ticket splicing."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0139 was patched at 2024-05-15

4445. Unknown Vulnerability Type - Kerberos (CVE-2018-5709) - Medium [261]

Description: {'vulners_cve_data_all': 'An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-5709 was patched at 2024-05-15

4446. Unknown Vulnerability Type - Unknown Product (CVE-2003-0020) - Medium [261]

Description: {'vulners_cve_data_all': 'Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] jetty 6.x - 7.x xss information disclosure injection, [seebug] jetty 6.x - 7.x xss, information disclosure, injection, [seebug] jetty 6.x - 7.x xss information disclosure injection, [exploitpack] jetty 6.x 7.x - Cross-Site Scripting Information Disclosure Injection, [packetstorm] Jetty 6.x / 7.x Information Disclosure / XSS, [packetstorm] Nginx, Varnish, Cherokee, etc Log Injection, [exploitdb] jetty 6.x < 7.x - Cross-Site Scripting / Information Disclosure / Injection)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0020 was patched at 2024-05-15

4447. Unknown Vulnerability Type - Unknown Product (CVE-2003-0083) - Medium [261]

Description: {'vulners_cve_data_all': 'Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] jetty 6.x - 7.x xss information disclosure injection, [seebug] jetty 6.x - 7.x xss, information disclosure, injection, [seebug] jetty 6.x - 7.x xss information disclosure injection, [seebug] Apache终端转义序列过滤漏洞, [exploitpack] jetty 6.x 7.x - Cross-Site Scripting Information Disclosure Injection, [packetstorm] Jetty 6.x / 7.x Information Disclosure / XSS, [packetstorm] Nginx, Varnish, Cherokee, etc Log Injection, [exploitdb] jetty 6.x < 7.x - Cross-Site Scripting / Information Disclosure / Injection)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0083 was patched at 2024-05-15

4448. Unknown Vulnerability Type - Unknown Product (CVE-2003-0468) - Medium [261]

Description: {'vulners_cve_data_all': 'Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct "bounce scans" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a "!" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Postfix 1.1.x Denial of Service Vulnerabilities (1), [seebug] Postfix 1.1.x Denial of Service Vulnerabilities (2), [exploitpack] Postfix 1.1.x - Denial of Service (2), [exploitpack] Postfix 1.1.x - Denial of Service (1), [exploitdb] Postfix 1.1.x - Denial of Service (1), [exploitdb] Postfix 1.1.x - Denial of Service (2))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0468 was patched at 2024-05-15

4449. Unknown Vulnerability Type - Unknown Product (CVE-2008-2232) - Medium [261]

Description: {'vulners_cve_data_all': 'The expand_template function in afuse.c in afuse 0.2 allows local users to gain privileges via shell metacharacters in a pathname.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Afuse 'afuse.c' SHELL命令注入漏洞, [seebug] Afuse afuse.c文件Shell命令注入漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2232 was patched at 2024-05-15

4450. Unknown Vulnerability Type - Unknown Product (CVE-2008-2235) - Medium [261]

Description: {'vulners_cve_data_all': 'OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenSC CardOS M4智能卡不安全权限漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2235 was patched at 2024-05-15

4451. Unknown Vulnerability Type - Unknown Product (CVE-2008-2380) - Medium [261]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Courier-Authlib非拉丁字符处理postgres SQL注入漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2380 was patched at 2024-05-15

4452. Unknown Vulnerability Type - Unknown Product (CVE-2009-0041) - Medium [261]

Description: {'vulners_cve_data_all': 'IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Asterisk IAX2认证响应信息泄露漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0041 was patched at 2024-05-15

4453. Unknown Vulnerability Type - Unknown Product (CVE-2009-2335) - Medium [261]

Description: {'vulners_cve_data_all': 'WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] WordPress Block-Spam-By-Math-Reloaded Plugin Bypass, [packetstorm] Core Security Technologies Advisory 2009.0515, [seebug] WordPress口令重置用户名枚举漏洞, [seebug] WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures, [seebug] WordPress Privileges Unchecked in admin.php and Multiple Information, [exploitpack] WordPress Core MU Plugins - admin.php Privileges Unchecked Multiple Information Disclosures, [exploitdb] WordPress Core / MU / Plugins - '/admin.php' Privileges Unchecked / Multiple Information Disclosures)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2335 was patched at 2024-05-15

4454. Unknown Vulnerability Type - Unknown Product (CVE-2009-2336) - Medium [261]

Description: {'vulners_cve_data_all': 'The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the significance of this issue, indicating that the behavior exists for "user convenience."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] WordPress口令重置用户名枚举漏洞, [seebug] WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures, [seebug] WordPress Privileges Unchecked in admin.php and Multiple Information, [exploitpack] WordPress Core MU Plugins - admin.php Privileges Unchecked Multiple Information Disclosures, [packetstorm] Core Security Technologies Advisory 2009.0515, [exploitdb] WordPress Core / MU / Plugins - '/admin.php' Privileges Unchecked / Multiple Information Disclosures)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2336 was patched at 2024-05-15

4455. Unknown Vulnerability Type - Unknown Product (CVE-2009-3086) - Medium [261]

Description: {'vulners_cve_data_all': 'A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Ruby on Rails消息Digest验证非固定时间算法漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3086 was patched at 2024-05-15

4456. Unknown Vulnerability Type - Unknown Product (CVE-2009-4488) - Medium [261]

Description: {'vulners_cve_data_all': 'Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendor disputes the significance of this report, stating that "This is not a security problem in Varnish or any other piece of software which writes a logfile. The real problem is the mistaken belief that you can cat(1) a random logfile to your terminal safely.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Nginx, Varnish, Cherokee, etc Log Injection)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4488 was patched at 2024-05-15

4457. Unknown Vulnerability Type - Unknown Product (CVE-2009-4490) - Medium [261]

Description: {'vulners_cve_data_all': 'mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Nginx, Varnish, Cherokee, etc Log Injection)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4490 was patched at 2024-05-15

4458. Unknown Vulnerability Type - Unknown Product (CVE-2009-4495) - Medium [261]

Description: {'vulners_cve_data_all': 'Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] Nginx, Varnish, Cherokee, etc Log Injection)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4495 was patched at 2024-05-15

4459. Unknown Vulnerability Type - Unknown Product (CVE-2011-4597) - Medium [261]

Description: {'vulners_cve_data_all': 'The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] SIP Username Enumerator For Asterisk)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4597 was patched at 2024-05-15

4460. Unknown Vulnerability Type - Unknown Product (CVE-2012-6497) - Medium [261]

Description: {'vulners_cve_data_all': 'The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Ruby on Rails Active Record组件SQL注入漏洞(CVE-2012-6496))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6497 was patched at 2024-05-15

4461. Unknown Vulnerability Type - Unknown Product (CVE-2013-0271) - Medium [261]

Description: {'vulners_cve_data_all': 'The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might allow remote attackers to create or overwrite files via a crafted (1) mxit or (2) mxit/imagestrips pathname.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Pidgin 'libpurple' 任意文件覆盖漏洞(CVE-2013-0271))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0271 was patched at 2024-05-15

4462. Unknown Vulnerability Type - Unknown Product (CVE-2013-6365) - Medium [261]

Description: {'vulners_cve_data_all': 'Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Horde 5.1.2 CSRF / Cross Site Scripting Vulnerabilities, [packetstorm] Horde 5.1.2 Cross Site Request Forgery / Cross Site Scripting, [exploitpack] Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (2), [exploitdb] Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (2))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6365 was patched at 2024-05-15

4463. Unknown Vulnerability Type - Unknown Product (CVE-2014-2237) - Medium [261]

Description: {'vulners_cve_data_all': 'The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenStack Keystone Trustee令牌吊销失败安全绕过漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2237 was patched at 2024-05-15

4464. Unknown Vulnerability Type - Unknown Product (CVE-2014-8612) - Medium [261]

Description: {'vulners_cve_data_all': 'Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([packetstorm] FreeBSD Kernel Crash / Code Execution / Disclosure, [exploitpack] FreeBSD - Multiple Vulnerabilities, [exploitdb] FreeBSD - Multiple Vulnerabilities)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8612 was patched at 2024-05-15

4465. Unknown Vulnerability Type - Unknown Product (CVE-2015-8139) - Medium [261]

Description: {'vulners_cve_data_all': 'ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability(CVE-2016-9310))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8139 was patched at 2024-05-15

4466. Unknown Vulnerability Type - Unknown Product (CVE-2018-6794) - Medium [261]

Description: {'vulners_cve_data_all': 'Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] Suricata < 4.0.4 - IDS Detection Bypass Vulnerability, [exploitpack] Suricata 4.0.4 - IDS Detection Bypass, [exploitdb] Suricata < 4.0.4 - IDS Detection Bypass)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6794 was patched at 2024-05-15

4467. Unknown Vulnerability Type - Unknown Product (CVE-2018-7170) - Medium [261]

Description: {'vulners_cve_data_all': 'ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Network Time Protocol Ephemeral Association Time Spoofing Vulnerability(CVE-2016-1549))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7170 was patched at 2024-05-15

4468. Unknown Vulnerability Type - Unknown Product (CVE-2023-6152) - Medium [261]

Description: {'vulners_cve_data_all': 'A user changing their email after signing up and verifying it can change it without verification in profile settings.\n\nThe configuration option "verify_email_enabled" will only validate email only on sign up.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on BDU:PublicExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

redos: CVE-2023-6152 was patched at 2024-04-18

4469. Denial of Service - Perl (CVE-2006-0053) - Medium [260]

Description: Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0053 was patched at 2024-05-15

4470. Denial of Service - Perl (CVE-2015-1558) - Medium [260]

Description: Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver, does not properly reclaim RTP ports, which allows remote authenticated users to cause a denial of service (file descriptor consumption) via an SDP offer containing only incompatible codecs.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1558 was patched at 2024-05-15

4471. Denial of Service - Wireshark (CVE-2010-2285) - Medium [260]

Description: The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2285 was patched at 2024-05-15

4472. Denial of Service - Wireshark (CVE-2011-3266) - Medium [260]

Description: The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and 1.4.0 through 1.4.8, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a malformed IKE packet and many items in a tree.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3266 was patched at 2024-05-15

4473. Denial of Service - Wireshark (CVE-2012-1593) - Medium [260]

Description: epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark 1.4.x before 1.4.12 and 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1593 was patched at 2024-05-15

4474. Denial of Service - Wireshark (CVE-2012-1594) - Medium [260]

Description: epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.6.x before 1.6.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1594 was patched at 2024-05-15

4475. Denial of Service - Wireshark (CVE-2012-2393) - Medium [260]

Description: epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2393 was patched at 2024-05-15

4476. Denial of Service - Wireshark (CVE-2012-2394) - Medium [260]

Description: Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and Itanium platforms does not properly perform data alignment for a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a (1) ICMP or (2) ICMPv6 Echo Request packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2394 was patched at 2024-05-15

4477. Denial of Service - Wireshark (CVE-2012-3826) - Medium [260]

Description: Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allow remote attackers to cause a denial of service (loop) via vectors related to the R3 dissector, a different vulnerability than CVE-2012-2392.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3826 was patched at 2024-05-15

4478. Denial of Service - Wireshark (CVE-2012-4048) - Medium [260]

Description: The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted packet, as demonstrated by a usbmon dump.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4048 was patched at 2024-05-15

4479. Denial of Service - Wireshark (CVE-2012-4049) - Medium [260]

Description: epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before 1.6.9, and 1.8.x before 1.8.1 allows remote attackers to cause a denial of service (loop and CPU consumption) via a crafted packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 2.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4049 was patched at 2024-05-15

4480. Denial of Service - Wireshark (CVE-2012-4293) - Medium [260]

Description: plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4293 was patched at 2024-05-15

4481. Denial of Service - Wireshark (CVE-2012-4295) - Medium [260]

Description: Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4295 was patched at 2024-05-15

4482. Denial of Service - Wireshark (CVE-2012-4296) - Medium [260]

Description: Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4296 was patched at 2024-05-15

4483. Denial of Service - Wireshark (CVE-2012-5237) - Medium [260]

Description: The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5237 was patched at 2024-05-15

4484. Denial of Service - Wireshark (CVE-2012-5238) - Medium [260]

Description: epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x before 1.8.3 uses incorrect OUI data structures during the decoding of (1) PPP and (2) LCP data, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5238 was patched at 2024-05-15

4485. Denial of Service - Wireshark (CVE-2013-1582) - Medium [260]

Description: The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly manage an offset variable, which allows remote attackers to cause a denial of service (infinite loop or application crash) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 2.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1582 was patched at 2024-05-15

4486. Denial of Service - Wireshark (CVE-2013-1583) - Medium [260]

Description: The dissect_version_4_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 2.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1583 was patched at 2024-05-15

4487. Denial of Service - Wireshark (CVE-2013-1584) - Medium [260]

Description: The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 2.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1584 was patched at 2024-05-15

4488. Denial of Service - Wireshark (CVE-2013-1585) - Medium [260]

Description: epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly validate certain length values for the MS-MMC dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 2.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1585 was patched at 2024-05-15

4489. Denial of Service - Wireshark (CVE-2013-1586) - Medium [260]

Description: The fragment_set_tot_len function in epan/reassemble.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly determine the length of a reassembled packet for the DTLS dissector, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 2.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1586 was patched at 2024-05-15

4490. Denial of Service - Wireshark (CVE-2013-1587) - Medium [260]

Description: The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not properly handle unknown profiles, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 2.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1587 was patched at 2024-05-15

4491. Denial of Service - Wireshark (CVE-2013-1588) - Medium [260]

Description: Multiple buffer overflows in the dissect_pft_fec_detailed function in the DCP-ETSI dissector in epan/dissectors/packet-dcp-etsi.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allow remote attackers to cause a denial of service (application crash) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 2.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1588 was patched at 2024-05-15

4492. Denial of Service - Wireshark (CVE-2013-1589) - Medium [260]

Description: Double free vulnerability in epan/proto.c in the dissection engine in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 2.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1589 was patched at 2024-05-15

4493. Denial of Service - Wireshark (CVE-2013-1590) - Medium [260]

Description: Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 allows remote attackers to cause a denial of service (application crash) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 2.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1590 was patched at 2024-05-15

4494. Denial of Service - Wireshark (CVE-2013-2475) - Medium [260]

Description: The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2475 was patched at 2024-05-15

4495. Denial of Service - Wireshark (CVE-2013-2477) - Medium [260]

Description: The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly manage function pointers, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2477 was patched at 2024-05-15

4496. Denial of Service - Wireshark (CVE-2013-2478) - Medium [260]

Description: The dissect_server_info function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service (application crash) via a malformed packet that (1) triggers an integer overflow or (2) has embedded '\0' characters in a string.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2478 was patched at 2024-05-15

4497. Denial of Service - Wireshark (CVE-2013-2480) - Medium [260]

Description: The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allow remote attackers to cause a denial of service (application crash) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2480 was patched at 2024-05-15

4498. Denial of Service - Wireshark (CVE-2013-2481) - Medium [260]

Description: Integer signedness error in the dissect_mount_dirpath_call function in epan/dissectors/packet-mount.c in the Mount dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6, when nfs_file_name_snooping is enabled, allows remote attackers to cause a denial of service (application crash) via a negative length value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 2.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2481 was patched at 2024-05-15

4499. Denial of Service - Wireshark (CVE-2013-2483) - Medium [260]

Description: The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ACN dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via an invalid count value in ACN_DMP_ADT_D_RE DMP data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2483 was patched at 2024-05-15

4500. Denial of Service - Wireshark (CVE-2013-2484) - Medium [260]

Description: The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (application crash) via a malformed packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2484 was patched at 2024-05-15

4501. Memory Corruption - ImageMagick (CVE-2020-10251) - Medium [260]

Description: In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID function in coders\heic.c. It can be triggered via an image with a width or height value that exceeds the actual size of the image.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10251 was patched at 2024-05-15

4502. Memory Corruption - Perl (CVE-2021-37220) - Medium [260]

Description: MuPDF through 1.18.1 has an out-of-bounds write because the cached color converter does not properly consider the maximum key size of a hash table. This can, for example, be seen with crafted "mutool draw" input.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37220 was patched at 2024-05-15

4503. Authentication Bypass - Unknown Product (CVE-2009-4128) - Medium [258]

Description: {'vulners_cve_data_all': 'GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate attackers to conduct brute force attacks and bypass authentication by submitting a password whose length is 1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4128 was patched at 2024-05-15

4504. Authentication Bypass - Unknown Product (CVE-2023-27517) - Medium [258]

Description: {'vulners_cve_data_all': 'Improper access control in some Intel(R) Optane(TM) PMem software before versions 01.00.00.3547, 02.00.00.3915, 03.00.00.0483 may allow an athenticated user to potentially enable escalation of privilege via local access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-27517 was patched at 2024-05-15

4505. Authentication Bypass - Unknown Product (CVE-2023-33875) - Medium [258]

Description: {'vulners_cve_data_all': 'Improper access control for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via local access..', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-33875 was patched at 2024-05-15

4506. Authentication Bypass - Unknown Product (CVE-2023-46749) - Medium [258]

Description: {'vulners_cve_data_all': 'Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting \n\nMitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46749 was patched at 2024-05-15

4507. Authentication Bypass - Unknown Product (CVE-2023-47090) - Medium [258]

Description: {'vulners_cve_data_all': 'NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-47090 was patched at 2024-05-15

4508. Denial of Service - GNOME desktop (CVE-2020-36774) - Medium [258]

Description: plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a denial of service (application crash).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36774 was patched at 2024-05-15

4509. Denial of Service - GNU C Library (CVE-2024-33601) - Medium [258]

Description: nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-33601 was patched at 2024-05-23

debian: CVE-2024-33601 was patched at 2024-05-03, 2024-05-15

oraclelinux: CVE-2024-33601 was patched at 2024-05-29, 2024-06-05

redhat: CVE-2024-33601 was patched at 2024-05-09, 2024-05-23, 2024-05-28, 2024-05-29, 2024-06-04

ubuntu: CVE-2024-33601 was patched at 2024-05-31

4510. Denial of Service - Mozilla Firefox (CVE-2024-3860) - Medium [258]

Description: {'vulners_cve_data_all': 'An out-of-memory condition during object initialization could result in an empty shape list. If the JIT subsequently traced the object it would crash. This vulnerability affects Firefox < 125.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

ubuntu: CVE-2024-3860 was patched at 2024-04-24

4511. Denial of Service - OpenSSL (CVE-2024-2511) - Medium [258]

Description: Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-2511 was patched at 2024-05-15

debian: CVE-2024-25110 was patched at 2024-05-15

debian: CVE-2024-25112 was patched at 2024-05-15

redos: CVE-2024-2511 was patched at 2024-05-22

4512. Denial of Service - PHP (CVE-2024-27354) - Medium [258]

Description: An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27354 was patched at 2024-05-15

4513. Denial of Service - PHP (CVE-2024-27355) - Medium [258]

Description: An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27355 was patched at 2024-05-15

4514. Elevation of Privilege - Unknown Product (CVE-2017-0309) - Medium [258]

Description: {'vulners_cve_data_all': 'All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where multiple integer overflows may cause improper memory allocation leading to a denial of service or potential escalation of privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0309 was patched at 2024-05-15

4515. Elevation of Privilege - Unknown Product (CVE-2017-0311) - Medium [258]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0311 was patched at 2024-05-15

4516. Elevation of Privilege - Unknown Product (CVE-2017-0321) - Medium [258]

Description: {'vulners_cve_data_all': 'All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0321 was patched at 2024-05-15

4517. Elevation of Privilege - Unknown Product (CVE-2017-0786) - Medium [258]

Description: {'vulners_cve_data_all': 'A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37351060. References: B-V2017060101.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0786 was patched at 2024-05-15

4518. Elevation of Privilege - Unknown Product (CVE-2019-25067) - Medium [258]

Description: {'vulners_cve_data_all': 'A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-143949 was assigned to this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-25067 was patched at 2024-05-15

4519. Elevation of Privilege - Unknown Product (CVE-2023-28410) - Medium [258]

Description: {'vulners_cve_data_all': 'Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-28410 was patched at 2024-05-15

4520. Incorrect Calculation - libwebp (CVE-2016-9085) - Medium [258]

Description: Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.814libwebp is a code library used to render and display images in the WebP format
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9085 was patched at 2024-05-15

4521. Memory Corruption - Artifex Ghostscript (CVE-2020-36773) - Medium [258]

Description: Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.314Artifex Ghostscript is an interpreter for the PostScript® language and PDF files
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36773 was patched at 2024-05-15

4522. Unknown Vulnerability Type - Linux Kernel (CVE-2017-5206) - Medium [257]

Description: {'vulners_cve_data_all': 'Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5206 was patched at 2024-05-15

4523. Unknown Vulnerability Type - Windows Kernel (CVE-2017-17518) - Medium [257]

Description: {'vulners_cve_data_all': 'swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: This issue is being disputed as not being a vulnerability because “the current version of white_dune (1.369 at https://wdune.ourproject.org/) do not use a "BROWSER environment variable". Instead, the "browser" variable is read from the $HOME/.dunerc file (or from the M$Windows registry). It is configurable in the "options" menu. The default is chosen in the ./configure script, which tests various programs, first tested is "xdg-open".', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17518 was patched at 2024-05-15

4524. Unknown Vulnerability Type - Windows Kernel (CVE-2019-10044) - Medium [257]

Description: {'vulners_cve_data_all': 'Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if (for example) Latin and Cyrillic characters exist in the same domain name, and the available font has an identical representation of characters from different alphabets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10044 was patched at 2024-05-15

4525. Code Injection - Unknown Product (CVE-2018-1000558) - Medium [256]

Description: {'vulners_cve_data_all': 'OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. This vulnerability appears to have been fixed in 2.4.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000558 was patched at 2024-05-15

4526. Command Injection - Unknown Product (CVE-2020-1734) - Medium [256]

Description: {'vulners_cve_data_all': 'A flaw was found in the pipe lookup plugin of ansible. Arbitrary commands can be run, when the pipe lookup plugin uses subprocess.Popen() with shell=True, by overwriting ansible facts and the variable is not escaped by quote plugin. An attacker could take advantage and run arbitrary commands by overwriting the ansible facts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-1734 was patched at 2024-05-15

4527. Command Injection - Unknown Product (CVE-2021-3515) - Medium [256]

Description: {'vulners_cve_data_all': 'A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3515 was patched at 2024-05-15

4528. Command Injection - Unknown Product (CVE-2022-41401) - Medium [256]

Description: {'vulners_cve_data_all': 'OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-41401 was patched at 2024-05-15

4529. Command Injection - Unknown Product (CVE-2024-27982) - Medium [256]

Description: {'vulners_cve_data_all': 'The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-27982 was patched at 2024-05-09, 2024-05-15, 2024-05-20

debian: CVE-2024-27982 was patched at 2024-05-15

oraclelinux: CVE-2024-27982 was patched at 2024-05-09, 2024-05-10, 2024-05-14, 2024-05-16, 2024-05-22

redhat: CVE-2024-27982 was patched at 2024-05-09, 2024-05-15, 2024-05-20, 2024-06-03

4530. Command Injection - Unknown Product (CVE-2024-3154) - Medium [256]

Description: {'vulners_cve_data_all': 'A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

redhat: CVE-2024-3154 was patched at 2024-05-09, 2024-05-16, 2024-06-05

redos: CVE-2024-3154 was patched at 2024-05-22

4531. XXE Injection - Unknown Product (CVE-2017-15691) - Medium [256]

Description: {'vulners_cve_data_all': 'In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to 3.0.0-beta, Apache uima-as prior to 2.10.2, Apache uimaFIT prior to 2.4.0, Apache uimaDUCC prior to 2.2.2, this vulnerability relates to an XML external entity expansion (XXE) capability of various XML parsers. UIMA as part of its configuration and operation may read XML from various sources, which could be tainted in ways to cause inadvertent disclosure of local files or other internal content.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15691 was patched at 2024-05-15

4532. XXE Injection - Unknown Product (CVE-2023-42445) - Medium [256]

Description: {'vulners_cve_data_all': 'Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-42445 was patched at 2024-05-15

4533. Denial of Service - Group Policy (CVE-2013-4185) - Medium [255]

Description: Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service (nova-network consumption) via a large number of server-creation operations, which triggers a large number of update requests.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Group Policy
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4185 was patched at 2024-05-15

4534. Denial of Service - Libarchive (CVE-2007-3644) - Medium [255]

Description: archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Multi-format archive and compression library
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3644 was patched at 2024-05-15

4535. Denial of Service - Libarchive (CVE-2007-3645) - Medium [255]

Description: archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Multi-format archive and compression library
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3645 was patched at 2024-05-15

4536. Denial of Service - TLS (CVE-2012-4445) - Medium [255]

Description: Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TLS
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4445 was patched at 2024-05-15

4537. Denial of Service - TRIE (CVE-2012-5977) - Medium [255]

Description: Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remote attackers to cause a denial of service (resource consumption) by making anonymous calls from multiple sources and consequently adding many entries to the device state cache.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5977 was patched at 2024-05-15

4538. Denial of Service - WEBDAV (CVE-2007-3950) - Medium [255]

Description: lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving the use of incompatible format specifiers in certain debugging messages in the (1) mod_scgi, (2) mod_fastcgi, and (3) mod_webdav modules.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514WEBDAV
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3950 was patched at 2024-05-15

4539. Information Disclosure - Unknown Product (CVE-2006-0884) - Medium [255]

Description: {'vulners_cve_data_all': 'The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0884 was patched at 2024-05-15

4540. Information Disclosure - Unknown Product (CVE-2015-2310) - Medium [255]

Description: {'vulners_cve_data_all': 'Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2310 was patched at 2024-05-15

4541. Information Disclosure - Unknown Product (CVE-2016-9480) - Medium [255]

Description: {'vulners_cve_data_all': 'libdwarf 2016-10-21 allows context-dependent attackers to obtain sensitive information or cause a denial of service by using the "malformed dwarf file" approach, related to a "Heap Buffer Over-read" issue affecting the dwarf_util.c component, aka DW201611-006.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9480 was patched at 2024-05-15

4542. Information Disclosure - Unknown Product (CVE-2018-18764) - Medium [255]

Description: {'vulners_cve_data_all': 'An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in a parse_mqtt getu16 call. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18764 was patched at 2024-05-15

4543. Information Disclosure - Unknown Product (CVE-2018-18765) - Medium [255]

Description: {'vulners_cve_data_all': 'An exploitable arbitrary memory read vulnerability exists in the MQTT packet-parsing functionality of Cesanta Mongoose 6.13. It is a heap-based buffer over-read in mg_mqtt_next_subscribe_topic. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18765 was patched at 2024-05-15

4544. Information Disclosure - Unknown Product (CVE-2018-7544) - Medium [255]

Description: {'vulners_cve_data_all': 'A cross-protocol scripting issue was discovered in the management interface in OpenVPN through 2.4.5. When this interface is enabled over TCP without a password, and when no other clients are connected to this interface, attackers can execute arbitrary management commands, obtain sensitive information, or cause a denial of service (SIGTERM) by triggering XMLHttpRequest actions in a web browser. This is demonstrated by a multipart/form-data POST to http://localhost:23000 with a "signal SIGTERM" command in a TEXTAREA element. NOTE: The vendor disputes that this is a vulnerability. They state that this is the result of improper configuration of the OpenVPN instance rather than an intrinsic vulnerability, and now more explicitly warn against such configurations in both the management-interface documentation, and with a runtime warning', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7544 was patched at 2024-05-15

4545. Information Disclosure - Unknown Product (CVE-2023-47992) - Medium [255]

Description: {'vulners_cve_data_all': 'An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-47992 was patched at 2024-05-15

4546. Information Disclosure - Unknown Product (CVE-2023-47994) - Medium [255]

Description: {'vulners_cve_data_all': 'An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-47994 was patched at 2024-05-15

4547. Memory Corruption - TRIE (CVE-2019-20202) - Medium [255]

Description: {'vulners_cve_data_all': 'An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20202 was patched at 2024-05-15

4548. Memory Corruption - libjpeg (CVE-2021-39518) - Medium [255]

Description: An issue was discovered in libjpeg through 2020021. LineBuffer::FetchRegion() in linebuffer.cpp has a heap-based buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39518 was patched at 2024-05-15

4549. Security Feature Bypass - Unknown Product (CVE-2014-1936) - Medium [255]

Description: {'vulners_cve_data_all': 'rc before 1.7.1-5 insecurely creates temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1936 was patched at 2024-05-15

redos: CVE-2014-1936 was patched at 2024-05-07

4550. Security Feature Bypass - Unknown Product (CVE-2017-13704) - Medium [255]

Description: {'vulners_cve_data_all': 'In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-13704 was patched at 2024-05-15

4551. Security Feature Bypass - Unknown Product (CVE-2017-7561) - Medium [255]

Description: {'vulners_cve_data_all': 'Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7561 was patched at 2024-05-15

4552. Security Feature Bypass - Unknown Product (CVE-2018-1000211) - Medium [255]

Description: {'vulners_cve_data_all': 'Doorkeeper version 4.2.0 and later contains a Incorrect Access Control vulnerability in Token revocation API's authorized method that can result in Access tokens are not revoked for public OAuth apps, leaking access until expiry.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000211 was patched at 2024-05-15

4553. Security Feature Bypass - Unknown Product (CVE-2019-0210) - Medium [255]

Description: {'vulners_cve_data_all': 'In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-0210 was patched at 2024-05-15

4554. Security Feature Bypass - Unknown Product (CVE-2019-11494) - Medium [255]

Description: {'vulners_cve_data_all': 'In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11494 was patched at 2024-05-15

4555. Security Feature Bypass - Unknown Product (CVE-2019-12291) - Medium [255]

Description: {'vulners_cve_data_all': 'HashiCorp Consul 1.4.0 through 1.5.0 has Incorrect Access Control. Keys not matching a specific ACL rule used for prefix matching in a policy can be deleted by a token using that policy even with default deny settings configured.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12291 was patched at 2024-05-15

4556. Security Feature Bypass - Unknown Product (CVE-2019-12422) - Medium [255]

Description: {'vulners_cve_data_all': 'Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12422 was patched at 2024-05-15

4557. Security Feature Bypass - Unknown Product (CVE-2019-17347) - Medium [255]

Description: {'vulners_cve_data_all': 'An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17347 was patched at 2024-05-15

4558. Security Feature Bypass - Unknown Product (CVE-2019-17561) - Medium [255]

Description: {'vulners_cve_data_all': 'The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17561 was patched at 2024-05-15

4559. Security Feature Bypass - Unknown Product (CVE-2020-35733) - Medium [255]

Description: {'vulners_cve_data_all': 'An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35733 was patched at 2024-05-15

4560. Security Feature Bypass - Unknown Product (CVE-2021-29629) - Medium [255]

Description: {'vulners_cve_data_all': 'In FreeBSD 13.0-STABLE before n245765-bec0d2c9c841, 12.2-STABLE before r369859, 11.4-STABLE before r369866, 13.0-RELEASE before p1, 12.2-RELEASE before p7, and 11.4-RELEASE before p10, missing message validation in libradius(3) could allow malicious clients or servers to trigger denial of service in vulnerable servers or clients respectively.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29629 was patched at 2024-05-15

4561. Security Feature Bypass - Unknown Product (CVE-2021-3624) - Medium [255]

Description: {'vulners_cve_data_all': 'There is an integer overflow vulnerability in dcraw. When the victim runs dcraw with a maliciously crafted X3F input image, arbitrary code may be executed in the victim's system.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3624 was patched at 2024-05-15

4562. Security Feature Bypass - Unknown Product (CVE-2022-3510) - Medium [255]

Description: {'vulners_cve_data_all': 'A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3510 was patched at 2024-05-15

4563. Security Feature Bypass - Unknown Product (CVE-2023-24607) - Medium [255]

Description: {'vulners_cve_data_all': 'Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-24607 was patched at 2024-05-15

4564. Security Feature Bypass - Unknown Product (CVE-2023-45237) - Medium [255]

Description: {'vulners_cve_data_all': ' \nEDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.\n\n\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45237 was patched at 2024-05-15

4565. Security Feature Bypass - Unknown Product (CVE-2023-6378) - Medium [255]

Description: {'vulners_cve_data_all': 'A serialization vulnerability in logback receiver component part of \nlogback version 1.4.11 allows an attacker to mount a Denial-Of-Service \nattack by sending poisoned data.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-6378 was patched at 2024-05-15

4566. Arbitrary File Writing - Unknown Product (CVE-2002-2267) - Medium [252]

Description: {'vulners_cve_data_all': 'bogopass in bogofilter 0.9.0.4 allows local users to overwrite arbitrary files via a symlink attack on the bogopass temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-2267 was patched at 2024-05-15

4567. Arbitrary File Writing - Unknown Product (CVE-2007-4460) - Medium [252]

Description: {'vulners_cve_data_all': 'The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) 3.8.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file whose name is constructed from the name of a file being tagged.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4460 was patched at 2024-05-15

4568. Arbitrary File Writing - Unknown Product (CVE-2007-4998) - Medium [252]

Description: {'vulners_cve_data_all': 'cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same destination.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4998 was patched at 2024-05-15

4569. Arbitrary File Writing - Unknown Product (CVE-2008-3930) - Medium [252]

Description: {'vulners_cve_data_all': 'migrate_aliases.sh in Citadel Server 7.37 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3930 was patched at 2024-05-15

4570. Arbitrary File Writing - Unknown Product (CVE-2008-3931) - Medium [252]

Description: {'vulners_cve_data_all': 'javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3931 was patched at 2024-05-15

4571. Arbitrary File Writing - Unknown Product (CVE-2008-4191) - Medium [252]

Description: {'vulners_cve_data_all': 'extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4191 was patched at 2024-05-15

4572. Arbitrary File Writing - Unknown Product (CVE-2008-4474) - Medium [252]

Description: {'vulners_cve_data_all': 'freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4474 was patched at 2024-05-15

4573. Arbitrary File Writing - Unknown Product (CVE-2008-4476) - Medium [252]

Description: {'vulners_cve_data_all': 'sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4476 was patched at 2024-05-15

4574. Arbitrary File Writing - Unknown Product (CVE-2008-4935) - Medium [252]

Description: {'vulners_cve_data_all': 'asciiview in aview 1.3.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/aview#####.pgm temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4935 was patched at 2024-05-15

4575. Arbitrary File Writing - Unknown Product (CVE-2008-4936) - Medium [252]

Description: {'vulners_cve_data_all': 'faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4936 was patched at 2024-05-15

4576. Arbitrary File Writing - Unknown Product (CVE-2008-4939) - Medium [252]

Description: {'vulners_cve_data_all': 'apertium 3.0.7 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/#####.lex.cc, (b) /tmp/#####.deformat.l, (c) /tmp/#####.reformat.l, (d) /tmp/#####docxorig, (e) /tmp/#####docxsalida.zip, (f) /tmp/#####xlsxembed, (g) /tmp/#####xlsxorig, and (h) /tmp/#####xslxsalida.zip temporary files, related to the (1) apertium-gen-deformat, (2) apertium-gen-reformat, and (3) apertium scripts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4939 was patched at 2024-05-15

4577. Arbitrary File Writing - Unknown Product (CVE-2008-4941) - Medium [252]

Description: {'vulners_cve_data_all': 'arb-common 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/arb_fdnaml_*, (b) /tmp/arb_pids_*, (c) /tmp/arbdsmz.html, and (d) /tmp/arbdsmz.htm temporary files, related to the (1) arb_fastdnaml and (2) dszmconnect.pl scripts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4941 was patched at 2024-05-15

4578. Arbitrary File Writing - Unknown Product (CVE-2008-4942) - Medium [252]

Description: {'vulners_cve_data_all': 'audiolink in audiolink 0.05 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/audiolink.db.tmp and (2) /tmp/audiolink.tb.tmp temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4942 was patched at 2024-05-15

4579. Arbitrary File Writing - Unknown Product (CVE-2008-4947) - Medium [252]

Description: {'vulners_cve_data_all': 'dhis-dummy-log-engine in dhis-server 5.3 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/dhis-dummy-log-engine.log temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4947 was patched at 2024-05-15

4580. Arbitrary File Writing - Unknown Product (CVE-2008-4949) - Medium [252]

Description: {'vulners_cve_data_all': 'dist 3.5 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/cil#####, (b) /tmp/pdo#####, and (c) /tmp/pdn##### temporary files, related to the (1) patcil and (2) patdiff scripts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4949 was patched at 2024-05-15

4581. Arbitrary File Writing - Unknown Product (CVE-2008-4950) - Medium [252]

Description: {'vulners_cve_data_all': 'gccross in dpkg-cross 2.3.0 allows local users to overwrite arbitrary files via a symlink attack on the tmp/gccross2.log temporary file. NOTE: the vendor disputes this vulnerability, stating that "There is no sense in this bug - the script ... is called under specific cross-building environments within a chroot.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4950 was patched at 2024-05-15

4582. Arbitrary File Writing - Unknown Product (CVE-2008-4952) - Medium [252]

Description: {'vulners_cve_data_all': 'emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.log temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4952 was patched at 2024-05-15

4583. Arbitrary File Writing - Unknown Product (CVE-2008-4953) - Medium [252]

Description: {'vulners_cve_data_all': 'firehol in firehol 1.256 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/.firehol-tmp-#####-*-* and (2) /tmp/firehol.conf temporary files. NOTE: the vendor disputes this vulnerability, stating that an attack "would require an attacker to create 1073741824*PID-RANGE symlinks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4953 was patched at 2024-05-15

4584. Arbitrary File Writing - Unknown Product (CVE-2008-4956) - Medium [252]

Description: {'vulners_cve_data_all': 'fwb_install in fwbuilder 2.1.19 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/ssh-agent.##### temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4956 was patched at 2024-05-15

4585. Arbitrary File Writing - Unknown Product (CVE-2008-4960) - Medium [252]

Description: {'vulners_cve_data_all': 'impose in impose+ 0.2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/*-tmp.ps and (2) /tmp/bboxx-* temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4960 was patched at 2024-05-15

4586. Arbitrary File Writing - Unknown Product (CVE-2008-4965) - Medium [252]

Description: {'vulners_cve_data_all': 'liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/liguidsoap.liq, (2) /tmp/lig.#####.log, and (3) /tmp/emission.ogg temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4965 was patched at 2024-05-15

4587. Arbitrary File Writing - Unknown Product (CVE-2008-4968) - Medium [252]

Description: {'vulners_cve_data_all': 'The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/sdiff.##### temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4968 was patched at 2024-05-15

4588. Arbitrary File Writing - Unknown Product (CVE-2008-4971) - Medium [252]

Description: {'vulners_cve_data_all': 'mafft-homologs in mafft 6.240 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/_vf#?????, (2) /tmp/_if#?????, (3) /tmp/_pf#?????, (4) /tmp/_af#?????, (5) /tmp/_rid#?????, (6) /tmp/_res#?????, (7) /tmp/_q#?????, and (8) /tmp/_bf#????? temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4971 was patched at 2024-05-15

4589. Arbitrary File Writing - Unknown Product (CVE-2008-4972) - Medium [252]

Description: {'vulners_cve_data_all': 'mailgo in mgt 2.31 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mailgo##### temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4972 was patched at 2024-05-15

4590. Arbitrary File Writing - Unknown Product (CVE-2008-4973) - Medium [252]

Description: {'vulners_cve_data_all': 'i2myspell in myspell 3.1 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/i2my#####.1 and (2) /tmp/i2my#####.2 temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4973 was patched at 2024-05-15

4591. Arbitrary File Writing - Unknown Product (CVE-2008-4979) - Medium [252]

Description: {'vulners_cve_data_all': 'getipacctg in rancid 2.3.2~a8 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/ipacct.#####.prefixes, (2) /tmp/ipacct.#####.sorted, (3) /tmp/ipacct.#####.pl, and (4) /tmp/ipacct.##### temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4979 was patched at 2024-05-15

4592. Arbitrary File Writing - Unknown Product (CVE-2008-4982) - Medium [252]

Description: {'vulners_cve_data_all': 'rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rkhunter-debug temporary file. NOTE: this is probably a different vulnerability than CVE-2005-1270.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4982 was patched at 2024-05-15

4593. Arbitrary File Writing - Unknown Product (CVE-2008-4983) - Medium [252]

Description: {'vulners_cve_data_all': 'scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/SciLink#####1, (b) /tmp/SciLink#####2, (c) /tmp/SciLink#####3, (d) /tmp/*.#####, (e) /tmp/*.#####.res, (f) /tmp/*.#####.err, and (g) /tmp/*.#####.diff temporary files, related to the (1) scilink, (2) scidoc, and (3) scidem scripts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4983 was patched at 2024-05-15

4594. Arbitrary File Writing - Unknown Product (CVE-2008-4985) - Medium [252]

Description: {'vulners_cve_data_all': 'vdrleaktest in Video Disk Recorder (aka vdr-dbg or vdr) 1.6.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/memleaktest.log temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4985 was patched at 2024-05-15

4595. Arbitrary File Writing - Unknown Product (CVE-2008-4986) - Medium [252]

Description: {'vulners_cve_data_all': 'wims 3.62 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/env#####, (b) /tmp/sed#####, and (c) /tmp/referer-home.log temporary files, related to the (1) coqweb and (2) account.sh scripts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4986 was patched at 2024-05-15

4596. Arbitrary File Writing - Unknown Product (CVE-2008-4988) - Medium [252]

Description: {'vulners_cve_data_all': 'pscal in xcal 4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/pscal##### temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4988 was patched at 2024-05-15

4597. Arbitrary File Writing - Unknown Product (CVE-2008-4996) - Medium [252]

Description: {'vulners_cve_data_all': 'init in initramfs-tools 0.92f allows local users to overwrite arbitrary files via a symlink attack on the /tmp/initramfs.debug temporary file. NOTE: the vendor disputes this vulnerability, stating that "init is [used in] a single-user context; there's no possibility that this is exploitable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4996 was patched at 2024-05-15

4598. Arbitrary File Writing - Unknown Product (CVE-2008-5138) - Medium [252]

Description: {'vulners_cve_data_all': 'passwdehd in libpam-mount 0.43 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/passwdehd.##### temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5138 was patched at 2024-05-15

4599. Arbitrary File Writing - Unknown Product (CVE-2008-5141) - Medium [252]

Description: {'vulners_cve_data_all': 'flamethrower in flamethrower 0.1.8 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/multicast.tar.##### temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5141 was patched at 2024-05-15

4600. Arbitrary File Writing - Unknown Product (CVE-2008-5144) - Medium [252]

Description: {'vulners_cve_data_all': 'nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvidia-cg-toolkit-manifest temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5144 was patched at 2024-05-15

4601. Arbitrary File Writing - Unknown Product (CVE-2008-5146) - Medium [252]

Description: {'vulners_cve_data_all': 'add-accession-numbers in ctn 3.0.6 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/accession temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5146 was patched at 2024-05-15

4602. Arbitrary File Writing - Unknown Product (CVE-2008-5149) - Medium [252]

Description: {'vulners_cve_data_all': 'fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5149 was patched at 2024-05-15

4603. Arbitrary File Writing - Unknown Product (CVE-2008-5152) - Medium [252]

Description: {'vulners_cve_data_all': 'inmail-show in mh-book 200605 allows local users to overwrite arbitrary files via a symlink attack on a (1) /tmp/inmail#####.log or (2) /tmp/inmail#####.stdin temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5152 was patched at 2024-05-15

4604. Arbitrary File Writing - Unknown Product (CVE-2008-5366) - Medium [252]

Description: {'vulners_cve_data_all': 'The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/probe-finished or (2) /tmp/ppp-errors temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5366 was patched at 2024-05-15

4605. Arbitrary File Writing - Unknown Product (CVE-2008-5367) - Medium [252]

Description: {'vulners_cve_data_all': 'ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on the /tmp/resolv.conf.tmp temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5367 was patched at 2024-05-15

4606. Arbitrary File Writing - Unknown Product (CVE-2008-5368) - Medium [252]

Description: {'vulners_cve_data_all': 'muttprint in muttprint 0.72d allows local users to overwrite arbitrary files via a symlink attack on the /tmp/muttprint.log temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5368 was patched at 2024-05-15

4607. Arbitrary File Writing - Unknown Product (CVE-2008-5370) - Medium [252]

Description: {'vulners_cve_data_all': 'pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pvpgn-support-1.0.tar.gz temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5370 was patched at 2024-05-15

4608. Arbitrary File Writing - Unknown Product (CVE-2008-5371) - Medium [252]

Description: {'vulners_cve_data_all': 'screenie in screenie 1.30.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.screenie.##### temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5371 was patched at 2024-05-15

4609. Arbitrary File Writing - Unknown Product (CVE-2008-5373) - Medium [252]

Description: {'vulners_cve_data_all': 'mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5373 was patched at 2024-05-15

4610. Arbitrary File Writing - Unknown Product (CVE-2008-5375) - Medium [252]

Description: {'vulners_cve_data_all': 'cmus-status-display in cmus 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/cmus-status temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5375 was patched at 2024-05-15

4611. Arbitrary File Writing - Unknown Product (CVE-2008-5376) - Medium [252]

Description: {'vulners_cve_data_all': 'editcomment in crip 3.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/*.tag.tmp temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5376 was patched at 2024-05-15

4612. Arbitrary File Writing - Unknown Product (CVE-2008-5378) - Medium [252]

Description: {'vulners_cve_data_all': 'arb-kill in arb 0.0.20071207.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/arb_pids_*_* temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5378 was patched at 2024-05-15

4613. Arbitrary File Writing - Unknown Product (CVE-2008-6398) - Medium [252]

Description: {'vulners_cve_data_all': 'sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/recompiled$$.png, (2) /tmp/decompiled$$.sng, and (3) /tmp/canonicalized$$.sng temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6398 was patched at 2024-05-15

4614. Arbitrary File Writing - Unknown Product (CVE-2013-4400) - Medium [252]

Description: {'vulners_cve_data_all': 'virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4400 was patched at 2024-05-15

4615. Arbitrary File Writing - Unknown Product (CVE-2014-5255) - Medium [252]

Description: {'vulners_cve_data_all': 'xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5255 was patched at 2024-05-15

4616. Arbitrary File Writing - Unknown Product (CVE-2018-7441) - Medium [252]

Description: {'vulners_cve_data_all': 'Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7441 was patched at 2024-05-15

4617. Spoofing - Mozilla Firefox (CVE-2006-4568) - Medium [252]

Description: Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4568 was patched at 2024-05-15

4618. Unknown Vulnerability Type - APT (CVE-2009-1300) - Medium [252]

Description: {'vulners_cve_data_all': 'apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1300 was patched at 2024-05-15

4619. Unknown Vulnerability Type - APT (CVE-2009-1358) - Medium [252]

Description: {'vulners_cve_data_all': 'apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1358 was patched at 2024-05-15

4620. Unknown Vulnerability Type - APT (CVE-2022-3275) - Medium [252]

Description: {'vulners_cve_data_all': 'Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3275 was patched at 2024-05-15

4621. Unknown Vulnerability Type - APT (CVE-2023-38316) - Medium [252]

Description: {'vulners_cve_data_all': 'An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38316 was patched at 2024-05-15

4622. Unknown Vulnerability Type - GNOME desktop (CVE-2018-12422) - Medium [252]

Description: {'vulners_cve_data_all': 'addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes this because "the code had computed the required string length first, and then allocated a large-enough buffer on the heap.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12422 was patched at 2024-05-15

4623. Unknown Vulnerability Type - GNU C Library (CVE-1999-0199) - Medium [252]

Description: {'vulners_cve_data_all': 'manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-1999-0199 was patched at 2024-05-15

4624. Unknown Vulnerability Type - Google Chrome (CVE-2011-2162) - Medium [252]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues "originally discovered by Google Chrome developers."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2162 was patched at 2024-05-15

4625. Unknown Vulnerability Type - OpenSSH (CVE-2003-0786) - Medium [252]

Description: {'vulners_cve_data_all': 'The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0786 was patched at 2024-05-15

4626. Unknown Vulnerability Type - PHP (CVE-2004-1147) - Medium [252]

Description: {'vulners_cve_data_all': 'phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1147 was patched at 2024-05-15

4627. Unknown Vulnerability Type - PHP (CVE-2007-0203) - Medium [252]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0203 was patched at 2024-05-15

4628. Unknown Vulnerability Type - PHP (CVE-2007-2714) - Medium [252]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2714 was patched at 2024-05-15

4629. Unknown Vulnerability Type - PHP (CVE-2011-1028) - Medium [252]

Description: {'vulners_cve_data_all': 'The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1028 was patched at 2024-05-15

4630. Unknown Vulnerability Type - PHP (CVE-2012-4570) - Medium [252]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4570 was patched at 2024-05-15

4631. Unknown Vulnerability Type - PHP (CVE-2016-10204) - Medium [252]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in Zoneminder 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the limit parameter in a log query request to index.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10204 was patched at 2024-05-15

4632. Unknown Vulnerability Type - PHP (CVE-2016-5703) - Medium [252]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5703 was patched at 2024-05-15

4633. Unknown Vulnerability Type - PHP (CVE-2016-6629) - Medium [252]

Description: {'vulners_cve_data_all': 'An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6629 was patched at 2024-05-15

4634. Unknown Vulnerability Type - PHP (CVE-2016-7405) - Medium [252]

Description: {'vulners_cve_data_all': 'The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7405 was patched at 2024-05-15

ubuntu: CVE-2016-7405 was patched at 2024-06-10

4635. Unknown Vulnerability Type - PHP (CVE-2017-16896) - Medium [252]

Description: {'vulners_cve_data_all': 'A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16896 was patched at 2024-05-15

4636. Unknown Vulnerability Type - PHP (CVE-2018-10362) - Medium [252]

Description: {'vulners_cve_data_all': 'An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for the user-provided login password, it is possible to login with a simpler password if the password has the form of a power in scientific notation (like '2e2' for '200' or '0e1234' for '0'). This is possible because, in the loose comparison case, PHP interprets the string as a number in scientific notation, and thus converts it to a number. After that, the comparison with '==' casts the user input (e.g., the string '200' or '0') to a number, too. Hence the attacker can login with just a '0' or a simple number he has to brute force. Strong comparison with '===' prevents the cast into numbers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10362 was patched at 2024-05-15

4637. Unknown Vulnerability Type - PHP (CVE-2018-18249) - Medium [252]

Description: {'vulners_cve_data_all': 'Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18249 was patched at 2024-05-15

4638. Unknown Vulnerability Type - PHP (CVE-2019-11325) - Medium [252]

Description: {'vulners_cve_data_all': 'An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11325 was patched at 2024-05-15

4639. Unknown Vulnerability Type - PHP (CVE-2019-18622) - Medium [252]

Description: {'vulners_cve_data_all': 'An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-18622 was patched at 2024-05-15

4640. Unknown Vulnerability Type - PHP (CVE-2019-9025) - Medium [252]

Description: {'vulners_cve_data_all': 'An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9025 was patched at 2024-05-15

4641. Unknown Vulnerability Type - PHP (CVE-2020-18185) - Medium [252]

Description: {'vulners_cve_data_all': 'class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18185 was patched at 2024-05-15

4642. Unknown Vulnerability Type - PHP (CVE-2021-29476) - Medium [252]

Description: {'vulners_cve_data_all': 'Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29476 was patched at 2024-05-15

4643. Unknown Vulnerability Type - PHP (CVE-2023-43371) - Medium [252]

Description: {'vulners_cve_data_all': 'Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-43371 was patched at 2024-05-15

4644. Unknown Vulnerability Type - PHP (CVE-2023-43373) - Medium [252]

Description: {'vulners_cve_data_all': 'Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-43373 was patched at 2024-05-15

4645. Unknown Vulnerability Type - PHP (CVE-2023-43374) - Medium [252]

Description: {'vulners_cve_data_all': 'Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-43374 was patched at 2024-05-15

4646. Unknown Vulnerability Type - PHP (CVE-2023-43375) - Medium [252]

Description: {'vulners_cve_data_all': 'Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-43375 was patched at 2024-05-15

4647. Denial of Service - Git (CVE-2021-23351) - Medium [251]

Description: The package github.com/pires/go-proxyproto before 0.5.0 are vulnerable to Denial of Service (DoS) via the parseVersion1() function. The reader in this package is a default bufio.Reader wrapping a net.Conn. It will read from the connection until it finds a newline. Since no limits are implemented in the code, a deliberately malformed V1 header could be used to exhaust memory in a server process using this code - and create a DoS. This can be exploited by sending a stream starting with PROXY and continuing to send data (which does not contain a newline) until the target stops acknowledging. The risk here is small, because only trusted sources should be allowed to send proxy protocol headers.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Git
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-23351 was patched at 2024-05-15

4648. Denial of Service - Git (CVE-2023-26044) - Medium [251]

Description: react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impact on the default configuration, but can be exploited when explicitly using the RequestBodyBufferMiddleware with very large settings. This might lead to consuming large amounts of CPU time for processing requests and significantly delay or slow down the processing of legitimate user requests. This issue has been addressed in release 1.9.0. Users are advised to upgrade. Users unable to upgrade may keep the request body limited using RequestBodyBufferMiddleware with a sensible value which should mitigate the issue. An infrastructure or DevOps workaround could be to place a reverse proxy in front of the ReactPHP HTTP server to filter out any excessive HTTP request bodies.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.414Git
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26044 was patched at 2024-05-15

4649. Incorrect Calculation - GPAC (CVE-2021-29279) - Medium [251]

Description: There is a integer overflow in function filter_core/filter_props.c:gf_props_assign_value in GPAC 1.0.1. In which, the arg const GF_PropertyValue *value,maybe value->value.data.size is a negative number. In result, memcpy in gf_props_assign_value failed.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29279 was patched at 2024-05-15

4650. Memory Corruption - GPAC (CVE-2020-35979) - Medium [251]

Description: An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35979 was patched at 2024-05-15

4651. Memory Corruption - GPAC (CVE-2022-2453) - Medium [251]

Description: Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2453 was patched at 2024-05-15

4652. Memory Corruption - GPAC (CVE-2022-24575) - Medium [251]

Description: GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24575 was patched at 2024-05-15

4653. Memory Corruption - GPAC (CVE-2022-43042) - Medium [251]

Description: GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-43042 was patched at 2024-05-15

4654. Memory Corruption - GPAC (CVE-2022-47093) - Medium [251]

Description: GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pid

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-47093 was patched at 2024-05-15

4655. Memory Corruption - GPAC (CVE-2023-5998) - Medium [251]

Description: Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-5998 was patched at 2024-05-15

4656. Memory Corruption - GPAC (CVE-2024-24265) - Medium [251]

Description: gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-24265 was patched at 2024-05-15

4657. Memory Corruption - GPAC (CVE-2024-24267) - Medium [251]

Description: gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-24267 was patched at 2024-05-15

4658. Memory Corruption - Git (CVE-2020-22284) - Medium [251]

Description: A buffer overflow vulnerability in the zepif_linkoutput() function of Free Software Foundation lwIP git head version and version 2.1.2 allows attackers to access sensitive information via a crafted 6LoWPAN packet.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-22284 was patched at 2024-05-15

4659. Memory Corruption - Git (CVE-2021-41959) - Medium [251]

Description: JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41959 was patched at 2024-05-15

4660. Memory Corruption - Git (CVE-2023-31722) - Medium [251]

Description: There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31722 was patched at 2024-05-15

4661. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52656) - Medium [251]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: drop any code related to SCM_RIGHTS\n\nThis is dead code after we dropped support for passing io_uring fds\nover SCM_RIGHTS, get rid of it.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52656 was patched at 2024-05-15

ubuntu: CVE-2023-52656 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

4662. Remote Code Execution - Unknown Product (CVE-2004-2160) - Medium [250]

Description: {'vulners_cve_data_all': 'Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2160 was patched at 2024-05-15

4663. Remote Code Execution - Unknown Product (CVE-2006-1827) - Medium [250]

Description: {'vulners_cve_data_all': 'Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1827 was patched at 2024-05-15

4664. Remote Code Execution - Unknown Product (CVE-2006-2781) - Medium [250]

Description: {'vulners_cve_data_all': 'Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2781 was patched at 2024-05-15

4665. Remote Code Execution - Unknown Product (CVE-2006-5072) - Medium [250]

Description: {'vulners_cve_data_all': 'The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5072 was patched at 2024-05-15

4666. Remote Code Execution - Unknown Product (CVE-2007-2452) - Medium [250]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2452 was patched at 2024-05-15

4667. Remote Code Execution - Unknown Product (CVE-2007-4337) - Medium [250]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in the httplib_parse_sc_header function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long (1) Location and (2) Server HTTP headers, a different vulnerability than CVE-2006-3124.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4337 was patched at 2024-05-15

4668. Remote Code Execution - Unknown Product (CVE-2009-1086) - Medium [250]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1086 was patched at 2024-05-15

4669. Remote Code Execution - Unknown Product (CVE-2011-0495) - Medium [250]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0495 was patched at 2024-05-15

4670. Remote Code Execution - Unknown Product (CVE-2020-24890) - Medium [250]

Description: {'vulners_cve_data_all': 'libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution. Note: this vulnerability occurs only if you compile the software in a certain way', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24890 was patched at 2024-05-15

4671. Remote Code Execution - Unknown Product (CVE-2023-46998) - Medium [250]

Description: {'vulners_cve_data_all': 'Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46998 was patched at 2024-05-15

4672. Remote Code Execution - Unknown Product (CVE-2023-49469) - Medium [250]

Description: {'vulners_cve_data_all': 'Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2, allows remote attackers to execute arbitrary code via search tag function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49469 was patched at 2024-05-15

4673. Unknown Vulnerability Type - Kerberos (CVE-2006-3083) - Medium [250]

Description: {'vulners_cve_data_all': 'The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3083 was patched at 2024-05-15

4674. Unknown Vulnerability Type - Kerberos (CVE-2006-3084) - Medium [250]

Description: {'vulners_cve_data_all': 'The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3084 was patched at 2024-05-15

4675. Unknown Vulnerability Type - Unknown Product (CVE-2008-1946) - Medium [250]

Description: {'vulners_cve_data_all': 'The default configuration of su in /etc/pam.d/su in GNU coreutils 5.2.1 allows local users to gain the privileges of a (1) locked or (2) expired account by entering the account name on the command line, related to improper use of the pam_succeed_if.so module.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] GNU Coreutils pam_succeed_if PAM模块本地绕过认证漏洞, [seebug] GNU Coreutils 'pam_succeed_if' PAM本地验证绕过漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1946 was patched at 2024-05-15

4676. Unknown Vulnerability Type - Unknown Product (CVE-2009-0842) - Medium [250]

Description: {'vulners_cve_data_all': 'mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows remote attackers to read arbitrary invalid .map files via a full pathname in the map parameter, which triggers the display of partial file contents within an error message, as demonstrated by a /tmp/sekrut.map symlink.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] MapServer mapserv程序多个远程安全漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0842 was patched at 2024-05-15

4677. Unknown Vulnerability Type - Unknown Product (CVE-2011-2777) - Medium [250]

Description: {'vulners_cve_data_all': 'samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.0411.10) - Boundary Crossing Privilege Escalation, [seebug] Acpid 1:2.0.10-1ubuntu2 Privilege Boundary Crossing Vulnerability, [packetstorm] Acpid Privilege Boundary Crossing, [exploitdb] Acpid 1:2.0.10-1ubuntu2 (Ubuntu 11.04/11.10) - Boundary Crossing Privilege Escalation)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2777 was patched at 2024-05-15

4678. Unknown Vulnerability Type - Unknown Product (CVE-2012-2417) - Medium [250]

Description: {'vulners_cve_data_all': 'PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Python PyCrypto密钥生成漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2417 was patched at 2024-05-15

4679. Unknown Vulnerability Type - Unknown Product (CVE-2012-2736) - Medium [250]

Description: {'vulners_cve_data_all': 'In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] GNOME NetworkManager AdHoc无线安全漏洞( CVE-2012-2736))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2736 was patched at 2024-05-15

4680. Unknown Vulnerability Type - Unknown Product (CVE-2013-0276) - Medium [250]

Description: {'vulners_cve_data_all': 'ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Ruby on Rails 远程安全绕过漏洞(CVE-2013-0276))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0276 was patched at 2024-05-15

4681. Unknown Vulnerability Type - Unknown Product (CVE-2013-0305) - Medium [250]

Description: {'vulners_cve_data_all': 'The administrative interface for Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 does not check permissions for the history view, which allows remote authenticated administrators to obtain sensitive object history information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Django 1.3/1.4 拒绝服务和信息泄露漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0305 was patched at 2024-05-15

4682. Unknown Vulnerability Type - Unknown Product (CVE-2013-6428) - Medium [250]

Description: {'vulners_cve_data_all': 'The ReST API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 allows remote authenticated users to bypass the tenant scoping restrictions via a modified tenant_id in the request path.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenStack Heat ReST API校验特权提升漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6428 was patched at 2024-05-15

4683. Unknown Vulnerability Type - Unknown Product (CVE-2014-2387) - Medium [250]

Description: {'vulners_cve_data_all': 'Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Pen 'penctl.cgi'多个不安全临时文件创建漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2387 was patched at 2024-05-15

4684. Unknown Vulnerability Type - Unknown Product (CVE-2021-42948) - Medium [250]

Description: {'vulners_cve_data_all': 'HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for CVE-2021-42948)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42948 was patched at 2024-05-15

4685. Denial of Service - Perl (CVE-2005-2097) - Medium [248]

Description: xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2097 was patched at 2024-05-15

4686. Denial of Service - Perl (CVE-2009-2911) - Medium [248]

Description: SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operation with a large number of arguments that trigger a kernel stack overflow, (2) cause a denial of service via crafted DWARF expressions that trigger a kernel stack frame overflow, or (3) cause a denial of service (infinite loop) via vectors that trigger creation of large unwind tables, related to Common Information Entry (CIE) and Call Frame Instruction (CFI) records.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2911 was patched at 2024-05-15

4687. Denial of Service - Perl (CVE-2011-1159) - Medium [248]

Description: acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1159 was patched at 2024-05-15

4688. Denial of Service - Perl (CVE-2012-0218) - Medium [248]

Description: Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler for a syscall or sysenter instruction, does not properly clear a flag for exception injection when injecting a General Protection Fault, which allows local PV guest OS users to cause a denial of service (guest crash) by later triggering an exception that would normally be handled within Xen.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0218 was patched at 2024-05-15

4689. Denial of Service - Perl (CVE-2012-3432) - Medium [248]

Description: The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations emulator for Xen 3.3 and 4.x, when running an HVM guest, does not properly reset certain state information between emulation cycles, which allows local guest OS users to cause a denial of service (guest OS crash) via unspecified operations on MMIO regions.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3432 was patched at 2024-05-15

4690. Denial of Service - Perl (CVE-2013-1917) - Medium [248]

Description: Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not clear the NT flag when using an IRET after a SYSENTER instruction, which allows PV guest users to cause a denial of service (hypervisor crash) by triggering a #GP fault, which is not properly handled by another IRET instruction.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1917 was patched at 2024-05-15

4691. Denial of Service - Perl (CVE-2014-0979) - Medium [248]

Description: The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, which allows local users to cause a denial of service (NULL pointer dereference) via an empty username.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0979 was patched at 2024-05-15

4692. Denial of Service - Wireshark (CVE-2009-0601) - Medium [248]

Description: Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0601 was patched at 2024-05-15

4693. Memory Corruption - Perl (CVE-2004-0103) - Medium [248]

Description: crawl before 4.0.0 beta23 does not properly "apply a size check" when copying a certain environment variable, which may allow local users to gain privileges, possibly as a result of a buffer overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0103 was patched at 2024-05-15

4694. Memory Corruption - Perl (CVE-2005-2151) - Medium [248]

Description: spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2151 was patched at 2024-05-15

4695. Memory Corruption - Perl (CVE-2013-1061) - Medium [248]

Description: dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1061 was patched at 2024-05-15

4696. Elevation of Privilege - Unknown Product (CVE-2011-3349) - Medium [247]

Description: {'vulners_cve_data_all': 'lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3349 was patched at 2024-05-15

4697. Elevation of Privilege - Unknown Product (CVE-2012-1093) - Medium [247]

Description: {'vulners_cve_data_all': 'The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1093 was patched at 2024-05-15

4698. Elevation of Privilege - Unknown Product (CVE-2012-3409) - Medium [247]

Description: {'vulners_cve_data_all': 'ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3409 was patched at 2024-05-15

4699. Elevation of Privilege - Unknown Product (CVE-2012-4576) - Medium [247]

Description: {'vulners_cve_data_all': 'FreeBSD: Input Validation Flaw allows local users to gain elevated privileges', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4576 was patched at 2024-05-15

4700. Elevation of Privilege - Unknown Product (CVE-2017-0752) - Medium [247]

Description: {'vulners_cve_data_all': 'A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0752 was patched at 2024-05-15

4701. Elevation of Privilege - Unknown Product (CVE-2017-1087) - Medium [247]

Description: {'vulners_cve_data_all': 'In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24 named paths are globally scoped, meaning a process located in one jail can read and modify the content of POSIX shared memory objects created by a process in another jail or the host system. As a result, a malicious user that has access to a jailed system is able to abuse shared memory by injecting malicious content in the shared memory region. This memory region might be executed by applications trusting the shared memory, like Squid. This issue could lead to a Denial of Service or local privilege escalation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1087 was patched at 2024-05-15

debian: CVE-2017-10872 was patched at 2024-05-15

4702. Elevation of Privilege - Unknown Product (CVE-2017-7501) - Medium [247]

Description: {'vulners_cve_data_all': 'It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7501 was patched at 2024-05-15

4703. Elevation of Privilege - Unknown Product (CVE-2018-10361) - Medium [247]

Description: {'vulners_cve_data_all': 'An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10361 was patched at 2024-05-15

4704. Elevation of Privilege - Unknown Product (CVE-2018-1272) - Medium [247]

Description: {'vulners_cve_data_all': 'Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1272 was patched at 2024-05-15

4705. Elevation of Privilege - Unknown Product (CVE-2018-9385) - Medium [247]

Description: {'vulners_cve_data_all': 'In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74128061 References: Upstream kernel.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-9385 was patched at 2024-05-15

4706. Elevation of Privilege - Unknown Product (CVE-2019-0145) - Medium [247]

Description: {'vulners_cve_data_all': 'Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-0145 was patched at 2024-05-15

4707. Elevation of Privilege - Unknown Product (CVE-2019-19882) - Medium [247]

Description: {'vulners_cve_data_all': 'shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19882 was patched at 2024-05-15

4708. Elevation of Privilege - Unknown Product (CVE-2020-0110) - Medium [247]

Description: {'vulners_cve_data_all': 'In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-0110 was patched at 2024-05-15

4709. Elevation of Privilege - Unknown Product (CVE-2020-0430) - Medium [247]

Description: {'vulners_cve_data_all': 'In skb_headlen of /include/linux/skbuff.h, there is a possible out of bounds read due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153881554', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-0430 was patched at 2024-05-15

4710. Elevation of Privilege - Unknown Product (CVE-2020-0432) - Medium [247]

Description: {'vulners_cve_data_all': 'In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-0432 was patched at 2024-05-15

4711. Elevation of Privilege - Unknown Product (CVE-2020-0433) - Medium [247]

Description: {'vulners_cve_data_all': 'In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151939299', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-0433 was patched at 2024-05-15

4712. Elevation of Privilege - Unknown Product (CVE-2020-0478) - Medium [247]

Description: {'vulners_cve_data_all': 'In extend_frame_lowbd of restoration.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150780418', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-0478 was patched at 2024-05-15

4713. Elevation of Privilege - Unknown Product (CVE-2020-8903) - Medium [247]

Description: {'vulners_cve_data_all': 'A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible to set the IP address and hostname of the instance to any value, which is then stored in /etc/hosts. An attacker can then point metadata.google.internal to an arbitrary IP address and impersonate the GCE metadata server which make it is possible to instruct the OS Login PAM module to grant administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the "adm" user from the OS Login entry.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-8903 was patched at 2024-05-15

4714. Elevation of Privilege - Unknown Product (CVE-2021-0707) - Medium [247]

Description: {'vulners_cve_data_all': 'In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References: Upstream kernel', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-0707 was patched at 2024-05-15

4715. Elevation of Privilege - Unknown Product (CVE-2021-0929) - Medium [247]

Description: {'vulners_cve_data_all': 'In ion_dma_buf_end_cpu_access and related functions of ion.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-187527909References: Upstream kernel', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-0929 was patched at 2024-05-15

4716. Elevation of Privilege - Unknown Product (CVE-2021-39634) - Medium [247]

Description: {'vulners_cve_data_all': 'In fs/eventpoll.c, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204450605References: Upstream kernel', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39634 was patched at 2024-05-15

4717. Elevation of Privilege - Unknown Product (CVE-2021-44038) - Medium [247]

Description: {'vulners_cve_data_all': 'An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44038 was patched at 2024-05-15

4718. Elevation of Privilege - Unknown Product (CVE-2022-20568) - Medium [247]

Description: {'vulners_cve_data_all': 'In (TBD) of (TBD), there is a possible way to corrupt kernel memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220738351References: Upstream kernel', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-20568 was patched at 2024-05-15

4719. Elevation of Privilege - Unknown Product (CVE-2023-0240) - Medium [247]

Description: {'vulners_cve_data_all': 'There is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation.\n\nIn the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0240 was patched at 2024-05-15

4720. Elevation of Privilege - Unknown Product (CVE-2023-46277) - Medium [247]

Description: {'vulners_cve_data_all': 'please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46277 was patched at 2024-05-15

4721. Elevation of Privilege - Unknown Product (CVE-2024-23831) - Medium [247]

Description: {'vulners_cve_data_all': 'LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23831 was patched at 2024-05-15

4722. Authentication Bypass - Unknown Product (CVE-2007-0844) - Medium [246]

Description: {'vulners_cve_data_all': 'The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when the allow_blank_passphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0844 was patched at 2024-05-15

4723. Authentication Bypass - Unknown Product (CVE-2013-6171) - Medium [246]

Description: {'vulners_cve_data_all': 'checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6171 was patched at 2024-05-15

4724. Authentication Bypass - Unknown Product (CVE-2016-2048) - Medium [246]

Description: {'vulners_cve_data_all': 'Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2048 was patched at 2024-05-15

4725. Authentication Bypass - Unknown Product (CVE-2018-5389) - Medium [246]

Description: {'vulners_cve_data_all': 'The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks. Reusing a key pair across different versions and modes of IKE could lead to cross-protocol authentication bypasses. It is well known, that the aggressive mode of IKEv1 PSK is vulnerable to offline dictionary or brute force attacks. For the main mode, however, only an online attack against PSK authentication was thought to be feasible. This vulnerability could allow an attacker to recover a weak Pre-Shared Key or enable the impersonation of a victim host or network.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-5389 was patched at 2024-05-15

4726. Authentication Bypass - Unknown Product (CVE-2020-17521) - Medium [246]

Description: {'vulners_cve_data_all': 'Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-17521 was patched at 2024-05-15

4727. Denial of Service - Artifex Ghostscript (CVE-2017-8908) - Medium [246]

Description: The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PostScript document.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.314Artifex Ghostscript is an interpreter for the PostScript® language and PDF files
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8908 was patched at 2024-05-15

4728. Denial of Service - Visual Studio (CVE-2024-30046) - Medium [246]

Description: Visual Studio Denial of Service Vulnerability

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.314Integrated development environment
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-30046 was patched at 2024-05-14, 2024-05-15, 2024-05-23

oraclelinux: CVE-2024-30046 was patched at 2024-05-14, 2024-05-29

redhat: CVE-2024-30046 was patched at 2024-05-14, 2024-05-15, 2024-05-23

ubuntu: CVE-2024-30046 was patched at 2024-05-16

4729. Cross Site Scripting - Git (CVE-2007-1732) - Medium [245]

Description: Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: another researcher disputes this issue, stating that this is legitimate functionality for administrators. However, it has been patched by at least one vendor

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common0.414Git
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1732 was patched at 2024-05-15

4730. Remote Code Execution - GPAC (CVE-2023-46426) - Medium [245]

Description: Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) via gf_fwrite component in at utils/os_file.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46426 was patched at 2024-05-15

4731. Remote Code Execution - GPAC (CVE-2023-46427) - Medium [245]

Description: An issue was discovered in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), and obtain sensitive information via null pointer deference in gf_dash_setup_period component in media_tools/dash_client.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46427 was patched at 2024-05-15

4732. Unknown Vulnerability Type - Apache HTTP Server (CVE-2011-2688) - Medium [245]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2688 was patched at 2024-05-15

4733. Unknown Vulnerability Type - GitLab (CVE-2023-5332) - Medium [245]

Description: {'vulners_cve_data_all': 'Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914GitLab is a DevOps software package that combines the ability to develop, secure, and operate software in a single application
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-5332 was patched at 2024-05-15

4734. Unknown Vulnerability Type - HTTP/2 (CVE-2024-32663) - Medium [245]

Description: {'vulners_cve_data_all': 'Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, a small amount of HTTP/2 traffic can lead to Suricata using a large amount of memory. The issue has been addressed in Suricata 7.0.5 and 6.0.19. Workarounds include disabling the HTTP/2 parser and reducing `app-layer.protocols.http2.max-table-size` value (default is 65536).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32663 was patched at 2024-05-15

4735. Unknown Vulnerability Type - Linux Kernel (CVE-2014-9870) - Medium [245]

Description: {'vulners_cve_data_all': 'The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9870 was patched at 2024-05-15

4736. Unknown Vulnerability Type - Linux Kernel (CVE-2014-9922) - Medium [245]

Description: {'vulners_cve_data_all': 'The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9922 was patched at 2024-05-15

4737. Unknown Vulnerability Type - Linux Kernel (CVE-2015-9004) - Medium [245]

Description: {'vulners_cve_data_all': 'kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-9004 was patched at 2024-05-15

4738. Unknown Vulnerability Type - Linux Kernel (CVE-2016-7912) - Medium [245]

Description: {'vulners_cve_data_all': 'Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data structure after a certain callback call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7912 was patched at 2024-05-15

4739. Unknown Vulnerability Type - Linux Kernel (CVE-2017-8072) - Medium [245]

Description: {'vulners_cve_data_all': 'The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 does not have the expected EIO error status for a zero-length report, which allows local users to have an unspecified impact via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8072 was patched at 2024-05-15

4740. Unknown Vulnerability Type - Linux Kernel (CVE-2018-18653) - Medium [245]

Description: {'vulners_cve_data_all': 'The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the result of signature verification.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18653 was patched at 2024-05-15

4741. Unknown Vulnerability Type - Linux Kernel (CVE-2018-6412) - Medium [245]

Description: {'vulners_cve_data_all': 'In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6412 was patched at 2024-05-15

4742. Unknown Vulnerability Type - Linux Kernel (CVE-2020-11725) - Medium [245]

Description: {'vulners_cve_data_all': 'snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info->owner field in a safe way', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11725 was patched at 2024-05-15

4743. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46950) - Medium [245]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid1: properly indicate failure when ending a failed write request\n\nThis patch addresses a data corruption bug in raid1 arrays using bitmaps.\nWithout this fix, the bitmap bits for the failed I/O end up being cleared.\n\nSince we are in the failure leg of raid1_end_write_request, the request\neither needs to be retried (R1BIO_WriteError) or failed (R1BIO_Degraded).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46950 was patched at 2024-05-15

4744. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47194) - Medium [245]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncfg80211: call cfg80211_stop_ap when switch from P2P_GO type\n\nIf the userspace tools switch from NL80211_IFTYPE_P2P_GO to\nNL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), it\ndoes not call the cleanup cfg80211_stop_ap(), this leads to the\ninitialization of in-use data. For example, this path re-init the\nsdata->assigned_chanctx_list while it is still an element of\nassigned_vifs list, and makes that linked list corrupt.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47194 was patched at 2024-05-15

4745. Unknown Vulnerability Type - Linux Kernel (CVE-2022-1678) - Medium [245]

Description: {'vulners_cve_data_all': 'An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1678 was patched at 2024-05-15

4746. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48658) - Medium [245]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context.\n\nCommit 5a836bf6b09f ("mm: slub: move flush_cpu_slab() invocations\n__free_slab() invocations out of IRQ context") moved all flush_cpu_slab()\ninvocations to the global workqueue to avoid a problem related\nwith deactivate_slab()/__free_slab() being called from an IRQ context\non PREEMPT_RT kernels.\n\nWhen the flush_all_cpu_locked() function is called from a task context\nit may happen that a workqueue with WQ_MEM_RECLAIM bit set ends up\nflushing the global workqueue, this will cause a dependency issue.\n\n workqueue: WQ_MEM_RECLAIM nvme-delete-wq:nvme_delete_ctrl_work [nvme_core]\n is flushing !WQ_MEM_RECLAIM events:flush_cpu_slab\n WARNING: CPU: 37 PID: 410 at kernel/workqueue.c:2637\n check_flush_dependency+0x10a/0x120\n Workqueue: nvme-delete-wq nvme_delete_ctrl_work [nvme_core]\n RIP: 0010:check_flush_dependency+0x10a/0x120[ 453.262125] Call Trace:\n __flush_work.isra.0+0xbf/0x220\n ? __queue_work+0x1dc/0x420\n flush_all_cpus_locked+0xfb/0x120\n __kmem_cache_shutdown+0x2b/0x320\n kmem_cache_destroy+0x49/0x100\n bioset_exit+0x143/0x190\n blk_release_queue+0xb9/0x100\n kobject_cleanup+0x37/0x130\n nvme_fc_ctrl_free+0xc6/0x150 [nvme_fc]\n nvme_free_ctrl+0x1ac/0x2b0 [nvme_core]\n\nFix this bug by creating a workqueue for the flush operation with\nthe WQ_MEM_RECLAIM bit set.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48658 was patched at 2024-05-15

4747. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48662) - Medium [245]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gem: Really move i915_gem_context.link under ref protection\n\ni915_perf assumes that it can use the i915_gem_context reference to\nprotect its i915->gem.contexts.list iteration. However, this requires\nthat we do not remove the context from the list until after we drop the\nfinal reference and release the struct. If, as currently, we remove the\ncontext from the list during context_close(), the link.next pointer may\nbe poisoned while we are holding the context reference and cause a GPF:\n\n[ 4070.573157] i915 0000:00:02.0: [drm:i915_perf_open_ioctl [i915]] filtering on ctx_id=0x1fffff ctx_id_mask=0x1fffff\n[ 4070.574881] general protection fault, probably for non-canonical address 0xdead000000000100: 0000 [#1] PREEMPT SMP\n[ 4070.574897] CPU: 1 PID: 284392 Comm: amd_performance Tainted: G E 5.17.9 #180\n[ 4070.574903] Hardware name: Intel Corporation NUC7i5BNK/NUC7i5BNB, BIOS BNKBL357.86A.0052.2017.0918.1346 09/18/2017\n[ 4070.574907] RIP: 0010:oa_configure_all_contexts.isra.0+0x222/0x350 [i915]\n[ 4070.574982] Code: 08 e8 32 6e 10 e1 4d 8b 6d 50 b8 ff ff ff ff 49 83 ed 50 f0 41 0f c1 04 24 83 f8 01 0f 84 e3 00 00 00 85 c0 0f 8e fa 00 00 00 <49> 8b 45 50 48 8d 70 b0 49 8d 45 50 48 39 44 24 10 0f 85 34 fe ff\n[ 4070.574990] RSP: 0018:ffffc90002077b78 EFLAGS: 00010202\n[ 4070.574995] RAX: 0000000000000002 RBX: 0000000000000002 RCX: 0000000000000000\n[ 4070.575000] RDX: 0000000000000001 RSI: ffffc90002077b20 RDI: ffff88810ddc7c68\n[ 4070.575004] RBP: 0000000000000001 R08: ffff888103242648 R09: fffffffffffffffc\n[ 4070.575008] R10: ffffffff82c50bc0 R11: 0000000000025c80 R12: ffff888101bf1860\n[ 4070.575012] R13: dead0000000000b0 R14: ffffc90002077c04 R15: ffff88810be5cabc\n[ 4070.575016] FS: 00007f1ed50c0780(0000) GS:ffff88885ec80000(0000) knlGS:0000000000000000\n[ 4070.575021] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4070.575025] CR2: 00007f1ed5590280 CR3: 000000010ef6f005 CR4: 00000000003706e0\n[ 4070.575029] Call Trace:\n[ 4070.575033] <TASK>\n[ 4070.575037] lrc_configure_all_contexts+0x13e/0x150 [i915]\n[ 4070.575103] gen8_enable_metric_set+0x4d/0x90 [i915]\n[ 4070.575164] i915_perf_open_ioctl+0xbc0/0x1500 [i915]\n[ 4070.575224] ? asm_common_interrupt+0x1e/0x40\n[ 4070.575232] ? i915_oa_init_reg_state+0x110/0x110 [i915]\n[ 4070.575290] drm_ioctl_kernel+0x85/0x110\n[ 4070.575296] ? update_load_avg+0x5f/0x5e0\n[ 4070.575302] drm_ioctl+0x1d3/0x370\n[ 4070.575307] ? i915_oa_init_reg_state+0x110/0x110 [i915]\n[ 4070.575382] ? gen8_gt_irq_handler+0x46/0x130 [i915]\n[ 4070.575445] __x64_sys_ioctl+0x3c4/0x8d0\n[ 4070.575451] ? __do_softirq+0xaa/0x1d2\n[ 4070.575456] do_syscall_64+0x35/0x80\n[ 4070.575461] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 4070.575467] RIP: 0033:0x7f1ed5c10397\n[ 4070.575471] Code: 3c 1c e8 1c ff ff ff 85 c0 79 87 49 c7 c4 ff ff ff ff 5b 5d 4c 89 e0 41 5c c3 66 0f 1f 84 00 00 00 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a9 da 0d 00 f7 d8 64 89 01 48\n[ 4070.575478] RSP: 002b:00007ffd65c8d7a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n[ 4070.575484] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00007f1ed5c10397\n[ 4070.575488] RDX: 00007ffd65c8d7c0 RSI: 0000000040106476 RDI: 0000000000000006\n[ 4070.575492] RBP: 00005620972f9c60 R08: 000000000000000a R09: 0000000000000005\n[ 4070.575496] R10: 000000000000000d R11: 0000000000000246 R12: 000000000000000a\n[ 4070.575500] R13: 000000000000000d R14: 0000000000000000 R15: 00007ffd65c8d7c0\n[ 4070.575505] </TASK>\n[ 4070.575507] Modules linked in: nls_ascii(E) nls_cp437(E) vfat(E) fat(E) i915(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) crct10dif_pclmul(E) crc32_pclmul(E) crc32c_intel(E) aesni_intel(E) crypto_simd(E) intel_gtt(E) cryptd(E) ttm(E) rapl(E) intel_cstate(E) drm_kms_helper(E) cfbfillrect(E) syscopyarea(E) cfbimgblt(E) intel_uncore(E) sysfillrect(E) mei_me(E) sysimgblt(E) i2c_i801(E) fb_sys_fops(E) mei(E) intel_pch_thermal(E) i2c_smbus\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48662 was patched at 2024-05-15

4748. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48672) - Medium [245]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nof: fdt: fix off-by-one error in unflatten_dt_nodes()\n\nCommit 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree")\nforgot to fix up the depth check in the loop body in unflatten_dt_nodes()\nwhich makes it possible to overflow the nps[] buffer...\n\nFound by Linux Verification Center (linuxtesting.org) with the SVACE static\nanalysis tool.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48672 was patched at 2024-05-15

4749. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48686) - Medium [245]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-tcp: fix UAF when detecting digest errors\n\nWe should also bail from the io_work loop when we set rd_enabled to true,\nso we don't attempt to read data from the socket when the TCP stream is\nalready out-of-sync or corrupted.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48686 was patched at 2024-05-15

4750. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48694) - Medium [245]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix drain SQ hang with no completion\n\nSW generated completions for outstanding WRs posted on SQ\nafter QP is in error target the wrong CQ. This causes the\nib_drain_sq to hang with no completion.\n\nFix this to generate completions on the right CQ.\n\n[ 863.969340] INFO: task kworker/u52:2:671 blocked for more than 122 seconds.\n[ 863.979224] Not tainted 5.14.0-130.el9.x86_64 #1\n[ 863.986588] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.\n[ 863.996997] task:kworker/u52:2 state:D stack: 0 pid: 671 ppid: 2 flags:0x00004000\n[ 864.007272] Workqueue: xprtiod xprt_autoclose [sunrpc]\n[ 864.014056] Call Trace:\n[ 864.017575] __schedule+0x206/0x580\n[ 864.022296] schedule+0x43/0xa0\n[ 864.026736] schedule_timeout+0x115/0x150\n[ 864.032185] __wait_for_common+0x93/0x1d0\n[ 864.037717] ? usleep_range_state+0x90/0x90\n[ 864.043368] __ib_drain_sq+0xf6/0x170 [ib_core]\n[ 864.049371] ? __rdma_block_iter_next+0x80/0x80 [ib_core]\n[ 864.056240] ib_drain_sq+0x66/0x70 [ib_core]\n[ 864.062003] rpcrdma_xprt_disconnect+0x82/0x3b0 [rpcrdma]\n[ 864.069365] ? xprt_prepare_transmit+0x5d/0xc0 [sunrpc]\n[ 864.076386] xprt_rdma_close+0xe/0x30 [rpcrdma]\n[ 864.082593] xprt_autoclose+0x52/0x100 [sunrpc]\n[ 864.088718] process_one_work+0x1e8/0x3c0\n[ 864.094170] worker_thread+0x50/0x3b0\n[ 864.099109] ? rescuer_thread+0x370/0x370\n[ 864.104473] kthread+0x149/0x170\n[ 864.109022] ? set_kthread_struct+0x40/0x40\n[ 864.114713] ret_from_fork+0x22/0x30', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48694 was patched at 2024-05-15

4751. Unknown Vulnerability Type - Linux Kernel (CVE-2023-1295) - Medium [245]

Description: {'vulners_cve_data_all': 'A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-1295 was patched at 2024-05-15

4752. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26933) - Medium [245]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix deadlock in port "disable" sysfs attribute\n\nThe show and store callback routines for the "disable" sysfs attribute\nfile in port.c acquire the device lock for the port's parent hub\ndevice. This can cause problems if another process has locked the hub\nto remove it or change its configuration:\n\n\tRemoving the hub or changing its configuration requires the\n\thub interface to be removed, which requires the port device\n\tto be removed, and device_del() waits until all outstanding\n\tsysfs attribute callbacks for the ports have returned. The\n\tlock can't be released until then.\n\n\tBut the disable_show() or disable_store() routine can't return\n\tuntil after it has acquired the lock.\n\nThe resulting deadlock can be avoided by calling\nsysfs_break_active_protection(). This will cause the sysfs core not\nto wait for the attribute's callback routine to return, allowing the\nremoval to proceed. The disadvantage is that after making this call,\nthere is no guarantee that the hub structure won't be deallocated at\nany moment. To prevent this, we have to acquire a reference to it\nfirst by calling hub_get().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26933 was patched at 2024-06-05

debian: CVE-2024-26933 was patched at 2024-05-15

oraclelinux: CVE-2024-26933 was patched at 2024-06-05

redhat: CVE-2024-26933 was patched at 2024-06-05

ubuntu: CVE-2024-26933 was patched at 2024-06-07, 2024-06-11, 2024-06-14

4753. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26952) - Medium [245]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix potencial out-of-bounds when buffer offset is invalid\n\nI found potencial out-of-bounds when buffer offset fields of a few requests\nis invalid. This patch set the minimum value of buffer offset field to\n->Buffer offset to validate buffer length.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26952 was patched at 2024-05-15

ubuntu: CVE-2024-26952 was patched at 2024-06-07, 2024-06-11, 2024-06-14

4754. Unknown Vulnerability Type - Sudo (CVE-2005-4890) - Medium [245]

Description: {'vulners_cve_data_all': 'There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4890 was patched at 2024-05-15

4755. Unknown Vulnerability Type - Windows Encrypting File System (CVE-2019-5603) - Medium [245]

Description: {'vulners_cve_data_all': 'In FreeBSD 12.0-STABLE before r350261, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350263, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, system calls operating on file descriptors as part of mqueuefs did not properly release the reference allowing a malicious user to overflow the counter allowing access to files, directories, and sockets opened by processes owned by other users.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5603 was patched at 2024-05-15

4756. Unknown Vulnerability Type - Windows Kernel (CVE-2008-3459) - Medium [245]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when running on non-Windows systems, allows remote servers to execute arbitrary commands via crafted (1) lladdr and (2) iproute configuration directives, probably related to shell metacharacters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3459 was patched at 2024-05-15

4757. Unknown Vulnerability Type - Windows Kernel (CVE-2018-14568) - Medium [245]

Description: {'vulners_cve_data_all': 'Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14568 was patched at 2024-05-15

4758. Unknown Vulnerability Type - Windows Kernel (CVE-2018-5392) - Medium [245]

Description: {'vulners_cve_data_all': 'mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the "Dynamic base" PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-5392 was patched at 2024-05-15

4759. Unknown Vulnerability Type - Windows Kernel (CVE-2020-26284) - Medium [245]

Description: {'vulners_cve_data_all': 'Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's `os/exec` for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system `%PATH%` on Windows. In Hugo before version 0.79.1, if a malicious file with the same name (`exe` or `bat`) is found in the current working directory at the time of running `hugo`, the malicious command will be invoked instead of the system one. Windows users who run `hugo` inside untrusted Hugo sites are affected. Users should upgrade to Hugo v0.79.1. Other than avoiding untrusted Hugo sites, there is no workaround.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810CVSS Base Score is 8.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-26284 was patched at 2024-05-15

4760. Unknown Vulnerability Type - Windows Kernel (CVE-2021-39134) - Medium [245]

Description: {'vulners_cve_data_all': '`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules` folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is, in part, accomplished by resolving dependency specifiers defined in `package.json` manifests for dependencies with a specific name, and nesting folders to resolve conflicting dependencies. When multiple dependencies differ only in the case of their name, Arborist's internal data structure saw them as separate items that could coexist within the same level in the `node_modules` hierarchy. However, on case-insensitive file systems (such as macOS and Windows), this is not the case. Combined with a symlink dependency such as `file:/some/path`, this allowed an attacker to create a situation in which arbitrary contents could be written to any location on the filesystem. For example, a package `pwn-a` could define a dependency in their `package.json` file such as `"foo": "file:/some/path"`. Another package, `pwn-b` could define a dependency such as `FOO: "file:foo.tgz"`. On case-insensitive file systems, if `pwn-a` was installed, and then `pwn-b` was installed afterwards, the contents of `foo.tgz` would be written to `/some/path`, and any existing contents of `/some/path` would be removed. Anyone using npm v7.20.6 or earlier on a case-insensitive filesystem is potentially affected. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39134 was patched at 2024-05-15

4761. Unknown Vulnerability Type - Windows Kernel (CVE-2022-41882) - Medium [245]

Description: {'vulners_cve_data_all': 'The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file type of the shared file, which on Windows can also sometimes mean that a file depending on the type, e.g. "vbs", is being executed. It is recommended that the Nextcloud Desktop client is upgraded to version 3.6.1. As a workaround, users can block the Nextcloud Desktop client 3.6.0 by setting the `minimum.supported.desktop.version` system config to `3.6.1` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing files can still be used. Another workaround would be to enforce shares to be accepted by setting the `sharing.force_share_accept` system config to `true` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing shares can still be abused.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-41882 was patched at 2024-05-15

4762. Unknown Vulnerability Type - Windows LDAP (CVE-2005-0173) - Medium [245]

Description: {'vulners_cve_data_all': 'squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0173 was patched at 2024-05-15

4763. Unknown Vulnerability Type - Windows LDAP (CVE-2005-2641) - Medium [245]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2641 was patched at 2024-05-15

4764. Unknown Vulnerability Type - Windows LDAP (CVE-2005-2793) - Medium [245]

Description: {'vulners_cve_data_all': 'PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2793 was patched at 2024-05-15

4765. Unknown Vulnerability Type - Windows LDAP (CVE-2006-5170) - Medium [245]

Description: {'vulners_cve_data_all': 'pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5170 was patched at 2024-05-15

4766. Unknown Vulnerability Type - Windows LDAP (CVE-2012-6426) - Medium [245]

Description: {'vulners_cve_data_all': 'LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6426 was patched at 2024-05-15

4767. Unknown Vulnerability Type - Windows LDAP (CVE-2015-3250) - Medium [245]

Description: {'vulners_cve_data_all': 'Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-3250 was patched at 2024-05-15

4768. Unknown Vulnerability Type - Windows LDAP (CVE-2017-2591) - Medium [245]

Description: {'vulners_cve_data_all': '389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An authenticated, or possibly unauthenticated, attacker could use this flaw to force an out-of-bound heap memory read, possibly triggering a crash of the LDAP service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2591 was patched at 2024-05-15

4769. Unknown Vulnerability Type - Windows LDAP (CVE-2024-23333) - Medium [245]

Description: {'vulners_cve_data_all': 'LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed. The issue is mitigated by the following: An attacker needs to know LAM's master configuration password to be able to change the main settings; and the webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories. The issue has been fixed in 8.7. As a workaround, limit access to LAM configuration pages to authorized users.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.810CVSS Base Score is 7.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23333 was patched at 2024-05-15

4770. Code Injection - Unknown Product (CVE-2017-1000188) - Medium [244]

Description: {'vulners_cve_data_all': 'nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000188 was patched at 2024-05-15

4771. Code Injection - Unknown Product (CVE-2023-39950) - Medium [244]

Description: {'vulners_cve_data_all': 'efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into `bg_setenv`) or programs using `libebgenv`. This is triggered when the affected components try to modify a manipulated environment, in particular its user variables. Furthermore, `bg_printenv` may crash over invalid read accesses or report invalid results. Not affected by this issue is EFI Boot Guard's bootloader EFI binary. EFI Boot Guard release v0.15 contains required patches to sanitize and validate the bootloader environment prior to processing it in userspace. Its library and tools should be updated, so should programs statically linked against it. An update of the bootloader EFI executable is not required. The only way to prevent the issue with an unpatched EFI Boot Guard version is to avoid accesses to user variables, specifically modifications to them.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Code Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39950 was patched at 2024-05-15

4772. Command Injection - Unknown Product (CVE-2015-9097) - Medium [244]

Description: {'vulners_cve_data_all': 'The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-9097 was patched at 2024-05-15

4773. Command Injection - Unknown Product (CVE-2017-7200) - Medium [244]

Description: {'vulners_cve_data_all': 'An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'. This could then allow an attacker to enumerate internal network details while appearing masked, since the scan would appear to originate from the Glance Image service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7200 was patched at 2024-05-15

4774. Command Injection - Unknown Product (CVE-2020-16248) - Medium [244]

Description: {'vulners_cve_data_all': 'Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. NOTE: follow-on discussion suggests that this might plausibly be interpreted as both intended functionality and also a vulnerability', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-16248 was patched at 2024-05-15

4775. Command Injection - Unknown Product (CVE-2023-5752) - Medium [244]

Description: {'vulners_cve_data_all': 'When installing a package from a Mercurial VCS URL (ie "pip install \nhg+...") with pip prior to v23.3, the specified Mercurial revision could\n be used to inject arbitrary configuration options to the "hg clone" \ncall (ie "--config"). Controlling the Mercurial configuration can modify\n how and which repository is installed. This vulnerability does not \naffect users who aren't installing from Mercurial.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-5752 was patched at 2024-05-15

4776. Denial of Service - TLS (CVE-2009-4652) - Medium [244]

Description: The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in src/ngircd/conn.c in ngIRCd 13 and 14, when SSL/TLS support is present and standalone mode is disabled, allow remote attackers to cause a denial of service (application crash) by sending the MOTD command from another server in the same IRC network, possibly related to an array index error.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TLS
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4652 was patched at 2024-05-15

4777. Denial of Service - Unknown Product (CVE-2002-2227) - Medium [244]

Description: {'vulners_cve_data_all': 'Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted SSLv2 challenge value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-2227 was patched at 2024-05-15

4778. Denial of Service - Unknown Product (CVE-2005-3625) - Medium [244]

Description: {'vulners_cve_data_all': 'Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3625 was patched at 2024-05-15

4779. Denial of Service - Unknown Product (CVE-2005-4837) - Medium [244]

Description: {'vulners_cve_data_all': 'snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4837 was patched at 2024-05-15

4780. Denial of Service - Unknown Product (CVE-2007-6109) - Medium [244]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function, as demonstrated via a certain "emacs -batch -eval" command line.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6109 was patched at 2024-05-15

4781. Denial of Service - Unknown Product (CVE-2010-0748) - Medium [244]

Description: {'vulners_cve_data_all': 'Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0748 was patched at 2024-05-15

4782. Denial of Service - Unknown Product (CVE-2017-1000458) - Medium [244]

Description: {'vulners_cve_data_all': 'Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service (crash) and possibly other exploitation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000458 was patched at 2024-05-15

4783. Denial of Service - Unknown Product (CVE-2017-8378) - Medium [244]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8378 was patched at 2024-05-15

4784. Denial of Service - Unknown Product (CVE-2017-8786) - Medium [244]

Description: {'vulners_cve_data_all': 'pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8786 was patched at 2024-05-15

4785. Denial of Service - Unknown Product (CVE-2018-12932) - Medium [244]

Description: {'vulners_cve_data_all': 'PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by triggering a large pAlphaBlend->cbBitsSrc value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12932 was patched at 2024-05-15

4786. Denial of Service - Unknown Product (CVE-2018-12933) - Medium [244]

Description: {'vulners_cve_data_all': 'PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact because the attacker controls the pCreatePen->ihPen array index.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12933 was patched at 2024-05-15

4787. Denial of Service - Unknown Product (CVE-2020-25614) - Medium [244]

Description: {'vulners_cve_data_all': 'xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25614 was patched at 2024-05-15

4788. Denial of Service - Unknown Product (CVE-2021-33796) - Medium [244]

Description: {'vulners_cve_data_all': 'In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33796 was patched at 2024-05-15

4789. Denial of Service - Unknown Product (CVE-2021-34085) - Medium [244]

Description: {'vulners_cve_data_all': 'Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872. CVE-2017-14409, and CVE-2018-10778.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-34085 was patched at 2024-05-15

4790. Memory Corruption - DNSSEC (CVE-2017-15094) - Medium [244]

Description: An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15094 was patched at 2024-05-15

4791. Memory Corruption - TRIE (CVE-2023-45286) - Medium [244]

Description: A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn't had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request, and go-resty will append the current HTTP request body to it, sending two bodies in one request. The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45286 was patched at 2024-05-15

4792. Path Traversal - Unknown Product (CVE-2017-8283) - Medium [244]

Description: {'vulners_cve_data_all': 'dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8283 was patched at 2024-05-15

4793. Path Traversal - Unknown Product (CVE-2020-27637) - Medium [244]

Description: {'vulners_cve_data_all': 'The R programming language’s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD install cli command or the install.packages() function from the interpreter. Update to version 4.0.3', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27637 was patched at 2024-05-15

4794. Path Traversal - Unknown Product (CVE-2021-23797) - Medium [244]

Description: {'vulners_cve_data_all': 'All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-23797 was patched at 2024-05-15

4795. Path Traversal - Unknown Product (CVE-2023-28371) - Medium [244]

Description: {'vulners_cve_data_all': 'In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-28371 was patched at 2024-05-15

4796. Security Feature Bypass - TLS (CVE-2024-28960) - Medium [244]

Description: {'vulners_cve_data_all': 'An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common0.514TLS
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28960 was patched at 2024-05-15

redos: CVE-2024-28960 was patched at 2024-05-03

4797. Security Feature Bypass - Unknown Product (CVE-2018-1257) - Medium [244]

Description: {'vulners_cve_data_all': 'Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1257 was patched at 2024-05-15

4798. Security Feature Bypass - Unknown Product (CVE-2018-6924) - Medium [244]

Description: {'vulners_cve_data_all': 'In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p3, 11.1-RELEASE-p14, 10.4-STABLE, and 10.4-RELEASE-p12, insufficient validation in the ELF header parser could allow a malicious ELF binary to cause a kernel crash or disclose kernel memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6924 was patched at 2024-05-15

4799. Security Feature Bypass - Unknown Product (CVE-2019-17343) - Medium [244]

Description: {'vulners_cve_data_all': 'An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17343 was patched at 2024-05-15

4800. Security Feature Bypass - Unknown Product (CVE-2019-17344) - Medium [244]

Description: {'vulners_cve_data_all': 'An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17344 was patched at 2024-05-15

4801. Security Feature Bypass - Unknown Product (CVE-2019-17345) - Medium [244]

Description: {'vulners_cve_data_all': 'An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17345 was patched at 2024-05-15

4802. Security Feature Bypass - Unknown Product (CVE-2019-17348) - Medium [244]

Description: {'vulners_cve_data_all': 'An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service because of an incompatibility between Process Context Identifiers (PCID) and shadow-pagetable switching.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17348 was patched at 2024-05-15

4803. Security Feature Bypass - Unknown Product (CVE-2020-7924) - Medium [244]

Description: {'vulners_cve_data_all': 'Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue affects: MongoDB Inc. MongoDB Database Tools 3.6 versions later than 3.6.5; 3.6 versions prior to 3.6.21; 4.0 versions prior to 4.0.21; 4.2 versions prior to 4.2.11; 100 versions prior to 100.2.0. MongoDB Inc. Mongomirror 0 versions later than 0.6.0.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7924 was patched at 2024-05-15

4804. Security Feature Bypass - Unknown Product (CVE-2021-20206) - Medium [244]

Description: {'vulners_cve_data_all': 'An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-20206 was patched at 2024-05-15

4805. Security Feature Bypass - Unknown Product (CVE-2021-22212) - Medium [244]

Description: {'vulners_cve_data_all': 'ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the '#'. This results in the administrator not being able to use the keys as expected or the keys are shorter than expected and easier to brute-force, possibly resulting in MITM attacks between ntp clients and ntp servers. For short AES128 keys, ntpd generates a warning that it is padding them.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-22212 was patched at 2024-05-15

4806. Security Feature Bypass - Unknown Product (CVE-2021-29507) - Medium [244]

Description: {'vulners_cve_data_all': 'GENIVI Diagnostic Log and Trace (DLT) provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which are using the configuration file could fail to generate their dlt logs in system. As of time of publication, no patch exists. As a workaround, one may check the integrity of information in configuration file manually.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29507 was patched at 2024-05-15

4807. Security Feature Bypass - Unknown Product (CVE-2022-32210) - Medium [244]

Description: {'vulners_cve_data_all': '`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-32210 was patched at 2024-05-15

4808. XXE Injection - Unknown Product (CVE-2012-5656) - Medium [244]

Description: {'vulners_cve_data_all': 'The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5656 was patched at 2024-05-15

4809. XXE Injection - Unknown Product (CVE-2016-5000) - Medium [244]

Description: {'vulners_cve_data_all': 'The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a crafted OpenXML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5000 was patched at 2024-05-15

4810. Arbitrary File Reading - Unknown Product (CVE-2006-2082) - Medium [243]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via ".." sequences in a .pk3 file request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2082 was patched at 2024-05-15

4811. Arbitrary File Reading - Unknown Product (CVE-2010-2073) - Medium [243]

Description: {'vulners_cve_data_all': 'auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2073 was patched at 2024-05-15

4812. Arbitrary File Reading - Unknown Product (CVE-2020-25623) - Medium [243]

Description: {'vulners_cve_data_all': 'Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25623 was patched at 2024-05-15

4813. Information Disclosure - Unknown Product (CVE-2011-4919) - Medium [243]

Description: {'vulners_cve_data_all': 'mpack 1.6 has information disclosure via eavesdropping on mails sent by other users', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4919 was patched at 2024-05-15

4814. Information Disclosure - Unknown Product (CVE-2013-2600) - Medium [243]

Description: {'vulners_cve_data_all': 'MiniUPnPd has information disclosure use of snprintf()', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2600 was patched at 2024-05-15

4815. Information Disclosure - Unknown Product (CVE-2015-8397) - Medium [243]

Description: {'vulners_cve_data_all': 'The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (application crash) via an embedded JPEG-LS image with dimensions larger than the selected region in a (1) two-dimensional or (2) three-dimensional DICOM image file, which triggers an out-of-bounds read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8397 was patched at 2024-05-15

4816. Information Disclosure - Unknown Product (CVE-2016-8637) - Medium [243]

Description: {'vulners_cve_data_all': 'A local information disclosure issue was found in dracut before 045 when generating initramfs images with world-readable permissions when 'early cpio' is used, such as when including microcode updates. Local attacker can use this to obtain sensitive information from these files, such as encryption keys or credentials.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-8637 was patched at 2024-05-15

4817. Information Disclosure - Unknown Product (CVE-2017-9604) - Medium [243]

Description: {'vulners_cve_data_all': 'KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9604 was patched at 2024-05-15

4818. Information Disclosure - Unknown Product (CVE-2018-11205) - Medium [243]

Description: {'vulners_cve_data_all': 'A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service or information disclosure attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11205 was patched at 2024-05-15

4819. Information Disclosure - Unknown Product (CVE-2018-9275) - Medium [243]

Description: {'vulners_cve_data_all': 'In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum number of file descriptors).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-9275 was patched at 2024-05-15

4820. Information Disclosure - Unknown Product (CVE-2019-12210) - Medium [243]

Description: {'vulners_cve_data_all': 'In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it. This can leak sensitive information and also, if written to, be used to fill the disk or plant misinformation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12210 was patched at 2024-05-15

4821. Information Disclosure - Unknown Product (CVE-2020-1699) - Medium [243]

Description: {'vulners_cve_data_all': 'A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph dashboard.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-1699 was patched at 2024-05-15

4822. Information Disclosure - Unknown Product (CVE-2020-23109) - Medium [243]

Description: {'vulners_cve_data_all': 'Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23109 was patched at 2024-05-15

4823. Information Disclosure - Unknown Product (CVE-2021-37601) - Medium [243]

Description: {'vulners_cve_data_all': 'muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37601 was patched at 2024-05-15

4824. Information Disclosure - Unknown Product (CVE-2021-38155) - Medium [243]

Description: {'vulners_cve_data_all': 'OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38155 was patched at 2024-05-15

4825. Information Disclosure - Unknown Product (CVE-2022-42254) - Medium [243]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-42254 was patched at 2024-05-15

4826. Information Disclosure - Unknown Product (CVE-2022-42255) - Medium [243]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-42255 was patched at 2024-05-15

4827. Information Disclosure - Unknown Product (CVE-2022-42256) - Medium [243]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow in index validation may lead to denial of service, information disclosure, or data tampering.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-42256 was patched at 2024-05-15

4828. Information Disclosure - Unknown Product (CVE-2022-42261) - Medium [243]

Description: {'vulners_cve_data_all': 'NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-42261 was patched at 2024-05-15

4829. Information Disclosure - Unknown Product (CVE-2022-42262) - Medium [243]

Description: {'vulners_cve_data_all': 'NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-42262 was patched at 2024-05-15

4830. Information Disclosure - Unknown Product (CVE-2022-42264) - Medium [243]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data tampering, data loss, information disclosure, or denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-42264 was patched at 2024-05-15

4831. Information Disclosure - Unknown Product (CVE-2023-0198) - Medium [243]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0198 was patched at 2024-05-15

4832. Information Disclosure - Unknown Product (CVE-2023-22845) - Medium [243]

Description: {'vulners_cve_data_all': 'An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22845 was patched at 2024-05-15

4833. Information Disclosure - Unknown Product (CVE-2023-24473) - Medium [243]

Description: {'vulners_cve_data_all': 'An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-24473 was patched at 2024-05-15

4834. Information Disclosure - Unknown Product (CVE-2023-30362) - Medium [243]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-30362 was patched at 2024-05-15

4835. Information Disclosure - Unknown Product (CVE-2023-36201) - Medium [243]

Description: {'vulners_cve_data_all': 'An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-36201 was patched at 2024-05-15

4836. Information Disclosure - Unknown Product (CVE-2023-45236) - Medium [243]

Description: {'vulners_cve_data_all': ' \nEDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.\n\n\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45236 was patched at 2024-05-15

4837. Information Disclosure - Unknown Product (CVE-2023-50298) - Medium [243]

Description: {'vulners_cve_data_all': 'Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.\n\nSolr Streaming Expressions allows users to extract data from other Solr Clouds, using a "zkHost" parameter.\nWhen original SolrCloud is setup to use ZooKeeper credentials and ACLs, they will be sent to whatever "zkHost" the user provides.\nAn attacker could setup a server to mock ZooKeeper, that accepts ZooKeeper requests with credentials and ACLs and extracts the sensitive information,\nthen send a streaming expression using the mock server's address in "zkHost".\nStreaming Expressions are exposed via the "/streaming" handler, with "read" permissions.\n\nUsers are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.\nFrom these versions on, only zkHost values that have the same server address (regardless of chroot), will use the given ZooKeeper credentials and ACLs when connecting.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50298 was patched at 2024-05-15

4838. Arbitrary File Writing - Unknown Product (CVE-2001-1494) - Medium [241]

Description: {'vulners_cve_data_all': 'script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2001-1494 was patched at 2024-05-15

4839. Arbitrary File Writing - Unknown Product (CVE-2002-1366) - Medium [241]

Description: {'vulners_cve_data_all': 'Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1366 was patched at 2024-05-15

4840. Arbitrary File Writing - Unknown Product (CVE-2003-0885) - Medium [241]

Description: {'vulners_cve_data_all': 'Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0885 was patched at 2024-05-15

4841. Arbitrary File Writing - Unknown Product (CVE-2007-0159) - Medium [241]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in the GeoIP_update_database_general function in libGeoIP/GeoIPUpdate.c in GeoIP 1.4.0 allows remote malicious update servers (possibly only update.maxmind.com) to overwrite arbitrary files via a .. (dot dot) in the database filename, which is returned by a request to app/update_getfilename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0159 was patched at 2024-05-15

4842. Arbitrary File Writing - Unknown Product (CVE-2007-0898) - Medium [241]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0898 was patched at 2024-05-15

4843. Arbitrary File Writing - Unknown Product (CVE-2007-1384) - Medium [241]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a torrent filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1384 was patched at 2024-05-15

4844. Arbitrary File Writing - Unknown Product (CVE-2007-1799) - Medium [241]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1799 was patched at 2024-05-15

4845. Arbitrary File Writing - Unknown Product (CVE-2008-5135) - Medium [241]

Description: {'vulners_cve_data_all': 'os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-root users.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5135 was patched at 2024-05-15

4846. Arbitrary File Writing - Unknown Product (CVE-2009-1760) - Medium [241]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1760 was patched at 2024-05-15

4847. Arbitrary File Writing - Unknown Product (CVE-2010-3440) - Medium [241]

Description: {'vulners_cve_data_all': 'babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3440 was patched at 2024-05-15

4848. Arbitrary File Writing - Unknown Product (CVE-2011-1932) - Medium [241]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in io/filesystem/filesystem.cc in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files via . (dot) characters in a pathname that is used for a file transfer in an Internet game.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1932 was patched at 2024-05-15

4849. Arbitrary File Writing - Unknown Product (CVE-2011-3602) - Medium [241]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in device-linux.c in the router advertisement daemon (radvd) before 1.8.2 allows local users to overwrite arbitrary files, and remote attackers to overwrite certain files, via a .. (dot dot) in an interface name. NOTE: this can be leveraged with a symlink to overwrite arbitrary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3602 was patched at 2024-05-15

4850. Arbitrary File Writing - Unknown Product (CVE-2011-3616) - Medium [241]

Description: {'vulners_cve_data_all': 'The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3616 was patched at 2024-05-15

4851. Arbitrary File Writing - Unknown Product (CVE-2011-3869) - Medium [241]

Description: {'vulners_cve_data_all': 'Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3869 was patched at 2024-05-15

4852. Arbitrary File Writing - Unknown Product (CVE-2011-4596) - Medium [241]

Description: {'vulners_cve_data_all': 'Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4596 was patched at 2024-05-15

4853. Arbitrary File Writing - Unknown Product (CVE-2011-4675) - Medium [241]

Description: {'vulners_cve_data_all': 'The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4675 was patched at 2024-05-15

4854. Arbitrary File Writing - Unknown Product (CVE-2012-0871) - Medium [241]

Description: {'vulners_cve_data_all': 'The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0871 was patched at 2024-05-15

4855. Arbitrary File Writing - Unknown Product (CVE-2012-3345) - Medium [241]

Description: {'vulners_cve_data_all': 'ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ioq3.pid temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3345 was patched at 2024-05-15

4856. Arbitrary File Writing - Unknown Product (CVE-2012-3361) - Medium [241]

Description: {'vulners_cve_data_all': 'virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3361 was patched at 2024-05-15

4857. Arbitrary File Writing - Unknown Product (CVE-2012-6080) - Medium [241]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6080 was patched at 2024-05-15

4858. Arbitrary File Writing - Unknown Product (CVE-2013-0350) - Medium [241]

Description: {'vulners_cve_data_all': 'tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0350 was patched at 2024-05-15

4859. Arbitrary File Writing - Unknown Product (CVE-2014-5260) - Medium [241]

Description: {'vulners_cve_data_all': 'The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5260 was patched at 2024-05-15

4860. Denial of Service - FFmpeg (CVE-2024-31582) - Medium [241]

Description: FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31582 was patched at 2024-05-15

ubuntu: CVE-2024-31582 was patched at 2024-05-30

4861. Denial of Service - FFmpeg (CVE-2024-31585) - Medium [241]

Description: FFmpeg version n5.1 to n6.1 was discovered to contain an Off-by-one Error vulnerability in libavfilter/avf_showspectrum.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31585 was patched at 2024-05-15

ubuntu: CVE-2024-31585 was patched at 2024-05-30

4862. Denial of Service - iOS (CVE-2024-2357) - Medium [241]

Description: The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-2357 was patched at 2024-04-23, 2024-04-24, 2024-04-30

debian: CVE-2024-2357 was patched at 2024-05-15

oraclelinux: CVE-2024-2357 was patched at 2024-04-23, 2024-04-24, 2024-05-07

redhat: CVE-2024-2357 was patched at 2024-04-23, 2024-04-24, 2024-04-30

redos: CVE-2024-2357 was patched at 2024-04-23

4863. Memory Corruption - QEMU (CVE-2020-25742) - Medium [241]

Description: {'vulners_cve_data_all': 'pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.310CVSS Base Score is 3.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25742 was patched at 2024-05-15

4864. Memory Corruption - QEMU (CVE-2020-25743) - Medium [241]

Description: {'vulners_cve_data_all': 'hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.310CVSS Base Score is 3.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25743 was patched at 2024-05-15

4865. Spoofing - Mozilla Firefox (CVE-2006-4567) - Medium [240]

Description: Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4567 was patched at 2024-05-15

4866. Spoofing - RPC (CVE-2013-1923) - Medium [240]

Description: rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for server names during GSSAPI authentication, which might allow remote attackers to read otherwise-restricted files via DNS spoofing attacks.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.310CVSS Base Score is 3.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1923 was patched at 2024-05-15

4867. Unknown Vulnerability Type - GNOME desktop (CVE-2019-25085) - Medium [240]

Description: {'vulners_cve_data_all': 'A vulnerability was found in GNOME gvdb. It has been classified as critical. This affects the function gvdb_table_write_contents_async of the file gvdb-builder.c. The manipulation leads to use after free. It is possible to initiate the attack remotely. The name of the patch is d83587b2a364eb9a9a53be7e6a708074e252de14. It is recommended to apply a patch to fix this issue. The identifier VDB-216789 was assigned to this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-25085 was patched at 2024-05-15

4868. Unknown Vulnerability Type - Mozilla Firefox (CVE-2006-2787) - Medium [240]

Description: {'vulners_cve_data_all': 'EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2787 was patched at 2024-05-15

4869. Unknown Vulnerability Type - Node.js (CVE-2021-31597) - Medium [240]

Description: {'vulners_cve_data_all': 'The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.910CVSS Base Score is 9.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31597 was patched at 2024-05-15

4870. Unknown Vulnerability Type - OpenSSL (CVE-2020-7043) - Medium [240]

Description: {'vulners_cve_data_all': 'An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\\0' characters, as demonstrated by a good.example.com\\x00evil.example.com attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7043 was patched at 2024-05-15

4871. Unknown Vulnerability Type - PHP (CVE-2008-2392) - Medium [240]

Description: {'vulners_cve_data_all': 'Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier might allow remote authenticated administrators to upload and execute arbitrary PHP files via the Upload section in the Write Tabs area of the dashboard.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2392 was patched at 2024-05-15

4872. Unknown Vulnerability Type - PHP (CVE-2016-10206) - Medium [240]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack the authentication of users for requests that change passwords and possibly have unspecified other impact as demonstrated by a crafted user action request to index.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10206 was patched at 2024-05-15

4873. Unknown Vulnerability Type - PHP (CVE-2017-1000017) - Medium [240]

Description: {'vulners_cve_data_all': 'phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000017 was patched at 2024-05-15

4874. Unknown Vulnerability Type - PHP (CVE-2018-12483) - Medium [240]

Description: {'vulners_cve_data_all': 'OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12483 was patched at 2024-05-15

4875. Unknown Vulnerability Type - PHP (CVE-2018-19969) - Medium [240]

Description: {'vulners_cve_data_all': 'phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19969 was patched at 2024-05-15

4876. Unknown Vulnerability Type - PHP (CVE-2022-46945) - Medium [240]

Description: {'vulners_cve_data_all': 'Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-46945 was patched at 2024-05-15

4877. Unknown Vulnerability Type - Samba (CVE-2018-12561) - Medium [240]

Description: {'vulners_cve_data_all': 'An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12561 was patched at 2024-05-15

4878. Unknown Vulnerability Type - Windows NTFS (CVE-2020-10233) - Medium [240]

Description: {'vulners_cve_data_all': 'In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs_dinode_lookup in fs/ntfs.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The default file system of the Windows NT family
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10233 was patched at 2024-05-15

4879. Incorrect Calculation - Linux Kernel (CVE-2021-47098) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations Commit b50aa49638c7 ("hwmon: (lm90) Prevent integer underflows of temperature calculations") addressed a number of underflow situations when writing temperature limits. However, it missed one situation, seen when an attempt is made to set the hysteresis value to MAX_LONG and the critical temperature limit is negative. Use clamp_val() when setting the hysteresis temperature to ensure that the provided value can never overflow or underflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47098 was patched at 2024-05-15

4880. Incorrect Calculation - Linux Kernel (CVE-2023-52580) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/core: Fix ETH_P_1588 flow dissector\n\nWhen a PTP ethernet raw frame with a size of more than 256 bytes followed\nby a 0xff pattern is sent to __skb_flow_dissect, nhoff value calculation\nis wrong. For example: hdr->message_length takes the wrong value (0xffff)\nand it does not replicate real header length. In this case, 'nhoff' value\nwas overridden and the PTP header was badly dissected. This leads to a\nkernel crash.\n\nnet/core: flow_dissector\nnet/core flow dissector nhoff = 0x0000000e\nnet/core flow dissector hdr->message_length = 0x0000ffff\nnet/core flow dissector nhoff = 0x0001000d (u16 overflow)\n...\nskb linear: 00000000: 00 a0 c9 00 00 00 00 a0 c9 00 00 00 88\nskb frag: 00000000: f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n\nUsing the size of the ptp_header struct will allow the corrected\ncalculation of the nhoff value.\n\nnet/core flow dissector nhoff = 0x0000000e\nnet/core flow dissector nhoff = 0x00000030 (sizeof ptp_header)\n...\nskb linear: 00000000: 00 a0 c9 00 00 00 00 a0 c9 00 00 00 88 f7 ff ff\nskb linear: 00000010: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\nskb linear: 00000020: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\nskb frag: 00000000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n\nKernel trace:\n[ 74.984279] ------------[ cut here ]------------\n[ 74.989471] kernel BUG at include/linux/skbuff.h:2440!\n[ 74.995237] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 75.001098] CPU: 4 PID: 0 Comm: swapper/4 Tainted: G U 5.15.85-intel-ese-standard-lts #1\n[ 75.011629] Hardware name: Intel Corporation A-Island (CPU:AlderLake)/A-Island (ID:06), BIOS SB_ADLP.01.01.00.01.03.008.D-6A9D9E73-dirty Mar 30 2023\n[ 75.026507] RIP: 0010:eth_type_trans+0xd0/0x130\n[ 75.031594] Code: 03 88 47 78 eb c7 8b 47 68 2b 47 6c 48 8b 97 c0 00 00 00 83 f8 01 7e 1b 48 85 d2 74 06 66 83 3a ff 74 09 b8 00 04 00 00 eb ab <0f> 0b b8 00 01 00 00 eb a2 48 85 ff 74 eb 48 8d 54 24 06 31 f6 b9\n[ 75.052612] RSP: 0018:ffff9948c0228de0 EFLAGS: 00010297\n[ 75.058473] RAX: 00000000000003f2 RBX: ffff8e47047dc300 RCX: 0000000000001003\n[ 75.066462] RDX: ffff8e4e8c9ea040 RSI: ffff8e4704e0a000 RDI: ffff8e47047dc300\n[ 75.074458] RBP: ffff8e4704e2acc0 R08: 00000000000003f3 R09: 0000000000000800\n[ 75.082466] R10: 000000000000000d R11: ffff9948c0228dec R12: ffff8e4715e4e010\n[ 75.090461] R13: ffff9948c0545018 R14: 0000000000000001 R15: 0000000000000800\n[ 75.098464] FS: 0000000000000000(0000) GS:ffff8e4e8fb00000(0000) knlGS:0000000000000000\n[ 75.107530] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 75.113982] CR2: 00007f5eb35934a0 CR3: 0000000150e0a002 CR4: 0000000000770ee0\n[ 75.121980] PKRU: 55555554\n[ 75.125035] Call Trace:\n[ 75.127792] <IRQ>\n[ 75.130063] ? eth_get_headlen+0xa4/0xc0\n[ 75.134472] igc_process_skb_fields+0xcd/0x150\n[ 75.139461] igc_poll+0xc80/0x17b0\n[ 75.143272] __napi_poll+0x27/0x170\n[ 75.147192] net_rx_action+0x234/0x280\n[ 75.151409] __do_softirq+0xef/0x2f4\n[ 75.155424] irq_exit_rcu+0xc7/0x110\n[ 75.159432] common_interrupt+0xb8/0xd0\n[ 75.163748] </IRQ>\n[ 75.166112] <TASK>\n[ 75.168473] asm_common_interrupt+0x22/0x40\n[ 75.173175] RIP: 0010:cpuidle_enter_state+0xe2/0x350\n[ 75.178749] Code: 85 c0 0f 8f 04 02 00 00 31 ff e8 39 6c 67 ff 45 84 ff 74 12 9c 58 f6 c4 02 0f 85 50 02 00 00 31 ff e8 52 b0 6d ff fb 45 85 f6 <0f> 88 b1 00 00 00 49 63 ce 4c 2b 2c 24 48 89 c8 48 6b d1 68 48 c1\n[ 75.199757] RSP: 0018:ffff9948c013bea8 EFLAGS: 00000202\n[ 75.205614] RAX: ffff8e4e8fb00000 RBX: ffffb948bfd23900 RCX: 000000000000001f\n[ 75.213619] RDX: 0000000000000004 RSI: ffffffff94206161 RDI: ffffffff94212e20\n[ 75.221620] RBP: 0000000000000004 R08: 000000117568973a R09: 0000000000000001\n[ 75.229622] R10: 000000000000afc8 R11: ffff8e4e8fb29ce4 R12: ffffffff945ae980\n[ 75.237628] R13: 000000117568973a R14: 0000000000000004 R15: 0000000000000000\n[ 75.245635] ? \n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-52580 was patched at 2024-05-22

debian: CVE-2023-52580 was patched at 2024-05-15

oraclelinux: CVE-2023-52580 was patched at 2024-05-02, 2024-05-23

redhat: CVE-2023-52580 was patched at 2024-05-22

4881. Incorrect Calculation - Linux Kernel (CVE-2023-52655) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: aqc111: check packet for fixup for true limit\n\nIf a device sends a packet that is inbetween 0\nand sizeof(u64) the value passed to skb_trim()\nas length will wrap around ending up as some very\nlarge value.\n\nThe driver will then proceed to parse the header\nlocated at that position, which will either oops or\nprocess some random value.\n\nThe fix is to check against sizeof(u64) rather than\n0, which the driver currently does. The issue exists\nsince the introduction of the driver.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52655 was patched at 2024-05-15

4882. Incorrect Calculation - Linux Kernel (CVE-2024-26668) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s. Its better to reject this rather than having incorrect ratelimit.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26668 was patched at 2024-05-15

ubuntu: CVE-2024-26668 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

4883. Incorrect Calculation - Linux Kernel (CVE-2024-26817) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26817 was patched at 2024-05-06, 2024-05-15

4884. Incorrect Calculation - Linux Kernel (CVE-2024-26882) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()\n\nApply the same fix than ones found in :\n\n8d975c15c0cd ("ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()")\n1ca1ba465e55 ("geneve: make sure to pull inner header in geneve_rx()")\n\nWe have to save skb->network_header in a temporary variable\nin order to be able to recompute the network_header pointer\nafter a pskb_inet_may_pull() call.\n\npskb_inet_may_pull() makes sure the needed headers are in skb->head.\n\nsyzbot reported:\nBUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n BUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n BUG: KMSAN: uninit-value in ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409\n __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n ip_tunnel_rcv+0xed9/0x2ed0 net/ipv4/ip_tunnel.c:409\n __ipgre_rcv+0x9bc/0xbc0 net/ipv4/ip_gre.c:389\n ipgre_rcv net/ipv4/ip_gre.c:411 [inline]\n gre_rcv+0x423/0x19f0 net/ipv4/ip_gre.c:447\n gre_rcv+0x2a4/0x390 net/ipv4/gre_demux.c:163\n ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254\n dst_input include/net/dst.h:461 [inline]\n ip_rcv_finish net/ipv4/ip_input.c:449 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core net/core/dev.c:5534 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648\n netif_receive_skb_internal net/core/dev.c:5734 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5793\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1556\n tun_get_user+0x53b9/0x66e0 drivers/net/tun.c:2009\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055\n call_write_iter include/linux/fs.h:2087 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xb6b/0x1520 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n __alloc_pages+0x9a6/0xe00 mm/page_alloc.c:4590\n alloc_pages_mpol+0x62b/0x9d0 mm/mempolicy.c:2133\n alloc_pages+0x1be/0x1e0 mm/mempolicy.c:2204\n skb_page_frag_refill+0x2bf/0x7c0 net/core/sock.c:2909\n tun_build_skb drivers/net/tun.c:1686 [inline]\n tun_get_user+0xe0a/0x66e0 drivers/net/tun.c:1826\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2055\n call_write_iter include/linux/fs.h:2087 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0xb6b/0x1520 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26882 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26882 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

4885. Memory Corruption - GPAC (CVE-2023-5377) - Medium [239]

Description: Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-5377 was patched at 2024-05-15

4886. Memory Corruption - GPAC (CVE-2023-5520) - Medium [239]

Description: Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-5520 was patched at 2024-05-15

4887. Memory Corruption - Linux Kernel (CVE-2020-36786) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: media: [next] staging: media: atomisp: fix memory leak of object flash In the case where the call to lm3554_platform_data_func returns an error there is a memory leak on the error return path of object flash. Fix this by adding an error return path that will free flash and rename labels fail2 to fail3 and fail1 to fail2.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36786 was patched at 2024-05-15

4888. Memory Corruption - Linux Kernel (CVE-2021-46956) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: virtiofs: fix memory leak in virtio_fs_probe() When accidentally passing twice the same tag to qemu, kmemleak ended up reporting a memory leak in virtiofs. Also, looking at the log I saw the following error (that's when I realised the duplicated tag): virtiofs: probe of virtio5 failed with error -17 Here's the kmemleak log for reference: unreferenced object 0xffff888103d47800 (size 1024): comm "systemd-udevd", pid 118, jiffies 4294893780 (age 18.340s) hex dump (first 32 bytes): 00 00 00 00 ad 4e ad de ff ff ff ff 00 00 00 00 .....N.......... ff ff ff ff ff ff ff ff 80 90 02 a0 ff ff ff ff ................ backtrace: [<000000000ebb87c1>] virtio_fs_probe+0x171/0x7ae [virtiofs] [<00000000f8aca419>] virtio_dev_probe+0x15f/0x210 [<000000004d6baf3c>] really_probe+0xea/0x430 [<00000000a6ceeac8>] device_driver_attach+0xa8/0xb0 [<00000000196f47a7>] __driver_attach+0x98/0x140 [<000000000b20601d>] bus_for_each_dev+0x7b/0xc0 [<00000000399c7b7f>] bus_add_driver+0x11b/0x1f0 [<0000000032b09ba7>] driver_register+0x8f/0xe0 [<00000000cdd55998>] 0xffffffffa002c013 [<000000000ea196a2>] do_one_initcall+0x64/0x2e0 [<0000000008f727ce>] do_init_module+0x5c/0x260 [<000000003cdedab6>] __do_sys_finit_module+0xb5/0x120 [<00000000ad2f48c6>] do_syscall_64+0x33/0x40 [<00000000809526b5>] entry_SYSCALL_64_after_hwframe+0x44/0xae

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46956 was patched at 2024-05-15

4889. Memory Corruption - Linux Kernel (CVE-2021-46958) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between transaction aborts and fsyncs leading to use-after-free There is a race between a task aborting a transaction during a commit, a task doing an fsync and the transaction kthread, which leads to an use-after-free of the log root tree. When this happens, it results in a stack trace like the following: BTRFS info (device dm-0): forced readonly BTRFS warning (device dm-0): Skipping commit of aborted transaction. BTRFS: error (device dm-0) in cleanup_transaction:1958: errno=-5 IO failure BTRFS warning (device dm-0): lost page write due to IO error on /dev/mapper/error-test (-5) BTRFS warning (device dm-0): Skipping commit of aborted transaction. BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0xa4e8 len 4096 err no 10 BTRFS error (device dm-0): error writing primary super block to device 1 BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e000 len 4096 err no 10 BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e008 len 4096 err no 10 BTRFS warning (device dm-0): direct IO failed ino 261 rw 0,0 sector 0x12e010 len 4096 err no 10 BTRFS: error (device dm-0) in write_all_supers:4110: errno=-5 IO failure (1 errors while writing supers) BTRFS: error (device dm-0) in btrfs_sync_log:3308: errno=-5 IO failure general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b68: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI CPU: 2 PID: 2458471 Comm: fsstress Not tainted 5.12.0-rc5-btrfs-next-84 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 RIP: 0010:__mutex_lock+0x139/0xa40 Code: c0 74 19 (...) RSP: 0018:ffff9f18830d7b00 EFLAGS: 00010202 RAX: 6b6b6b6b6b6b6b68 RBX: 0000000000000001 RCX: 0000000000000002 RDX: ffffffffb9c54d13 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffff9f18830d7bc0 R08: 0000000000000000 R09: 0000000000000000 R10: ffff9f18830d7be0 R11: 0000000000000001 R12: ffff8c6cd199c040 R13: ffff8c6c95821358 R14: 00000000fffffffb R15: ffff8c6cbcf01358 FS: 00007fa9140c2b80(0000) GS:ffff8c6fac600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa913d52000 CR3: 000000013d2b4003 CR4: 0000000000370ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? __btrfs_handle_fs_error+0xde/0x146 [btrfs] ? btrfs_sync_log+0x7c1/0xf20 [btrfs] ? btrfs_sync_log+0x7c1/0xf20 [btrfs] btrfs_sync_log+0x7c1/0xf20 [btrfs] btrfs_sync_file+0x40c/0x580 [btrfs] do_fsync+0x38/0x70 __x64_sys_fsync+0x10/0x20 do_syscall_64+0x33/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fa9142a55c3 Code: 8b 15 09 (...) RSP: 002b:00007fff26278d48 EFLAGS: 00000246 ORIG_RAX: 000000000000004a RAX: ffffffffffffffda RBX: 0000563c83cb4560 RCX: 00007fa9142a55c3 RDX: 00007fff26278cb0 RSI: 00007fff26278cb0 RDI: 0000000000000005 RBP: 0000000000000005 R08: 0000000000000001 R09: 00007fff26278d5c R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000340 R13: 00007fff26278de0 R14: 00007fff26278d96 R15: 0000563c83ca57c0 Modules linked in: btrfs dm_zero dm_snapshot dm_thin_pool (...) ---[ end trace ee2f1b19327d791d ]--- The steps that lead to this crash are the following: 1) We are at transaction N; 2) We have two tasks with a transaction handle attached to transaction N. Task A and Task B. Task B is doing an fsync; 3) Task B is at btrfs_sync_log(), and has saved fs_info->log_root_tree into a local variable named 'log_root_tree' at the top of btrfs_sync_log(). Task B is about to call write_all_supers(), but before that... 4) Task A calls btrfs_commit_transaction(), and after it sets the transaction state to TRANS_STATE_COMMIT_START, an error happens before it w ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46958 was patched at 2024-05-15

4890. Memory Corruption - Linux Kernel (CVE-2021-46959) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: spi: Fix use-after-free with devm_spi_alloc_* We can't rely on the contents of the devres list during spi_unregister_controller(), as the list is already torn down at the time we perform devres_find() for devm_spi_release_controller. This causes devices registered with devm_spi_alloc_{master,slave}() to be mistakenly identified as legacy, non-devm managed devices and have their reference counters decremented below 0. ------------[ cut here ]------------ WARNING: CPU: 1 PID: 660 at lib/refcount.c:28 refcount_warn_saturate+0x108/0x174 [<b0396f04>] (refcount_warn_saturate) from [<b03c56a4>] (kobject_put+0x90/0x98) [<b03c5614>] (kobject_put) from [<b0447b4c>] (put_device+0x20/0x24) r4:b6700140 [<b0447b2c>] (put_device) from [<b07515e8>] (devm_spi_release_controller+0x3c/0x40) [<b07515ac>] (devm_spi_release_controller) from [<b045343c>] (release_nodes+0x84/0xc4) r5:b6700180 r4:b6700100 [<b04533b8>] (release_nodes) from [<b0454160>] (devres_release_all+0x5c/0x60) r8:b1638c54 r7:b117ad94 r6:b1638c10 r5:b117ad94 r4:b163dc10 [<b0454104>] (devres_release_all) from [<b044e41c>] (__device_release_driver+0x144/0x1ec) r5:b117ad94 r4:b163dc10 [<b044e2d8>] (__device_release_driver) from [<b044f70c>] (device_driver_detach+0x84/0xa0) r9:00000000 r8:00000000 r7:b117ad94 r6:b163dc54 r5:b1638c10 r4:b163dc10 [<b044f688>] (device_driver_detach) from [<b044d274>] (unbind_store+0xe4/0xf8) Instead, determine the devm allocation state as a flag on the controller which is guaranteed to be stable during cleanup.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46959 was patched at 2024-05-15

4891. Memory Corruption - Linux Kernel (CVE-2021-46966) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ACPI: custom_method: fix potential use-after-free issue In cm_write(), buf is always freed when reaching the end of the function. If the requested count is less than table.length, the allocated buffer will be freed but subsequent calls to cm_write() will still try to access it. Remove the unconditional kfree(buf) at the end of the function and set the buf to NULL in the -EINVAL error path to match the rest of function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46966 was patched at 2024-05-15

ubuntu: CVE-2021-46966 was patched at 2024-04-19

4892. Memory Corruption - Linux Kernel (CVE-2021-46982) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix race condition of overwrite vs truncate pos_fsstress testcase complains a panic as belew: ------------[ cut here ]------------ kernel BUG at fs/f2fs/compress.c:1082! invalid opcode: 0000 [#1] SMP PTI CPU: 4 PID: 2753477 Comm: kworker/u16:2 Tainted: G OE 5.12.0-rc1-custom #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014 Workqueue: writeback wb_workfn (flush-252:16) RIP: 0010:prepare_compress_overwrite+0x4c0/0x760 [f2fs] Call Trace: f2fs_prepare_compress_overwrite+0x5f/0x80 [f2fs] f2fs_write_cache_pages+0x468/0x8a0 [f2fs] f2fs_write_data_pages+0x2a4/0x2f0 [f2fs] do_writepages+0x38/0xc0 __writeback_single_inode+0x44/0x2a0 writeback_sb_inodes+0x223/0x4d0 __writeback_inodes_wb+0x56/0xf0 wb_writeback+0x1dd/0x290 wb_workfn+0x309/0x500 process_one_work+0x220/0x3c0 worker_thread+0x53/0x420 kthread+0x12f/0x150 ret_from_fork+0x22/0x30 The root cause is truncate() may race with overwrite as below, so that one reference count left in page can not guarantee the page attaching in mapping tree all the time, after truncation, later find_lock_page() may return NULL pointer. - prepare_compress_overwrite - f2fs_pagecache_get_page - unlock_page - f2fs_setattr - truncate_setsize - truncate_inode_page - delete_from_page_cache - find_lock_page Fix this by avoiding referencing updated page.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46982 was patched at 2024-05-15

4893. Memory Corruption - Linux Kernel (CVE-2021-46985) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ACPI: scan: Fix a memory leak in an error handling path If 'acpi_device_set_name()' fails, we must free 'acpi_device_bus_id->bus_id' or there is a (potential) memory leak.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46985 was patched at 2024-05-15

4894. Memory Corruption - Linux Kernel (CVE-2021-46986) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Free gadget structure only after freeing endpoints As part of commit e81a7018d93a ("usb: dwc3: allocate gadget structure dynamically") the dwc3_gadget_release() was added which will free the dwc->gadget structure upon the device's removal when usb_del_gadget_udc() is called in dwc3_gadget_exit(). However, simply freeing the gadget results a dangling pointer situation: the endpoints created in dwc3_gadget_init_endpoints() have their dep->endpoint.ep_list members chained off the list_head anchored at dwc->gadget->ep_list. Thus when dwc->gadget is freed, the first dwc3_ep in the list now has a dangling prev pointer and likewise for the next pointer of the dwc3_ep at the tail of the list. The dwc3_gadget_free_endpoints() that follows will result in a use-after-free when it calls list_del(). This was caught by enabling KASAN and performing a driver unbind. The recent commit 568262bf5492 ("usb: dwc3: core: Add shutdown callback for dwc3") also exposes this as a panic during shutdown. There are a few possibilities to fix this. One could be to perform a list_del() of the gadget->ep_list itself which removes it from the rest of the dwc3_ep chain. Another approach is what this patch does, by splitting up the usb_del_gadget_udc() call into its separate "del" and "put" components. This allows dwc3_gadget_free_endpoints() to be called before the gadget is finally freed with usb_put_gadget().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46986 was patched at 2024-05-15

4895. Memory Corruption - Linux Kernel (CVE-2021-46989) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: hfsplus: prevent corruption in shrinking truncate I believe there are some issues introduced by commit 31651c607151 ("hfsplus: avoid deadlock on file truncation") HFS+ has extent records which always contains 8 extents. In case the first extent record in catalog file gets full, new ones are allocated from extents overflow file. In case shrinking truncate happens to middle of an extent record which locates in extents overflow file, the logic in hfsplus_file_truncate() was changed so that call to hfs_brec_remove() is not guarded any more. Right action would be just freeing the extents that exceed the new size inside extent record by calling hfsplus_free_extents(), and then check if the whole extent record should be removed. However since the guard (blk_cnt > start) is now after the call to hfs_brec_remove(), this has unfortunate effect that the last matching extent record is removed unconditionally. To reproduce this issue, create a file which has at least 10 extents, and then perform shrinking truncate into middle of the last extent record, so that the number of remaining extents is not under or divisible by 8. This causes the last extent record (8 extents) to be removed totally instead of truncating into middle of it. Thus this causes corruption, and lost data. Fix for this is simply checking if the new truncated end is below the start of this extent record, making it safe to remove the full extent record. However call to hfs_brec_remove() can't be moved to it's previous place since we're dropping ->tree_lock and it can cause a race condition and the cached info being invalidated possibly corrupting the node data. Another issue is related to this one. When entering into the block (blk_cnt > start) we are not holding the ->tree_lock. We break out from the loop not holding the lock, but hfs_find_exit() does unlock it. Not sure if it's possible for someone else to take the lock under our feet, but it can cause hard to debug errors and premature unlocking. Even if there's no real risk of it, the locking should still always be kept in balance. Thus taking the lock now just before the check.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46989 was patched at 2024-05-15

4896. Memory Corruption - Linux Kernel (CVE-2021-46991) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: i40e: Fix use-after-free in i40e_client_subtask() Currently the call to i40e_client_del_instance frees the object pf->cinst, however pf->cinst->lan_info is being accessed after the free. Fix this by adding the missing return. Addresses-Coverity: ("Read from pointer after free")

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46991 was patched at 2024-05-15

4897. Memory Corruption - Linux Kernel (CVE-2021-46999) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: sctp: do asoc update earlier in sctp_sf_do_dupcook_a There's a panic that occurs in a few of envs, the call trace is as below: [] general protection fault, ... 0x29acd70f1000a: 0000 [#1] SMP PTI [] RIP: 0010:sctp_ulpevent_notify_peer_addr_change+0x4b/0x1fa [sctp] [] sctp_assoc_control_transport+0x1b9/0x210 [sctp] [] sctp_do_8_2_transport_strike.isra.16+0x15c/0x220 [sctp] [] sctp_cmd_interpreter.isra.21+0x1231/0x1a10 [sctp] [] sctp_do_sm+0xc3/0x2a0 [sctp] [] sctp_generate_timeout_event+0x81/0xf0 [sctp] This is caused by a transport use-after-free issue. When processing a duplicate COOKIE-ECHO chunk in sctp_sf_do_dupcook_a(), both COOKIE-ACK and SHUTDOWN chunks are allocated with the transort from the new asoc. However, later in the sideeffect machine, the old asoc is used to send them out and old asoc's shutdown_last_sent_to is set to the transport that SHUTDOWN chunk attached to in sctp_cmd_setup_t2(), which actually belongs to the new asoc. After the new_asoc is freed and the old asoc T2 timeout, the old asoc's shutdown_last_sent_to that is already freed would be accessed in sctp_sf_t2_timer_expire(). Thanks Alexander and Jere for helping dig into this issue. To fix it, this patch is to do the asoc update first, then allocate the COOKIE-ACK and SHUTDOWN chunks with the 'updated' old asoc. This would make more sense, as a chunk from an asoc shouldn't be sent out with another asoc. We had fixed quite a few issues caused by this.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46999 was patched at 2024-05-15

4898. Memory Corruption - Linux Kernel (CVE-2021-47009) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-build warning: security/keys/trusted-keys/trusted_tpm1.c:496:10: warning: Potential memory leak [unix.Malloc]

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47009 was patched at 2024-05-15

4899. Memory Corruption - Linux Kernel (CVE-2021-47020) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: soundwire: stream: fix memory leak in stream config error path When stream config is failed, master runtime will release all slave runtime in the slave_rt_list, but slave runtime is not added to the list at this time. This patch frees slave runtime in the config error path to fix the memory leak.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47020 was patched at 2024-05-15

4900. Memory Corruption - Linux Kernel (CVE-2021-47024) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: free queued packets when closing socket As reported by syzbot [1], there is a memory leak while closing the socket. We partially solved this issue with commit ac03046ece2b ("vsock/virtio: free packets during the socket release"), but we forgot to drain the RX queue when the socket is definitely closed by the scheduled work. To avoid future issues, let's use the new virtio_transport_remove_sock() to drain the RX queue before removing the socket from the af_vsock lists calling vsock_remove_sock(). [1] https://syzkaller.appspot.com/bug?extid=24452624fc4c571eedd9

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47024 was patched at 2024-05-15

4901. Memory Corruption - Linux Kernel (CVE-2021-47026) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-clt: destroy sysfs after removing session from active list A session can be removed dynamically by sysfs interface "remove_path" that eventually calls rtrs_clt_remove_path_from_sysfs function. The current rtrs_clt_remove_path_from_sysfs first removes the sysfs interfaces and frees sess->stats object. Second it removes the session from the active list. Therefore some functions could access non-connected session and access the freed sess->stats object even-if they check the session status before accessing the session. For instance rtrs_clt_request and get_next_path_min_inflight check the session status and try to send IO to the session. The session status could be changed when they are trying to send IO but they could not catch the change and update the statistics information in sess->stats object, and generate use-after-free problem. (see: "RDMA/rtrs-clt: Check state of the rtrs_clt_sess before reading its stats") This patch changes the rtrs_clt_remove_path_from_sysfs to remove the session from the active session list and then destroy the sysfs interfaces. Each function still should check the session status because closing or error recovery paths can change the status.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47026 was patched at 2024-05-15

4902. Memory Corruption - Linux Kernel (CVE-2021-47040) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix overflows checks in provide buffers\n\nColin reported before possible overflow and sign extension problems in\nio_provide_buffers_prep(). As Linus pointed out previous attempt did nothing\nuseful, see d81269fecb8ce ("io_uring: fix provide_buffers sign extension").\n\nDo that with help of check_<op>_overflow helpers. And fix struct\nio_provide_buf::len type, as it doesn't make much sense to keep it\nsigned.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47040 was patched at 2024-05-15

4903. Memory Corruption - Linux Kernel (CVE-2021-47048) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: fix use-after-free in zynqmp_qspi_exec_op When handling op->addr, it is using the buffer "tmpbuf" which has been freed. This will trigger a use-after-free KASAN warning. Let's use temporary variables to store op->addr.val and op->cmd.opcode to fix this issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47048 was patched at 2024-05-15

4904. Memory Corruption - Linux Kernel (CVE-2021-47049) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Use after free in __vmbus_open() The "open_info" variable is added to the &vmbus_connection.chn_msg_list, but the error handling frees "open_info" without removing it from the list. This will result in a use after free. First remove it from the list, and then free it.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47049 was patched at 2024-05-15

4905. Memory Corruption - Linux Kernel (CVE-2021-47052) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: crypto: sa2ul - Fix memory leak of rxd There are two error return paths that are not freeing rxd and causing memory leaks. Fix these. Addresses-Coverity: ("Resource leak")

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47052 was patched at 2024-05-15

4906. Memory Corruption - Linux Kernel (CVE-2021-47053) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - Fix memory leak of pad It appears there are several failure return paths that don't seem to be free'ing pad. Fix these. Addresses-Coverity: ("Resource leak")

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47053 was patched at 2024-05-15

4907. Memory Corruption - Linux Kernel (CVE-2021-47057) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - Fix memory leak of object d when dma_iv fails to map In the case where the dma_iv mapping fails, the return error path leaks the memory allocated to object d. Fix this by adding a new error return label and jumping to this to ensure d is free'd before the return. Addresses-Coverity: ("Resource leak")

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47057 was patched at 2024-05-15

4908. Memory Corruption - Linux Kernel (CVE-2021-47058) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: regmap: set debugfs_name to NULL after it is freed There is a upstream commit cffa4b2122f5("regmap:debugfs: Fix a memory leak when calling regmap_attach_dev") that adds a if condition when create name for debugfs_name. With below function invoking logical, debugfs_name is freed in regmap_debugfs_exit(), but it is not created again because of the if condition introduced by above commit. regmap_reinit_cache() regmap_debugfs_exit() ... regmap_debugfs_init() So, set debugfs_name to NULL after it is freed.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47058 was patched at 2024-05-15

4909. Memory Corruption - Linux Kernel (CVE-2021-47059) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - fix result memory leak on error path This patch fixes a memory leak on an error path.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47059 was patched at 2024-05-15

4910. Memory Corruption - Linux Kernel (CVE-2021-47060) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Stop looking for coalesced MMIO zones if the bus is destroyed\n\nAbort the walk of coalesced MMIO zones if kvm_io_bus_unregister_dev()\nfails to allocate memory for the new instance of the bus. If it can't\ninstantiate a new bus, unregister_dev() destroys all devices _except_ the\ntarget device. But, it doesn't tell the caller that it obliterated the\nbus and invoked the destructor for all devices that were on the bus. In\nthe coalesced MMIO case, this can result in a deleted list entry\ndereference due to attempting to continue iterating on coalesced_zones\nafter future entries (in the walk) have been deleted.\n\nOpportunistically add curly braces to the for-loop, which encompasses\nmany lines but sneaks by without braces due to the guts being a single\nif statement.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47060 was patched at 2024-05-15

4911. Memory Corruption - Linux Kernel (CVE-2021-47061) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU If allocating a new instance of an I/O bus fails when unregistering a device, wait to destroy the device until after all readers are guaranteed to see the new null bus. Destroying devices before the bus is nullified could lead to use-after-free since readers expect the devices on their reference of the bus to remain valid.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47061 was patched at 2024-05-15

4912. Memory Corruption - Linux Kernel (CVE-2021-47063) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: drm: bridge/panel: Cleanup connector on bridge detach If we don't call drm_connector_cleanup() manually in panel_bridge_detach(), the connector will be cleaned up with the other DRM objects in the call to drm_mode_config_cleanup(). However, since our drm_connector is devm-allocated, by the time drm_mode_config_cleanup() will be called, our connector will be long gone. Therefore, the connector must be cleaned up when the bridge is detached to avoid use-after-free conditions. v2: Cleanup connector only if it was created v3: Add FIXME v4: (Use connector->dev) directly in if() block

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47063 was patched at 2024-05-15

ubuntu: CVE-2021-47063 was patched at 2024-06-12

4913. Memory Corruption - Linux Kernel (CVE-2021-47064) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: fix potential DMA mapping leak\n\nWith buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmap\ncould potentially inherit a non-zero value from stack garbage.\nIf this happens, it will cause DMA mappings for MCU command frames to not be\nunmapped after completion', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47064 was patched at 2024-05-15

4914. Memory Corruption - Linux Kernel (CVE-2021-47066) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nasync_xor: increase src_offs when dropping destination page\n\nNow we support sharing one page if PAGE_SIZE is not equal stripe size. To\nsupport this, it needs to support calculating xor value with different\noffsets for each r5dev. One offset array is used to record those offsets.\n\nIn RMW mode, parity page is used as a source page. It sets\nASYNC_TX_XOR_DROP_DST before calculating xor value in ops_run_prexor5.\nSo it needs to add src_list and src_offs at the same time. Now it only\nneeds src_list. So the xor value which is calculated is wrong. It can\ncause data corruption problem.\n\nI can reproduce this problem 100% on a POWER8 machine. The steps are:\n\n mdadm -CR /dev/md0 -l5 -n3 /dev/sdb1 /dev/sdc1 /dev/sdd1 --size=3G\n mkfs.xfs /dev/md0\n mount /dev/md0 /mnt/test\n mount: /mnt/test: mount(2) system call failed: Structure needs cleaning.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47066 was patched at 2024-05-15

4915. Memory Corruption - Linux Kernel (CVE-2021-47068) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: net/nfc: fix use-after-free llcp_sock_bind/connect Commits 8a4cd82d ("nfc: fix refcount leak in llcp_sock_connect()") and c33b1cc62 ("nfc: fix refcount leak in llcp_sock_bind()") fixed a refcount leak bug in bind/connect but introduced a use-after-free if the same local is assigned to 2 different sockets. This can be triggered by the following simple program: int sock1 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP ); int sock2 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP ); memset( &addr, 0, sizeof(struct sockaddr_nfc_llcp) ); addr.sa_family = AF_NFC; addr.nfc_protocol = NFC_PROTO_NFC_DEP; bind( sock1, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) ) bind( sock2, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) ) close(sock1); close(sock2); Fix this by assigning NULL to llcp_sock->local after calling nfc_llcp_local_put. This addresses CVE-2021-23134.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47068 was patched at 2024-05-15

4916. Memory Corruption - Linux Kernel (CVE-2021-47070) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix another memory leak in error handling paths Memory allocated by 'vmbus_alloc_ring()' at the beginning of the probe function is never freed in the error handling path. Add the missing 'vmbus_free_ring()' call. Note that it is already freed in the .remove function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47070 was patched at 2024-05-15

ubuntu: CVE-2021-47070 was patched at 2024-06-12

4917. Memory Corruption - Linux Kernel (CVE-2021-47071) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix a memory leak in error handling paths If 'vmbus_establish_gpadl()' fails, the (recv|send)_gpadl will not be updated and 'hv_uio_cleanup()' in the error handling path will not be able to free the corresponding buffer. In such a case, we need to free the buffer explicitly.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47071 was patched at 2024-05-15

4918. Memory Corruption - Linux Kernel (CVE-2021-47074) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: nvme-loop: fix memory leak in nvme_loop_create_ctrl() When creating loop ctrl in nvme_loop_create_ctrl(), if nvme_init_ctrl() fails, the loop ctrl should be freed before jumping to the "out" label.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47074 was patched at 2024-05-15

4919. Memory Corruption - Linux Kernel (CVE-2021-47075) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak in nvmet_alloc_ctrl() When creating ctrl in nvmet_alloc_ctrl(), if the cntlid_min is larger than cntlid_max of the subsystem, and jumps to the "out_free_changed_ns_list" label, but the ctrl->sqs lack of be freed. Fix this by jumping to the "out_free_sqs" label.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47075 was patched at 2024-05-15

4920. Memory Corruption - Linux Kernel (CVE-2021-47078) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Clear all QP fields if creation failed rxe_qp_do_cleanup() relies on valid pointer values in QP for the properly created ones, but in case rxe_qp_from_init() failed it was filled with garbage and caused tot the following error. refcount_t: underflow; use-after-free. WARNING: CPU: 1 PID: 12560 at lib/refcount.c:28 refcount_warn_saturate+0x1d1/0x1e0 lib/refcount.c:28 Modules linked in: CPU: 1 PID: 12560 Comm: syz-executor.4 Not tainted 5.12.0-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:refcount_warn_saturate+0x1d1/0x1e0 lib/refcount.c:28 Code: e9 db fe ff ff 48 89 df e8 2c c2 ea fd e9 8a fe ff ff e8 72 6a a7 fd 48 c7 c7 e0 b2 c1 89 c6 05 dc 3a e6 09 01 e8 ee 74 fb 04 <0f> 0b e9 af fe ff ff 0f 1f 84 00 00 00 00 00 41 56 41 55 41 54 55 RSP: 0018:ffffc900097ceba8 EFLAGS: 00010286 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000040000 RSI: ffffffff815bb075 RDI: fffff520012f9d67 RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000 R10: ffffffff815b4eae R11: 0000000000000000 R12: ffff8880322a4800 R13: ffff8880322a4940 R14: ffff888033044e00 R15: 0000000000000000 FS: 00007f6eb2be3700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fdbe5d41000 CR3: 000000001d181000 CR4: 00000000001506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: __refcount_sub_and_test include/linux/refcount.h:283 [inline] __refcount_dec_and_test include/linux/refcount.h:315 [inline] refcount_dec_and_test include/linux/refcount.h:333 [inline] kref_put include/linux/kref.h:64 [inline] rxe_qp_do_cleanup+0x96f/0xaf0 drivers/infiniband/sw/rxe/rxe_qp.c:805 execute_in_process_context+0x37/0x150 kernel/workqueue.c:3327 rxe_elem_release+0x9f/0x180 drivers/infiniband/sw/rxe/rxe_pool.c:391 kref_put include/linux/kref.h:65 [inline] rxe_create_qp+0x2cd/0x310 drivers/infiniband/sw/rxe/rxe_verbs.c:425 _ib_create_qp drivers/infiniband/core/core_priv.h:331 [inline] ib_create_named_qp+0x2ad/0x1370 drivers/infiniband/core/verbs.c:1231 ib_create_qp include/rdma/ib_verbs.h:3644 [inline] create_mad_qp+0x177/0x2d0 drivers/infiniband/core/mad.c:2920 ib_mad_port_open drivers/infiniband/core/mad.c:3001 [inline] ib_mad_init_device+0xd6f/0x1400 drivers/infiniband/core/mad.c:3092 add_client_context+0x405/0x5e0 drivers/infiniband/core/device.c:717 enable_device_and_get+0x1cd/0x3b0 drivers/infiniband/core/device.c:1331 ib_register_device drivers/infiniband/core/device.c:1413 [inline] ib_register_device+0x7c7/0xa50 drivers/infiniband/core/device.c:1365 rxe_register_device+0x3d5/0x4a0 drivers/infiniband/sw/rxe/rxe_verbs.c:1147 rxe_add+0x12fe/0x16d0 drivers/infiniband/sw/rxe/rxe.c:247 rxe_net_add+0x8c/0xe0 drivers/infiniband/sw/rxe/rxe_net.c:503 rxe_newlink drivers/infiniband/sw/rxe/rxe.c:269 [inline] rxe_newlink+0xb7/0xe0 drivers/infiniband/sw/rxe/rxe.c:250 nldev_newlink+0x30e/0x550 drivers/infiniband/core/nldev.c:1555 rdma_nl_rcv_msg+0x36d/0x690 drivers/infiniband/core/netlink.c:195 rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline] rdma_nl_rcv+0x2ee/0x430 drivers/infiniband/core/netlink.c:259 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927 sock_sendmsg_nosec net/socket.c:654 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:674 ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350 ___sys_sendmsg+0xf3/0x170 net/socket.c:2404 __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433 do_syscall_64+0x3a/0xb0 arch/x86/entry/common.c:47 entry_SYSCALL_64_after_hwframe+0 ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47078 was patched at 2024-05-15

4921. Memory Corruption - Linux Kernel (CVE-2021-47089) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: kfence: fix memory leak when cat kfence objects Hulk robot reported a kmemleak problem: unreferenced object 0xffff93d1d8cc02e8 (size 248): comm "cat", pid 23327, jiffies 4624670141 (age 495992.217s) hex dump (first 32 bytes): 00 40 85 19 d4 93 ff ff 00 10 00 00 00 00 00 00 .@.............. 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: seq_open+0x2a/0x80 full_proxy_open+0x167/0x1e0 do_dentry_open+0x1e1/0x3a0 path_openat+0x961/0xa20 do_filp_open+0xae/0x120 do_sys_openat2+0x216/0x2f0 do_sys_open+0x57/0x80 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 unreferenced object 0xffff93d419854000 (size 4096): comm "cat", pid 23327, jiffies 4624670141 (age 495992.217s) hex dump (first 32 bytes): 6b 66 65 6e 63 65 2d 23 32 35 30 3a 20 30 78 30 kfence-#250: 0x0 30 30 30 30 30 30 30 37 35 34 62 64 61 31 32 2d 0000000754bda12- backtrace: seq_read_iter+0x313/0x440 seq_read+0x14b/0x1a0 full_proxy_read+0x56/0x80 vfs_read+0xa5/0x1b0 ksys_read+0xa0/0xf0 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 I find that we can easily reproduce this problem with the following commands: cat /sys/kernel/debug/kfence/objects echo scan > /sys/kernel/debug/kmemleak cat /sys/kernel/debug/kmemleak The leaked memory is allocated in the stack below: do_syscall_64 do_sys_open do_dentry_open full_proxy_open seq_open ---> alloc seq_file vfs_read full_proxy_read seq_read seq_read_iter traverse ---> alloc seq_buf And it should have been released in the following process: do_syscall_64 syscall_exit_to_user_mode exit_to_user_mode_prepare task_work_run ____fput __fput full_proxy_release ---> free here However, the release function corresponding to file_operations is not implemented in kfence. As a result, a memory leak occurs. Therefore, the solution to this problem is to implement the corresponding release function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47089 was patched at 2024-05-15

4922. Memory Corruption - Linux Kernel (CVE-2021-47094) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Don't advance iterator after restart due to yielding After dropping mmu_lock in the TDP MMU, restart the iterator during tdp_iter_next() and do not advance the iterator. Advancing the iterator results in skipping the top-level SPTE and all its children, which is fatal if any of the skipped SPTEs were not visited before yielding. When zapping all SPTEs, i.e. when min_level == root_level, restarting the iter and then invoking tdp_iter_next() is always fatal if the current gfn has as a valid SPTE, as advancing the iterator results in try_step_side() skipping the current gfn, which wasn't visited before yielding. Sprinkle WARNs on iter->yielded being true in various helpers that are often used in conjunction with yielding, and tag the helper with __must_check to reduce the probabily of improper usage. Failing to zap a top-level SPTE manifests in one of two ways. If a valid SPTE is skipped by both kvm_tdp_mmu_zap_all() and kvm_tdp_mmu_put_root(), the shadow page will be leaked and KVM will WARN accordingly. WARNING: CPU: 1 PID: 3509 at arch/x86/kvm/mmu/tdp_mmu.c:46 [kvm] RIP: 0010:kvm_mmu_uninit_tdp_mmu+0x3e/0x50 [kvm] Call Trace: <TASK> kvm_arch_destroy_vm+0x130/0x1b0 [kvm] kvm_destroy_vm+0x162/0x2a0 [kvm] kvm_vcpu_release+0x34/0x60 [kvm] __fput+0x82/0x240 task_work_run+0x5c/0x90 do_exit+0x364/0xa10 ? futex_unqueue+0x38/0x60 do_group_exit+0x33/0xa0 get_signal+0x155/0x850 arch_do_signal_or_restart+0xed/0x750 exit_to_user_mode_prepare+0xc5/0x120 syscall_exit_to_user_mode+0x1d/0x40 do_syscall_64+0x48/0xc0 entry_SYSCALL_64_after_hwframe+0x44/0xae If kvm_tdp_mmu_zap_all() skips a gfn/SPTE but that SPTE is then zapped by kvm_tdp_mmu_put_root(), KVM triggers a use-after-free in the form of marking a struct page as dirty/accessed after it has been put back on the free list. This directly triggers a WARN due to encountering a page with page_count() == 0, but it can also lead to data corruption and additional errors in the kernel. WARNING: CPU: 7 PID: 1995658 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:171 RIP: 0010:kvm_is_zone_device_pfn.part.0+0x9e/0xd0 [kvm] Call Trace: <TASK> kvm_set_pfn_dirty+0x120/0x1d0 [kvm] __handle_changed_spte+0x92e/0xca0 [kvm] __handle_changed_spte+0x63c/0xca0 [kvm] __handle_changed_spte+0x63c/0xca0 [kvm] __handle_changed_spte+0x63c/0xca0 [kvm] zap_gfn_range+0x549/0x620 [kvm] kvm_tdp_mmu_put_root+0x1b6/0x270 [kvm] mmu_free_root_page+0x219/0x2c0 [kvm] kvm_mmu_free_roots+0x1b4/0x4e0 [kvm] kvm_mmu_unload+0x1c/0xa0 [kvm] kvm_arch_destroy_vm+0x1f2/0x5c0 [kvm] kvm_put_kvm+0x3b1/0x8b0 [kvm] kvm_vcpu_release+0x4e/0x70 [kvm] __fput+0x1f7/0x8c0 task_work_run+0xf8/0x1a0 do_exit+0x97b/0x2230 do_group_exit+0xda/0x2a0 get_signal+0x3be/0x1e50 arch_do_signal_or_restart+0x244/0x17f0 exit_to_user_mode_prepare+0xcb/0x120 syscall_exit_to_user_mode+0x1d/0x40 do_syscall_64+0x4d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Note, the underlying bug existed even before commit 1af4a96025b3 ("KVM: x86/mmu: Yield in TDU MMU iter even if no SPTES changed") moved calls to tdp_mmu_iter_cond_resched() to the beginning of loops, as KVM could still incorrectly advance past a top-level entry when yielding on a lower-level entry. But with respect to leaking shadow pages, the bug was introduced by yielding before processing the current gfn. Alternatively, tdp_mmu_iter_cond_resched() could simply fall through, or callers could jump to their "retry" label. The downside of that approach is that tdp_mmu_iter_cond_resched() _must_ be called before anything else in the loop, and there's no easy way to enfornce that requirement. Ideally, KVM would handling the cond_resched() fully within the iterator macro (the code is actually quite clean) and avoid this entire class of bugs, but that is extremely difficult do wh ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47094 was patched at 2024-05-15

4923. Memory Corruption - Linux Kernel (CVE-2021-47103) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: inet: fully convert sk->sk_rx_dst to RCU rules syzbot reported various issues around early demux, one being included in this changelog [1] sk->sk_rx_dst is using RCU protection without clearly documenting it. And following sequences in tcp_v4_do_rcv()/tcp_v6_do_rcv() are not following standard RCU rules. [a] dst_release(dst); [b] sk->sk_rx_dst = NULL; They look wrong because a delete operation of RCU protected pointer is supposed to clear the pointer before the call_rcu()/synchronize_rcu() guarding actual memory freeing. In some cases indeed, dst could be freed before [b] is done. We could cheat by clearing sk_rx_dst before calling dst_release(), but this seems the right time to stick to standard RCU annotations and debugging facilities. [1] BUG: KASAN: use-after-free in dst_check include/net/dst.h:470 [inline] BUG: KASAN: use-after-free in tcp_v4_early_demux+0x95b/0x960 net/ipv4/tcp_ipv4.c:1792 Read of size 2 at addr ffff88807f1cb73a by task syz-executor.5/9204 CPU: 0 PID: 9204 Comm: syz-executor.5 Not tainted 5.16.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0x8d/0x320 mm/kasan/report.c:247 __kasan_report mm/kasan/report.c:433 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:450 dst_check include/net/dst.h:470 [inline] tcp_v4_early_demux+0x95b/0x960 net/ipv4/tcp_ipv4.c:1792 ip_rcv_finish_core.constprop.0+0x15de/0x1e80 net/ipv4/ip_input.c:340 ip_list_rcv_finish.constprop.0+0x1b2/0x6e0 net/ipv4/ip_input.c:583 ip_sublist_rcv net/ipv4/ip_input.c:609 [inline] ip_list_rcv+0x34e/0x490 net/ipv4/ip_input.c:644 __netif_receive_skb_list_ptype net/core/dev.c:5508 [inline] __netif_receive_skb_list_core+0x549/0x8e0 net/core/dev.c:5556 __netif_receive_skb_list net/core/dev.c:5608 [inline] netif_receive_skb_list_internal+0x75e/0xd80 net/core/dev.c:5699 gro_normal_list net/core/dev.c:5853 [inline] gro_normal_list net/core/dev.c:5849 [inline] napi_complete_done+0x1f1/0x880 net/core/dev.c:6590 virtqueue_napi_complete drivers/net/virtio_net.c:339 [inline] virtnet_poll+0xca2/0x11b0 drivers/net/virtio_net.c:1557 __napi_poll+0xaf/0x440 net/core/dev.c:7023 napi_poll net/core/dev.c:7090 [inline] net_rx_action+0x801/0xb40 net/core/dev.c:7177 __do_softirq+0x29b/0x9c2 kernel/softirq.c:558 invoke_softirq kernel/softirq.c:432 [inline] __irq_exit_rcu+0x123/0x180 kernel/softirq.c:637 irq_exit_rcu+0x5/0x20 kernel/softirq.c:649 common_interrupt+0x52/0xc0 arch/x86/kernel/irq.c:240 asm_common_interrupt+0x1e/0x40 arch/x86/include/asm/idtentry.h:629 RIP: 0033:0x7f5e972bfd57 Code: 39 d1 73 14 0f 1f 80 00 00 00 00 48 8b 50 f8 48 83 e8 08 48 39 ca 77 f3 48 39 c3 73 3e 48 89 13 48 8b 50 f8 48 89 38 49 8b 0e <48> 8b 3e 48 83 c3 08 48 83 c6 08 eb bc 48 39 d1 72 9e 48 39 d0 73 RSP: 002b:00007fff8a413210 EFLAGS: 00000283 RAX: 00007f5e97108990 RBX: 00007f5e97108338 RCX: ffffffff81d3aa45 RDX: ffffffff81d3aa45 RSI: 00007f5e97108340 RDI: ffffffff81d3aa45 RBP: 00007f5e97107eb8 R08: 00007f5e97108d88 R09: 0000000093c2e8d9 R10: 0000000000000000 R11: 0000000000000000 R12: 00007f5e97107eb0 R13: 00007f5e97108338 R14: 00007f5e97107ea8 R15: 0000000000000019 </TASK> Allocated by task 13: kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:434 [inline] __kasan_slab_alloc+0x90/0xc0 mm/kasan/common.c:467 kasan_slab_alloc include/linux/kasan.h:259 [inline] slab_post_alloc_hook mm/slab.h:519 [inline] slab_alloc_node mm/slub.c:3234 [inline] slab_alloc mm/slub.c:3242 [inline] kmem_cache_alloc+0x202/0x3a0 mm/slub.c:3247 dst_alloc+0x146/0x1f0 net/core/dst.c:92 rt_dst_alloc+0x73/0x430 net/ipv4/route.c:1613 ip_route_input_slow+0x1817/0x3a20 net/ipv4/route.c:234 ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47103 was patched at 2024-05-15

4924. Memory Corruption - Linux Kernel (CVE-2021-47104) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() The wrong goto label was used for the error case and missed cleanup of the pkt allocation. Addresses-Coverity-ID: 1493352 ("Resource leak")

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47104 was patched at 2024-05-15

4925. Memory Corruption - Linux Kernel (CVE-2021-47106) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy() We need to use list_for_each_entry_safe() iterator because we can not access @catchall after kfree_rcu() call. syzbot reported: BUG: KASAN: use-after-free in nft_set_catchall_destroy net/netfilter/nf_tables_api.c:4486 [inline] BUG: KASAN: use-after-free in nft_set_destroy net/netfilter/nf_tables_api.c:4504 [inline] BUG: KASAN: use-after-free in nft_set_destroy+0x3fd/0x4f0 net/netfilter/nf_tables_api.c:4493 Read of size 8 at addr ffff8880716e5b80 by task syz-executor.3/8871 CPU: 1 PID: 8871 Comm: syz-executor.3 Not tainted 5.16.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 print_address_description.constprop.0.cold+0x8d/0x2ed mm/kasan/report.c:247 __kasan_report mm/kasan/report.c:433 [inline] kasan_report.cold+0x83/0xdf mm/kasan/report.c:450 nft_set_catchall_destroy net/netfilter/nf_tables_api.c:4486 [inline] nft_set_destroy net/netfilter/nf_tables_api.c:4504 [inline] nft_set_destroy+0x3fd/0x4f0 net/netfilter/nf_tables_api.c:4493 __nft_release_table+0x79f/0xcd0 net/netfilter/nf_tables_api.c:9626 nft_rcv_nl_event+0x4f8/0x670 net/netfilter/nf_tables_api.c:9688 notifier_call_chain+0xb5/0x200 kernel/notifier.c:83 blocking_notifier_call_chain kernel/notifier.c:318 [inline] blocking_notifier_call_chain+0x67/0x90 kernel/notifier.c:306 netlink_release+0xcb6/0x1dd0 net/netlink/af_netlink.c:788 __sock_release+0xcd/0x280 net/socket.c:649 sock_close+0x18/0x20 net/socket.c:1314 __fput+0x286/0x9f0 fs/file_table.c:280 task_work_run+0xdd/0x1a0 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [inline] exit_to_user_mode_loop kernel/entry/common.c:175 [inline] exit_to_user_mode_prepare+0x27e/0x290 kernel/entry/common.c:207 __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline] syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300 do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7f75fbf28adb Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44 RSP: 002b:00007ffd8da7ec10 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 RAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f75fbf28adb RDX: 00007f75fc08e828 RSI: ffffffffffffffff RDI: 0000000000000003 RBP: 00007f75fc08a960 R08: 0000000000000000 R09: 00007f75fc08e830 R10: 00007ffd8da7ed10 R11: 0000000000000293 R12: 00000000002067c3 R13: 00007ffd8da7ed10 R14: 00007f75fc088f60 R15: 0000000000000032 </TASK> Allocated by task 8886: kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:46 [inline] set_alloc_info mm/kasan/common.c:434 [inline] ____kasan_kmalloc mm/kasan/common.c:513 [inline] ____kasan_kmalloc mm/kasan/common.c:472 [inline] __kasan_kmalloc+0xa6/0xd0 mm/kasan/common.c:522 kasan_kmalloc include/linux/kasan.h:269 [inline] kmem_cache_alloc_trace+0x1ea/0x4a0 mm/slab.c:3575 kmalloc include/linux/slab.h:590 [inline] nft_setelem_catchall_insert net/netfilter/nf_tables_api.c:5544 [inline] nft_setelem_insert net/netfilter/nf_tables_api.c:5562 [inline] nft_add_set_elem+0x232e/0x2f40 net/netfilter/nf_tables_api.c:5936 nf_tables_newsetelem+0x6ff/0xbb0 net/netfilter/nf_tables_api.c:6032 nfnetlink_rcv_batch+0x1710/0x25f0 net/netfilter/nfnetlink.c:513 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline] nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:652 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x904/0xdf0 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/ ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47106 was patched at 2024-05-15

4926. Memory Corruption - Linux Kernel (CVE-2021-47107) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix READDIR buffer overflow If a client sends a READDIR count argument that is too small (say, zero), then the buffer size calculation in the new init_dirlist helper functions results in an underflow, allowing the XDR stream functions to write beyond the actual buffer. This calculation has always been suspect. NFSD has never sanity- checked the READDIR count argument, but the old entry encoders managed the problem correctly. With the commits below, entry encoding changed, exposing the underflow to the pointer arithmetic in xdr_reserve_space(). Modern NFS clients attempt to retrieve as much data as possible for each READDIR request. Also, we have no unit tests that exercise the behavior of READDIR at the lower bound of @count values. Thus this case was missed during testing.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47107 was patched at 2024-05-15

4927. Memory Corruption - Linux Kernel (CVE-2021-47110) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on shutdown Currenly, we disable kvmclock from machine_shutdown() hook and this only happens for boot CPU. We need to disable it for all CPUs to guard against memory corruption e.g. on restore from hibernate. Note, writing '0' to kvmclock MSR doesn't clear memory location, it just prevents hypervisor from updating the location so for the short while after write and while CPU is still alive, the clock remains usable and correct so we don't need to switch to some other clocksource.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47110 was patched at 2024-05-15

4928. Memory Corruption - Linux Kernel (CVE-2021-47111) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: xen-netback: take a reference to the RX task thread Do this in order to prevent the task from being freed if the thread returns (which can be triggered by the frontend) before the call to kthread_stop done as part of the backend tear down. Not taking the reference will lead to a use-after-free in that scenario. Such reference was taken before but dropped as part of the rework done in 2ac061ce97f4. Reintroduce the reference taking and add a comment this time explaining why it's needed. This is XSA-374 / CVE-2021-28691.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47111 was patched at 2024-05-15

4929. Memory Corruption - Linux Kernel (CVE-2021-47116) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4_mb_init_backend on error path. Fix a memory leak discovered by syzbot when a file system is corrupted with an illegally large s_log_groups_per_flex.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47116 was patched at 2024-05-15

4930. Memory Corruption - Linux Kernel (CVE-2021-47118) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing `cad_pid` During boot, kernel_init_freeable() initializes `cad_pid` to the init task's struct pid. Later on, we may change `cad_pid` via a sysctl, and when this happens proc_do_cad_pid() will increment the refcount on the new pid via get_pid(), and will decrement the refcount on the old pid via put_pid(). As we never called get_pid() when we initialized `cad_pid`, we decrement a reference we never incremented, can therefore free the init task's struct pid early. As there can be dangling references to the struct pid, we can later encounter a use-after-free (e.g. when delivering signals). This was spotted when fuzzing v5.13-rc3 with Syzkaller, but seems to have been around since the conversion of `cad_pid` to struct pid in commit 9ec52099e4b8 ("[PATCH] replace cad_pid by a struct pid") from the pre-KASAN stone age of v2.6.19. Fix this by getting a reference to the init task's struct pid when we assign it to `cad_pid`. Full KASAN splat below. ================================================================== BUG: KASAN: use-after-free in ns_of_pid include/linux/pid.h:153 [inline] BUG: KASAN: use-after-free in task_active_pid_ns+0xc0/0xc8 kernel/pid.c:509 Read of size 4 at addr ffff23794dda0004 by task syz-executor.0/273 CPU: 1 PID: 273 Comm: syz-executor.0 Not tainted 5.12.0-00001-g9aef892b2d15 #1 Hardware name: linux,dummy-virt (DT) Call trace: ns_of_pid include/linux/pid.h:153 [inline] task_active_pid_ns+0xc0/0xc8 kernel/pid.c:509 do_notify_parent+0x308/0xe60 kernel/signal.c:1950 exit_notify kernel/exit.c:682 [inline] do_exit+0x2334/0x2bd0 kernel/exit.c:845 do_group_exit+0x108/0x2c8 kernel/exit.c:922 get_signal+0x4e4/0x2a88 kernel/signal.c:2781 do_signal arch/arm64/kernel/signal.c:882 [inline] do_notify_resume+0x300/0x970 arch/arm64/kernel/signal.c:936 work_pending+0xc/0x2dc Allocated by task 0: slab_post_alloc_hook+0x50/0x5c0 mm/slab.h:516 slab_alloc_node mm/slub.c:2907 [inline] slab_alloc mm/slub.c:2915 [inline] kmem_cache_alloc+0x1f4/0x4c0 mm/slub.c:2920 alloc_pid+0xdc/0xc00 kernel/pid.c:180 copy_process+0x2794/0x5e18 kernel/fork.c:2129 kernel_clone+0x194/0x13c8 kernel/fork.c:2500 kernel_thread+0xd4/0x110 kernel/fork.c:2552 rest_init+0x44/0x4a0 init/main.c:687 arch_call_rest_init+0x1c/0x28 start_kernel+0x520/0x554 init/main.c:1064 0x0 Freed by task 270: slab_free_hook mm/slub.c:1562 [inline] slab_free_freelist_hook+0x98/0x260 mm/slub.c:1600 slab_free mm/slub.c:3161 [inline] kmem_cache_free+0x224/0x8e0 mm/slub.c:3177 put_pid.part.4+0xe0/0x1a8 kernel/pid.c:114 put_pid+0x30/0x48 kernel/pid.c:109 proc_do_cad_pid+0x190/0x1b0 kernel/sysctl.c:1401 proc_sys_call_handler+0x338/0x4b0 fs/proc/proc_sysctl.c:591 proc_sys_write+0x34/0x48 fs/proc/proc_sysctl.c:617 call_write_iter include/linux/fs.h:1977 [inline] new_sync_write+0x3ac/0x510 fs/read_write.c:518 vfs_write fs/read_write.c:605 [inline] vfs_write+0x9c4/0x1018 fs/read_write.c:585 ksys_write+0x124/0x240 fs/read_write.c:658 __do_sys_write fs/read_write.c:670 [inline] __se_sys_write fs/read_write.c:667 [inline] __arm64_sys_write+0x78/0xb0 fs/read_write.c:667 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall arch/arm64/kernel/syscall.c:49 [inline] el0_svc_common.constprop.1+0x16c/0x388 arch/arm64/kernel/syscall.c:129 do_el0_svc+0xf8/0x150 arch/arm64/kernel/syscall.c:168 el0_svc+0x28/0x38 arch/arm64/kernel/entry-common.c:416 el0_sync_handler+0x134/0x180 arch/arm64/kernel/entry-common.c:432 el0_sync+0x154/0x180 arch/arm64/kernel/entry.S:701 The buggy address belongs to the object at ffff23794dda0000 which belongs to the cache pid of size 224 The buggy address is located 4 bytes inside of 224-byte region [ff ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2021-47118 was patched at 2024-06-05

debian: CVE-2021-47118 was patched at 2024-05-15

oraclelinux: CVE-2021-47118 was patched at 2024-06-05

redhat: CVE-2021-47118 was patched at 2024-06-05

4931. Memory Corruption - Linux Kernel (CVE-2021-47119) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4_fill_super Buffer head references must be released before calling kill_bdev(); otherwise the buffer head (and its page referenced by b_data) will not be freed by kill_bdev, and subsequently that bh will be leaked. If blocksizes differ, sb_set_blocksize() will kill current buffers and page cache by using kill_bdev(). And then super block will be reread again but using correct blocksize this time. sb_set_blocksize() didn't fully free superblock page and buffer head, and being busy, they were not freed and instead leaked. This can easily be reproduced by calling an infinite loop of: systemctl start <ext4_on_lvm>.mount, and systemctl stop <ext4_on_lvm>.mount ... since systemd creates a cgroup for each slice which it mounts, and the bh leak get amplified by a dying memory cgroup that also never gets freed, and memory consumption is much more easily noticed.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47119 was patched at 2024-05-15

4932. Memory Corruption - Linux Kernel (CVE-2021-47121) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: net: caif: fix memory leak in cfusbl_device_notify In case of caif_enroll_dev() fail, allocated link_support won't be assigned to the corresponding structure. So simply free allocated pointer in case of error.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47121 was patched at 2024-05-15

4933. Memory Corruption - Linux Kernel (CVE-2021-47122) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: net: caif: fix memory leak in caif_device_notify In case of caif_enroll_dev() fail, allocated link_support won't be assigned to the corresponding structure. So simply free allocated pointer in case of error

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47122 was patched at 2024-05-15

4934. Memory Corruption - Linux Kernel (CVE-2021-47131) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix use-after-free after the TLS device goes down and up When a netdev with active TLS offload goes down, tls_device_down is called to stop the offload and tear down the TLS context. However, the socket stays alive, and it still points to the TLS context, which is now deallocated. If a netdev goes up, while the connection is still active, and the data flow resumes after a number of TCP retransmissions, it will lead to a use-after-free of the TLS context. This commit addresses this bug by keeping the context alive until its normal destruction, and implements the necessary fallbacks, so that the connection can resume in software (non-offloaded) kTLS mode. On the TX side tls_sw_fallback is used to encrypt all packets. The RX side already has all the necessary fallbacks, because receiving non-decrypted packets is supported. The thing needed on the RX side is to block resync requests, which are normally produced after receiving non-decrypted packets. The necessary synchronization is implemented for a graceful teardown: first the fallbacks are deployed, then the driver resources are released (it used to be possible to have a tls_dev_resync after tls_dev_del). A new flag called TLS_RX_DEV_DEGRADED is added to indicate the fallback mode. It's used to skip the RX resync logic completely, as it becomes useless, and some objects may be released (for example, resync_async, which is allocated and freed by the driver).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47131 was patched at 2024-05-15

4935. Memory Corruption - Linux Kernel (CVE-2021-47137) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails, DMA should reuse the previous skb and mapping and drop the packet. This patch also increments rx drop counter.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47137 was patched at 2024-05-15

4936. Memory Corruption - Linux Kernel (CVE-2021-47142) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a use-after-free looks like we forget to set ttm->sg to NULL. Hit panic below [ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI [ 1235.989074] Call Trace: [ 1235.991751] sg_free_table+0x17/0x20 [ 1235.995667] amdgpu_ttm_backend_unbind.cold+0x4d/0xf7 [amdgpu] [ 1236.002288] amdgpu_ttm_backend_destroy+0x29/0x130 [amdgpu] [ 1236.008464] ttm_tt_destroy+0x1e/0x30 [ttm] [ 1236.013066] ttm_bo_cleanup_memtype_use+0x51/0xa0 [ttm] [ 1236.018783] ttm_bo_release+0x262/0xa50 [ttm] [ 1236.023547] ttm_bo_put+0x82/0xd0 [ttm] [ 1236.027766] amdgpu_bo_unref+0x26/0x50 [amdgpu] [ 1236.032809] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x7aa/0xd90 [amdgpu] [ 1236.040400] kfd_ioctl_alloc_memory_of_gpu+0xe2/0x330 [amdgpu] [ 1236.046912] kfd_ioctl+0x463/0x690 [amdgpu]

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47142 was patched at 2024-05-15

4937. Memory Corruption - Linux Kernel (CVE-2021-47148) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context() This function is called from ethtool_set_rxfh() and "*rss_context" comes from the user. Add some bounds checking to prevent memory corruption.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47148 was patched at 2024-05-15

4938. Memory Corruption - Linux Kernel (CVE-2021-47150) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: net: fec: fix the potential memory leak in fec_enet_init() If the memory allocated for cbd_base is failed, it should free the memory allocated for the queues, otherwise it causes memory leak. And if the memory allocated for the queues is failed, it can return error directly.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47150 was patched at 2024-05-15

4939. Memory Corruption - Linux Kernel (CVE-2021-47168) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: NFS: fix an incorrect limit in filelayout_decode_layout() The "sizeof(struct nfs_fh)" is two bytes too large and could lead to memory corruption. It should be NFS_MAXFHSIZE because that's the size of the ->data[] buffer. I reversed the size of the arguments to put the variable on the left.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47168 was patched at 2024-05-15

4940. Memory Corruption - Linux Kernel (CVE-2021-47180) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: NFC: nci: fix memory leak in nci_allocate_device nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this by freeing hci_dev in nci_free_device. BUG: memory leak unreferenced object 0xffff888111ea6800 (size 1024): comm "kworker/1:0", pid 19, jiffies 4294942308 (age 13.580s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline] [<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline] [<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784 [<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline] [<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132 [<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153 [<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345 [<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 [<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740 [<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846 [<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431 [<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914 [<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491 [<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109 [<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164 [<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238 [<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47180 was patched at 2024-05-15

4941. Memory Corruption - Linux Kernel (CVE-2021-47190) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perf_env__insert_btf() perf_env__insert_btf() doesn't insert if a duplicate BTF id is encountered and this causes a memory leak. Modify the function to return a success/error value and then free the memory if insertion didn't happen. v2. Adds a return -1 when the insertion error occurs in perf_env__fetch_btf. This doesn't affect anything as the result is never checked.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47190 was patched at 2024-05-15

4942. Memory Corruption - Linux Kernel (CVE-2021-47196) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Set send and receive CQ before forwarding to the driver Preset both receive and send CQ pointers prior to call to the drivers and overwrite it later again till the mlx4 is going to be changed do not overwrite ibqp properties. This change is needed for mlx5, because in case of QP creation failure, it will go to the path of QP destroy which relies on proper CQ pointers. BUG: KASAN: use-after-free in create_qp.cold+0x164/0x16e [mlx5_ib] Write of size 8 at addr ffff8880064c55c0 by task a.out/246 CPU: 0 PID: 246 Comm: a.out Not tainted 5.15.0+ #291 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 Call Trace: dump_stack_lvl+0x45/0x59 print_address_description.constprop.0+0x1f/0x140 kasan_report.cold+0x83/0xdf create_qp.cold+0x164/0x16e [mlx5_ib] mlx5_ib_create_qp+0x358/0x28a0 [mlx5_ib] create_qp.part.0+0x45b/0x6a0 [ib_core] ib_create_qp_user+0x97/0x150 [ib_core] ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs] ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs] ib_uverbs_ioctl+0x169/0x260 [ib_uverbs] __x64_sys_ioctl+0x866/0x14d0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Allocated by task 246: kasan_save_stack+0x1b/0x40 __kasan_kmalloc+0xa4/0xd0 create_qp.part.0+0x92/0x6a0 [ib_core] ib_create_qp_user+0x97/0x150 [ib_core] ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs] ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs] ib_uverbs_ioctl+0x169/0x260 [ib_uverbs] __x64_sys_ioctl+0x866/0x14d0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Freed by task 246: kasan_save_stack+0x1b/0x40 kasan_set_track+0x1c/0x30 kasan_set_free_info+0x20/0x30 __kasan_slab_free+0x10c/0x150 slab_free_freelist_hook+0xb4/0x1b0 kfree+0xe7/0x2a0 create_qp.part.0+0x52b/0x6a0 [ib_core] ib_create_qp_user+0x97/0x150 [ib_core] ib_uverbs_handler_UVERBS_METHOD_QP_CREATE+0x92c/0x1250 [ib_uverbs] ib_uverbs_cmd_verbs+0x1c38/0x3150 [ib_uverbs] ib_uverbs_ioctl+0x169/0x260 [ib_uverbs] __x64_sys_ioctl+0x866/0x14d0 do_syscall_64+0x3d/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47196 was patched at 2024-05-15

4943. Memory Corruption - Linux Kernel (CVE-2021-47204) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove Access to netdev after free_netdev() will cause use-after-free bug. Move debug log before free_netdev() call to avoid it.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47204 was patched at 2024-05-15

4944. Memory Corruption - Linux Kernel (CVE-2021-47205) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: Unregister clocks/resets when unbinding Currently, unbinding a CCU driver unmaps the device's MMIO region, while leaving its clocks/resets and their providers registered. This can cause a page fault later when some clock operation tries to perform MMIO. Fix this by separating the CCU initialization from the memory allocation, and then using a devres callback to unregister the clocks and resets. This also fixes a memory leak of the `struct ccu_reset`, and uses the correct owner (the specific platform driver) for the clocks and resets. Early OF clock providers are never unregistered, and limited error handling is possible, so they are mostly unchanged. The error reporting is made more consistent by moving the message inside of_sunxi_ccu_probe.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47205 was patched at 2024-05-15

4945. Memory Corruption - Linux Kernel (CVE-2021-47209) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: sched/fair: Prevent dead task groups from regaining cfs_rq's Kevin is reporting crashes which point to a use-after-free of a cfs_rq in update_blocked_averages(). Initial debugging revealed that we've live cfs_rq's (on_list=1) in an about to be kfree()'d task group in free_fair_sched_group(). However, it was unclear how that can happen. His kernel config happened to lead to a layout of struct sched_entity that put the 'my_q' member directly into the middle of the object which makes it incidentally overlap with SLUB's freelist pointer. That, in combination with SLAB_FREELIST_HARDENED's freelist pointer mangling, leads to a reliable access violation in form of a #GP which made the UAF fail fast. Michal seems to have run into the same issue[1]. He already correctly diagnosed that commit a7b359fc6a37 ("sched/fair: Correctly insert cfs_rq's to list on unthrottle") is causing the preconditions for the UAF to happen by re-adding cfs_rq's also to task groups that have no more running tasks, i.e. also to dead ones. His analysis, however, misses the real root cause and it cannot be seen from the crash backtrace only, as the real offender is tg_unthrottle_up() getting called via sched_cfs_period_timer() via the timer interrupt at an inconvenient time. When unregister_fair_sched_group() unlinks all cfs_rq's from the dying task group, it doesn't protect itself from getting interrupted. If the timer interrupt triggers while we iterate over all CPUs or after unregister_fair_sched_group() has finished but prior to unlinking the task group, sched_cfs_period_timer() will execute and walk the list of task groups, trying to unthrottle cfs_rq's, i.e. re-add them to the dying task group. These will later -- in free_fair_sched_group() -- be kfree()'ed while still being linked, leading to the fireworks Kevin and Michal are seeing. To fix this race, ensure the dying task group gets unlinked first. However, simply switching the order of unregistering and unlinking the task group isn't sufficient, as concurrent RCU walkers might still see it, as can be seen below: CPU1: CPU2: : timer IRQ: : do_sched_cfs_period_timer(): : : : distribute_cfs_runtime(): : rcu_read_lock(); : : : unthrottle_cfs_rq(): sched_offline_group(): : : walk_tg_tree_from(…,tg_unthrottle_up,…): list_del_rcu(&tg->list); : (1) : list_for_each_entry_rcu(child, &parent->children, siblings) : : (2) list_del_rcu(&tg->siblings); : : tg_unthrottle_up(): unregister_fair_sched_group(): struct cfs_rq *cfs_rq = tg->cfs_rq[cpu_of(rq)]; : : list_del_leaf_cfs_rq(tg->cfs_rq[cpu]); : : : : if (!cfs_rq_is_decayed(cfs_rq) || cfs_rq->nr_running) (3) : list_add_leaf_cfs_rq(cfs_rq); : : : : : : : : : ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47209 was patched at 2024-05-15

4946. Memory Corruption - Linux Kernel (CVE-2022-48637) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: bnxt: prevent skb UAF after handing over to PTP worker When reading the timestamp is required bnxt_tx_int() hands over the ownership of the completed skb to the PTP worker. The skb should not be used afterwards, as the worker may run before the rest of our code and free the skb, leading to a use-after-free. Since dev_kfree_skb_any() accepts NULL make the loss of ownership more obvious and set skb to NULL.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48637 was patched at 2024-05-15

4947. Memory Corruption - Linux Kernel (CVE-2022-48641) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix memory leak when blob is malformed The bug fix was incomplete, it "replaced" crash with a memory leak. The old code had an assignment to "ret" embedded into the conditional, restore this.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48641 was patched at 2024-05-15

4948. Memory Corruption - Linux Kernel (CVE-2022-48642) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain() It seems to me that percpu memory for chain stats started leaking since commit 3bc158f8d0330f0a ("netfilter: nf_tables: map basechain priority to hardware priority") when nft_chain_offload_priority() returned an error.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48642 was patched at 2024-05-15

4949. Memory Corruption - Linux Kernel (CVE-2022-48649) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: mm/slab_common: fix possible double free of kmem_cache When doing slub_debug test, kfence's 'test_memcache_typesafe_by_rcu' kunit test case cause a use-after-free error: BUG: KASAN: use-after-free in kobject_del+0x14/0x30 Read of size 8 at addr ffff888007679090 by task kunit_try_catch/261 CPU: 1 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.0.0-rc5-next-20220916 #17 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x34/0x48 print_address_description.constprop.0+0x87/0x2a5 print_report+0x103/0x1ed kasan_report+0xb7/0x140 kobject_del+0x14/0x30 kmem_cache_destroy+0x130/0x170 test_exit+0x1a/0x30 kunit_try_run_case+0xad/0xc0 kunit_generic_run_threadfn_adapter+0x26/0x50 kthread+0x17b/0x1b0 </TASK> The cause is inside kmem_cache_destroy(): kmem_cache_destroy acquire lock/mutex shutdown_cache schedule_work(kmem_cache_release) (if RCU flag set) release lock/mutex kmem_cache_release (if RCU flag not set) In some certain timing, the scheduled work could be run before the next RCU flag checking, which can then get a wrong value and lead to double kmem_cache_release(). Fix it by caching the RCU flag inside protected area, just like 'refcnt'

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48649 was patched at 2024-05-15

4950. Memory Corruption - Linux Kernel (CVE-2022-48650) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() Commit 8f394da36a36 ("scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG") made the __qlt_24xx_handle_abts() function return early if tcm_qla2xxx_find_cmd_by_tag() didn't find a command, but it missed to clean up the allocated memory for the management command.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48650 was patched at 2024-05-15

4951. Memory Corruption - Linux Kernel (CVE-2022-48666) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a use-after-free There are two .exit_cmd_priv implementations. Both implementations use resources associated with the SCSI host. Make sure that these resources are still available when .exit_cmd_priv is called by waiting inside scsi_remove_host() until the tag set has been freed. This commit fixes the following use-after-free: ================================================================== BUG: KASAN: use-after-free in srp_exit_cmd_priv+0x27/0xd0 [ib_srp] Read of size 8 at addr ffff888100337000 by task multipathd/16727 Call Trace: <TASK> dump_stack_lvl+0x34/0x44 print_report.cold+0x5e/0x5db kasan_report+0xab/0x120 srp_exit_cmd_priv+0x27/0xd0 [ib_srp] scsi_mq_exit_request+0x4d/0x70 blk_mq_free_rqs+0x143/0x410 __blk_mq_free_map_and_rqs+0x6e/0x100 blk_mq_free_tag_set+0x2b/0x160 scsi_host_dev_release+0xf3/0x1a0 device_release+0x54/0xe0 kobject_put+0xa5/0x120 device_release+0x54/0xe0 kobject_put+0xa5/0x120 scsi_device_dev_release_usercontext+0x4c1/0x4e0 execute_in_process_context+0x23/0x90 device_release+0x54/0xe0 kobject_put+0xa5/0x120 scsi_disk_release+0x3f/0x50 device_release+0x54/0xe0 kobject_put+0xa5/0x120 disk_release+0x17f/0x1b0 device_release+0x54/0xe0 kobject_put+0xa5/0x120 dm_put_table_device+0xa3/0x160 [dm_mod] dm_put_device+0xd0/0x140 [dm_mod] free_priority_group+0xd8/0x110 [dm_multipath] free_multipath+0x94/0xe0 [dm_multipath] dm_table_destroy+0xa2/0x1e0 [dm_mod] __dm_destroy+0x196/0x350 [dm_mod] dev_remove+0x10c/0x160 [dm_mod] ctl_ioctl+0x2c2/0x590 [dm_mod] dm_ctl_ioctl+0x5/0x10 [dm_mod] __x64_sys_ioctl+0xb4/0xf0 dm_ctl_ioctl+0x5/0x10 [dm_mod] __x64_sys_ioctl+0xb4/0xf0 do_syscall_64+0x3b/0x90 entry_SYSCALL_64_after_hwframe+0x46/0xb0

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48666 was patched at 2024-05-15

4952. Memory Corruption - Linux Kernel (CVE-2022-48695) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use-after-free warning Fix the following use-after-free warning which is observed during controller reset: refcount_t: underflow; use-after-free. WARNING: CPU: 23 PID: 5399 at lib/refcount.c:28 refcount_warn_saturate+0xa6/0xf0

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48695 was patched at 2024-05-15

4953. Memory Corruption - Linux Kernel (CVE-2022-48697) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a use-after-free Fix the following use-after-free complaint triggered by blktests nvme/004: BUG: KASAN: user-memory-access in blk_mq_complete_request_remote+0xac/0x350 Read of size 4 at addr 0000607bd1835943 by task kworker/13:1/460 Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop] Call Trace: show_stack+0x52/0x58 dump_stack_lvl+0x49/0x5e print_report.cold+0x36/0x1e2 kasan_report+0xb9/0xf0 __asan_load4+0x6b/0x80 blk_mq_complete_request_remote+0xac/0x350 nvme_loop_queue_response+0x1df/0x275 [nvme_loop] __nvmet_req_complete+0x132/0x4f0 [nvmet] nvmet_req_complete+0x15/0x40 [nvmet] nvmet_execute_io_connect+0x18a/0x1f0 [nvmet] nvme_loop_execute_work+0x20/0x30 [nvme_loop] process_one_work+0x56e/0xa70 worker_thread+0x2d1/0x640 kthread+0x183/0x1c0 ret_from_fork+0x1f/0x30

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48697 was patched at 2024-05-15

4954. Memory Corruption - Linux Kernel (CVE-2022-48698) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix memory leak when using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. Fix this up by properly calling dput().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48698 was patched at 2024-05-15

4955. Memory Corruption - Linux Kernel (CVE-2022-48701) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() There may be a bad USB audio device with a USB ID of (0x04fa, 0x4201) and the number of it's interfaces less than 4, an out-of-bounds read bug occurs when parsing the interface descriptor for this device. Fix this by checking the number of interfaces.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48701 was patched at 2024-05-15

4956. Memory Corruption - Linux Kernel (CVE-2023-52475) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermate_config_complete syzbot has found a use-after-free bug [1] in the powermate driver. This happens when the device is disconnected, which leads to a memory free from the powermate_device struct. When an asynchronous control message completes after the kfree and its callback is invoked, the lock does not exist anymore and hence the bug. Use usb_kill_urb() on pm->config to cancel any in-progress requests upon device disconnection. [1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52475 was patched at 2024-05-15

4957. Memory Corruption - Linux Kernel (CVE-2023-52491) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run In mtk_jpeg_probe, &jpeg->job_timeout_work is bound with mtk_jpeg_job_timeout_work. In mtk_jpeg_dec_device_run, if error happens in mtk_jpeg_set_dec_dst, it will finally start the worker while mark the job as finished by invoking v4l2_m2m_job_finish. There are two methods to trigger the bug. If we remove the module, it which will call mtk_jpeg_remove to make cleanup. The possible sequence is as follows, which will cause a use-after-free bug. CPU0 CPU1 mtk_jpeg_dec_... | start worker | |mtk_jpeg_job_timeout_work mtk_jpeg_remove | v4l2_m2m_release | kfree(m2m_dev); | | | v4l2_m2m_get_curr_priv | m2m_dev->curr_ctx //use If we close the file descriptor, which will call mtk_jpeg_release, it will have a similar sequence. Fix this bug by starting timeout worker only if started jpegdec worker successfully. Then v4l2_m2m_job_finish will only be called in either mtk_jpeg_job_timeout_work or mtk_jpeg_dec_device_run.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52491 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52491 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

4958. Memory Corruption - Linux Kernel (CVE-2023-52503) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix use-after-free vulnerability in amdtee_close_session There is a potential race condition in amdtee_close_session that may cause use-after-free in amdtee_open_session. For instance, if a session has refcount == 1, and one thread tries to free this session via: kref_put(&sess->refcount, destroy_session); the reference count will get decremented, and the next step would be to call destroy_session(). However, if in another thread, amdtee_open_session() is called before destroy_session() has completed execution, alloc_session() may return 'sess' that will be freed up later in destroy_session() leading to use-after-free in amdtee_open_session. To fix this issue, treat decrement of sess->refcount and removal of 'sess' from session list in destroy_session() as a critical section, so that it is executed atomically.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52503 was patched at 2024-05-15

4959. Memory Corruption - Linux Kernel (CVE-2023-52509) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ravb: Fix use-after-free issue in ravb_tx_timeout_work() The ravb_stop() should call cancel_work_sync(). Otherwise, ravb_tx_timeout_work() is possible to use the freed priv after ravb_remove() was called like below: CPU0 CPU1 ravb_tx_timeout() ravb_remove() unregister_netdev() free_netdev(ndev) // free priv ravb_tx_timeout_work() // use priv unregister_netdev() will call .ndo_stop() so that ravb_stop() is called. And, after phy_stop() is called, netif_carrier_off() is also called. So that .ndo_tx_timeout() will not be called after phy_stop().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52509 was patched at 2024-05-15

4960. Memory Corruption - Linux Kernel (CVE-2023-52510) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ieee802154: ca8210: Fix a potential UAF in ca8210_probe If of_clk_add_provider() fails in ca8210_register_ext_clock(), it calls clk_unregister() to release priv->clk and returns an error. However, the caller ca8210_probe() then calls ca8210_remove(), where priv->clk is freed again in ca8210_unregister_ext_clock(). In this case, a use-after-free may happen in the second time we call clk_unregister(). Fix this by removing the first clk_unregister(). Also, priv->clk could be an error code on failure of clk_register_fixed_rate(). Use IS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52510 was patched at 2024-05-15

4961. Memory Corruption - Linux Kernel (CVE-2023-52512) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: wpcm450: fix out of bounds write Write into 'pctrl->gpio_bank' happens before the check for GPIO index validity, so out of bounds write may happen. Found by Linux Verification Center (linuxtesting.org) with SVACE.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52512 was patched at 2024-05-15

4962. Memory Corruption - Linux Kernel (CVE-2023-52515) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Do not call scsi_done() from srp_abort() After scmd_eh_abort_handler() has called the SCSI LLD eh_abort_handler callback, it performs one of the following actions: * Call scsi_queue_insert(). * Call scsi_finish_command(). * Call scsi_eh_scmd_add(). Hence, SCSI abort handlers must not call scsi_done(). Otherwise all the above actions would trigger a use-after-free. Hence remove the scsi_done() call from srp_abort(). Keep the srp_free_req() call before returning SUCCESS because we may not see the command again if SUCCESS is returned.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52515 was patched at 2024-05-15

4963. Memory Corruption - Linux Kernel (CVE-2023-52518) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_codec: Fix leaking content of local_codecs The following memory leak can be observed when the controller supports codecs which are stored in local_codecs list but the elements are never freed: unreferenced object 0xffff88800221d840 (size 32): comm "kworker/u3:0", pid 36, jiffies 4294898739 (age 127.060s) hex dump (first 32 bytes): f8 d3 02 03 80 88 ff ff 80 d8 21 02 80 88 ff ff ..........!..... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<ffffffffb324f557>] __kmalloc+0x47/0x120 [<ffffffffb39ef37d>] hci_codec_list_add.isra.0+0x2d/0x160 [<ffffffffb39ef643>] hci_read_codec_capabilities+0x183/0x270 [<ffffffffb39ef9ab>] hci_read_supported_codecs+0x1bb/0x2d0 [<ffffffffb39f162e>] hci_read_local_codecs_sync+0x3e/0x60 [<ffffffffb39ff1b3>] hci_dev_open_sync+0x943/0x11e0 [<ffffffffb396d55d>] hci_power_on+0x10d/0x3f0 [<ffffffffb30c99b4>] process_one_work+0x404/0x800 [<ffffffffb30ca134>] worker_thread+0x374/0x670 [<ffffffffb30d9108>] kthread+0x188/0x1c0 [<ffffffffb304db6b>] ret_from_fork+0x2b/0x50 [<ffffffffb300206a>] ret_from_fork_asm+0x1a/0x30

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52518 was patched at 2024-05-15

4964. Memory Corruption - Linux Kernel (CVE-2023-52526) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: erofs: fix memory leak of LZMA global compressed deduplication When stressing microLZMA EROFS images with the new global compressed deduplication feature enabled (`-Ededupe`), I found some short-lived temporary pages weren't properly released, which could slowly cause unexpected OOMs hours later. Let's fix it now (LZ4 and DEFLATE don't have this issue.)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52526 was patched at 2024-05-15

4965. Memory Corruption - Linux Kernel (CVE-2023-52529) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: HID: sony: Fix a potential memory leak in sony_probe() If an error occurs after a successful usb_alloc_urb() call, usb_free_urb() should be called.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52529 was patched at 2024-05-15

oraclelinux: CVE-2023-52529 was patched at 2024-05-02

4966. Memory Corruption - Linux Kernel (CVE-2023-52530) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 due to KRACK protection (identical key reinstall), ieee80211_gtk_rekey_add() will still return a pointer into the key, in a potential use-after-free. This normally doesn't happen since it's only called by iwlwifi in case of WoWLAN rekey offload which has its own KRACK protection, but still better to fix, do that by returning an error code and converting that to success on the cfg80211 boundary only, leaving the error for bad callers of ieee80211_gtk_rekey_add().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52530 was patched at 2024-05-15

redhat: CVE-2023-52530 was patched at 2024-06-12

ubuntu: CVE-2023-52530 was patched at 2024-05-16, 2024-05-20, 2024-05-21, 2024-05-23, 2024-05-28, 2024-06-11

4967. Memory Corruption - Linux Kernel (CVE-2023-52531) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc()'ed for: sizeof(struct iwl_nvm_data) + sizeof(struct ieee80211_channel) + sizeof(struct ieee80211_rate) 'mvm->nvm_data' is a 'struct iwl_nvm_data', so it is fine. At the end of this structure, there is the 'channels' flex array. Each element is of type 'struct ieee80211_channel'. So only 1 element is allocated in this array. When doing: mvm->nvm_data->bands[0].channels = mvm->nvm_data->channels; We point at the first element of the 'channels' flex array. So this is fine. However, when doing: mvm->nvm_data->bands[0].bitrates = (void *)((u8 *)mvm->nvm_data->channels + 1); because of the "(u8 *)" cast, we add only 1 to the address of the beginning of the flex array. It is likely that we want point at the 'struct ieee80211_rate' allocated just after. Remove the spurious casting so that the pointer arithmetic works as expected.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52531 was patched at 2024-05-15

4968. Memory Corruption - Linux Kernel (CVE-2023-52560) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() When CONFIG_DAMON_VADDR_KUNIT_TEST=y and making CONFIG_DEBUG_KMEMLEAK=y and CONFIG_DEBUG_KMEMLEAK_AUTO_SCAN=y, the below memory leak is detected. Since commit 9f86d624292c ("mm/damon/vaddr-test: remove unnecessary variables"), the damon_destroy_ctx() is removed, but still call damon_new_target() and damon_new_region(), the damon_region which is allocated by kmem_cache_alloc() in damon_new_region() and the damon_target which is allocated by kmalloc in damon_new_target() are not freed. And the damon_region which is allocated in damon_new_region() in damon_set_regions() is also not freed. So use damon_destroy_target to free all the damon_regions and damon_target. unreferenced object 0xffff888107c9a940 (size 64): comm "kunit_try_catch", pid 1069, jiffies 4294670592 (age 732.761s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b ............kkkk 60 c7 9c 07 81 88 ff ff f8 cb 9c 07 81 88 ff ff `............... backtrace: [<ffffffff817e0167>] kmalloc_trace+0x27/0xa0 [<ffffffff819c11cf>] damon_new_target+0x3f/0x1b0 [<ffffffff819c7d55>] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0 [<ffffffff819c82be>] damon_test_apply_three_regions1+0x21e/0x260 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff8881079cc740 (size 56): comm "kunit_try_catch", pid 1069, jiffies 4294670592 (age 732.761s) hex dump (first 32 bytes): 05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................ 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk backtrace: [<ffffffff819bc492>] damon_new_region+0x22/0x1c0 [<ffffffff819c7d91>] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0 [<ffffffff819c82be>] damon_test_apply_three_regions1+0x21e/0x260 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff888107c9ac40 (size 64): comm "kunit_try_catch", pid 1071, jiffies 4294670595 (age 732.843s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 06 00 00 00 6b 6b 6b 6b ............kkkk a0 cc 9c 07 81 88 ff ff 78 a1 76 07 81 88 ff ff ........x.v..... backtrace: [<ffffffff817e0167>] kmalloc_trace+0x27/0xa0 [<ffffffff819c11cf>] damon_new_target+0x3f/0x1b0 [<ffffffff819c7d55>] damon_do_test_apply_three_regions.constprop.0+0x95/0x3e0 [<ffffffff819c851e>] damon_test_apply_three_regions2+0x21e/0x260 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffffffff81003791>] ret_from_fork_asm+0x11/0x20 unreferenced object 0xffff8881079ccc80 (size 56): comm "kunit_try_catch", pid 1071, jiffies 4294670595 (age 732.843s) hex dump (first 32 bytes): 05 00 00 00 00 00 00 00 14 00 00 00 00 00 00 00 ................ 6b 6b 6b 6b 6b 6b 6b 6b 00 00 00 00 6b 6b 6b 6b kkkkkkkk....kkkk backtrace: [<ffffffff819bc492>] damon_new_region+0x22/0x1c0 [<ffffffff819c7d91>] damon_do_test_apply_three_regions.constprop.0+0xd1/0x3e0 [<ffffffff819c851e>] damon_test_apply_three_regions2+0x21e/0x260 [<ffffffff829fce6a>] kunit_generic_run_threadfn_adapter+0x4a/0x90 [<ffffffff81237cf6>] kthread+0x2b6/0x380 [<ffffffff81097add>] ret_from_fork+0x2d/0x70 [<ffff ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52560 was patched at 2024-05-15

4969. Memory Corruption - Linux Kernel (CVE-2023-52563) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/meson: fix memory leak on ->hpd_notify callback The EDID returned by drm_bridge_get_edid() needs to be freed.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52563 was patched at 2024-05-15

4970. Memory Corruption - Linux Kernel (CVE-2023-52564) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "tty: n_gsm: fix UAF in gsm_cleanup_mux"\n\nThis reverts commit 9b9c8195f3f0d74a826077fc1c01b9ee74907239.\n\nThe commit above is reverted as it did not solve the original issue.\n\ngsm_cleanup_mux() tries to free up the virtual ttys by calling\ngsm_dlci_release() for each available DLCI. There, dlci_put() is called to\ndecrease the reference counter for the DLCI via tty_port_put() which\nfinally calls gsm_dlci_free(). This already clears the pointer which is\nbeing checked in gsm_cleanup_mux() before calling gsm_dlci_release().\nTherefore, it is not necessary to clear this pointer in gsm_cleanup_mux()\nas done in the reverted commit. The commit introduces a null pointer\ndereference:\n <TASK>\n ? __die+0x1f/0x70\n ? page_fault_oops+0x156/0x420\n ? search_exception_tables+0x37/0x50\n ? fixup_exception+0x21/0x310\n ? exc_page_fault+0x69/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? tty_port_put+0x19/0xa0\n gsmtty_cleanup+0x29/0x80 [n_gsm]\n release_one_tty+0x37/0xe0\n process_one_work+0x1e6/0x3e0\n worker_thread+0x4c/0x3d0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe1/0x110\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2f/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n </TASK>\n\nThe actual issue is that nothing guards dlci_put() from being called\nmultiple times while the tty driver was triggered but did not yet finished\ncalling gsm_dlci_free().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52564 was patched at 2024-05-15

4971. Memory Corruption - Linux Kernel (CVE-2023-52565) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Fix OOB read\n\nIf the index provided by the user is bigger than the mask size, we might do\nan out of bound read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-52565 was patched at 2024-06-05

debian: CVE-2023-52565 was patched at 2024-05-15

oraclelinux: CVE-2023-52565 was patched at 2024-06-05

redhat: CVE-2023-52565 was patched at 2024-06-05

4972. Memory Corruption - Linux Kernel (CVE-2023-52566) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() In nilfs_gccache_submit_read_data(), brelse(bh) is called to drop the reference count of bh when the call to nilfs_dat_translate() fails. If the reference count hits 0 and its owner page gets unlocked, bh may be freed. However, bh->b_page is dereferenced to put the page after that, which may result in a use-after-free bug. This patch moves the release operation after unlocking and putting the page. NOTE: The function in question is only called in GC, and in combination with current userland tools, address translation using DAT does not occur in that function, so the code path that causes this issue will not be executed. However, it is possible to run that code path by intentionally modifying the userland GC library or by calling the GC ioctl directly. [konishi.ryusuke@gmail.com: NOTE added to the commit log]

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52566 was patched at 2024-05-15

ubuntu: CVE-2023-52566 was patched at 2024-05-16, 2024-05-20, 2024-05-21, 2024-05-23

4973. Memory Corruption - Linux Kernel (CVE-2023-52567) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250_port: Check IRQ data before use\n\nIn case the leaf driver wants to use IRQ polling (irq = 0) and\nIIR register shows that an interrupt happened in the 8250 hardware\nthe IRQ data can be NULL. In such a case we need to skip the wake\nevent as we came to this path from the timer interrupt and quite\nlikely system is already awake.\n\nWithout this fix we have got an Oops:\n\n serial8250: ttyS0 at I/O 0x3f8 (irq = 0, base_baud = 115200) is a 16550A\n ...\n BUG: kernel NULL pointer dereference, address: 0000000000000010\n RIP: 0010:serial8250_handle_irq+0x7c/0x240\n Call Trace:\n ? serial8250_handle_irq+0x7c/0x240\n ? __pfx_serial8250_timeout+0x10/0x10', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52567 was patched at 2024-05-15

4974. Memory Corruption - Linux Kernel (CVE-2023-52568) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/sgx: Resolves SECS reclaim vs. page fault for EAUG race\n\nThe SGX EPC reclaimer (ksgxd) may reclaim the SECS EPC page for an\nenclave and set secs.epc_page to NULL. The SECS page is used for EAUG\nand ELDU in the SGX page fault handler. However, the NULL check for\nsecs.epc_page is only done for ELDU, not EAUG before being used.\n\nFix this by doing the same NULL check and reloading of the SECS page as\nneeded for both EAUG and ELDU.\n\nThe SECS page holds global enclave metadata. It can only be reclaimed\nwhen there are no other enclave pages remaining. At that point,\nvirtually nothing can be done with the enclave until the SECS page is\npaged back in.\n\nAn enclave can not run nor generate page faults without a resident SECS\npage. But it is still possible for a #PF for a non-SECS page to race\nwith paging out the SECS page: when the last resident non-SECS page A\ntriggers a #PF in a non-resident page B, and then page A and the SECS\nboth are paged out before the #PF on B is handled.\n\nHitting this bug requires that race triggered with a #PF for EAUG.\nFollowing is a trace when it happens.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nRIP: 0010:sgx_encl_eaug_page+0xc7/0x210\nCall Trace:\n ? __kmem_cache_alloc_node+0x16a/0x440\n ? xa_load+0x6e/0xa0\n sgx_vma_fault+0x119/0x230\n __do_fault+0x36/0x140\n do_fault+0x12f/0x400\n __handle_mm_fault+0x728/0x1110\n handle_mm_fault+0x105/0x310\n do_user_addr_fault+0x1ee/0x750\n ? __this_cpu_preempt_check+0x13/0x20\n exc_page_fault+0x76/0x180\n asm_exc_page_fault+0x27/0x30', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52568 was patched at 2024-05-15

4975. Memory Corruption - Linux Kernel (CVE-2023-52570) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent()\n\nInject fault while probing mdpy.ko, if kstrdup() of create_dir() fails in\nkobject_add_internal() in kobject_init_and_add() in mdev_type_add()\nin parent_create_sysfs_files(), it will return 0 and probe successfully.\nAnd when rmmod mdpy.ko, the mdpy_dev_exit() will call\nmdev_unregister_parent(), the mdev_type_remove() may traverse uninitialized\nparent->types[i] in parent_remove_sysfs_files(), and it will cause\nbelow null-ptr-deref.\n\nIf mdev_type_add() fails, return the error code and kset_unregister()\nto fix the issue.\n\n general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n CPU: 2 PID: 10215 Comm: rmmod Tainted: G W N 6.6.0-rc2+ #20\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:__kobject_del+0x62/0x1c0\n Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 28 48 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 24 01 00 00 48 8b 75 10 48 89 df 48 8d 6b 3c e8\n RSP: 0018:ffff88810695fd30 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: ffffffffa0270268 RCX: 0000000000000000\n RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000010\n RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed10233a4ef1\n R10: ffff888119d2778b R11: 0000000063666572 R12: 0000000000000000\n R13: fffffbfff404e2d4 R14: dffffc0000000000 R15: ffffffffa0271660\n FS: 00007fbc81981540(0000) GS:ffff888119d00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fc14a142dc0 CR3: 0000000110a62003 CR4: 0000000000770ee0\n DR0: ffffffff8fb0bce8 DR1: ffffffff8fb0bce9 DR2: ffffffff8fb0bcea\n DR3: ffffffff8fb0bceb DR6: 00000000fffe0ff0 DR7: 0000000000000600\n PKRU: 55555554\n Call Trace:\n <TASK>\n ? die_addr+0x3d/0xa0\n ? exc_general_protection+0x144/0x220\n ? asm_exc_general_protection+0x22/0x30\n ? __kobject_del+0x62/0x1c0\n kobject_del+0x32/0x50\n parent_remove_sysfs_files+0xd6/0x170 [mdev]\n mdev_unregister_parent+0xfb/0x190 [mdev]\n ? mdev_register_parent+0x270/0x270 [mdev]\n ? find_module_all+0x9d/0xe0\n mdpy_dev_exit+0x17/0x63 [mdpy]\n __do_sys_delete_module.constprop.0+0x2fa/0x4b0\n ? module_flags+0x300/0x300\n ? __fput+0x4e7/0xa00\n do_syscall_64+0x35/0x80\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n RIP: 0033:0x7fbc813221b7\n Code: 73 01 c3 48 8b 0d d1 8c 2c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 b0 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d a1 8c 2c 00 f7 d8 64 89 01 48\n RSP: 002b:00007ffe780e0648 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0\n RAX: ffffffffffffffda RBX: 00007ffe780e06a8 RCX: 00007fbc813221b7\n RDX: 000000000000000a RSI: 0000000000000800 RDI: 000055e214df9b58\n RBP: 000055e214df9af0 R08: 00007ffe780df5c1 R09: 0000000000000000\n R10: 00007fbc8139ecc0 R11: 0000000000000206 R12: 00007ffe780e0870\n R13: 00007ffe780e0ed0 R14: 000055e214df9260 R15: 000055e214df9af0\n </TASK>\n Modules linked in: mdpy(-) mdev vfio_iommu_type1 vfio [last unloaded: mdpy]\n Dumping ftrace buffer:\n (ftrace buffer empty)\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:__kobject_del+0x62/0x1c0\n Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 51 01 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b 6b 28 48 8d 7d 10 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 24 01 00 00 48 8b 75 10 48 89 df 48 8d 6b 3c e8\n RSP: 0018:ffff88810695fd30 EFLAGS: 00010202\n RAX: dffffc0000000000 RBX: ffffffffa0270268 RCX: 0000000000000000\n RDX: 0000000000000002 RSI: 0000000000000004 RDI: 0000000000000010\n RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed10233a4ef1\n R10: ffff888119d2778b R11: 0000000063666572 R12: 0000000000000000\n R13: fffffbfff404e2d4 R14: dffffc0000000000 R15: ffffffffa0271660\n FS: 00007fbc81981540(0000) GS:ffff888119d00000(000\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52570 was patched at 2024-05-15

4976. Memory Corruption - Linux Kernel (CVE-2023-52572) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: cifs: Fix UAF in cifs_demultiplex_thread() There is a UAF when xfstests on cifs: BUG: KASAN: use-after-free in smb2_is_network_name_deleted+0x27/0x160 Read of size 4 at addr ffff88810103fc08 by task cifsd/923 CPU: 1 PID: 923 Comm: cifsd Not tainted 6.1.0-rc4+ #45 ... Call Trace: <TASK> dump_stack_lvl+0x34/0x44 print_report+0x171/0x472 kasan_report+0xad/0x130 kasan_check_range+0x145/0x1a0 smb2_is_network_name_deleted+0x27/0x160 cifs_demultiplex_thread.cold+0x172/0x5a4 kthread+0x165/0x1a0 ret_from_fork+0x1f/0x30 </TASK> Allocated by task 923: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 __kasan_slab_alloc+0x54/0x60 kmem_cache_alloc+0x147/0x320 mempool_alloc+0xe1/0x260 cifs_small_buf_get+0x24/0x60 allocate_buffers+0xa1/0x1c0 cifs_demultiplex_thread+0x199/0x10d0 kthread+0x165/0x1a0 ret_from_fork+0x1f/0x30 Freed by task 921: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x2a/0x40 ____kasan_slab_free+0x143/0x1b0 kmem_cache_free+0xe3/0x4d0 cifs_small_buf_release+0x29/0x90 SMB2_negotiate+0x8b7/0x1c60 smb2_negotiate+0x51/0x70 cifs_negotiate_protocol+0xf0/0x160 cifs_get_smb_ses+0x5fa/0x13c0 mount_get_conns+0x7a/0x750 cifs_mount+0x103/0xd00 cifs_smb3_do_mount+0x1dd/0xcb0 smb3_get_tree+0x1d5/0x300 vfs_get_tree+0x41/0xf0 path_mount+0x9b3/0xdd0 __x64_sys_mount+0x190/0x1d0 do_syscall_64+0x35/0x80 entry_SYSCALL_64_after_hwframe+0x46/0xb0 The UAF is because: mount(pid: 921) | cifsd(pid: 923) -------------------------------|------------------------------- | cifs_demultiplex_thread SMB2_negotiate | cifs_send_recv | compound_send_recv | smb_send_rqst | wait_for_response | wait_event_state [1] | | standard_receive3 | cifs_handle_standard | handle_mid | mid->resp_buf = buf; [2] | dequeue_mid [3] KILL the process [4] | resp_iov[i].iov_base = buf | free_rsp_buf [5] | | is_network_name_deleted [6] | callback 1. After send request to server, wait the response until mid->mid_state != SUBMITTED; 2. Receive response from server, and set it to mid; 3. Set the mid state to RECEIVED; 4. Kill the process, the mid state already RECEIVED, get 0; 5. Handle and release the negotiate response; 6. UAF. It can be easily reproduce with add some delay in [3] - [6]. Only sync call has the problem since async call's callback is executed in cifsd process. Add an extra state to mark the mid state to READY before wakeup the waitter, then it can get the resp safely.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52572 was patched at 2024-05-15

4977. Memory Corruption - Linux Kernel (CVE-2023-52573) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: rds: Fix possible NULL-pointer dereference\n\nIn rds_rdma_cm_event_handler_cmn() check, if conn pointer exists\nbefore dereferencing it as rdma_set_service_type() argument\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52573 was patched at 2024-05-15

4978. Memory Corruption - Linux Kernel (CVE-2023-52574) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nteam: fix null-ptr-deref when team device type is changed\n\nGet a null-ptr-deref bug as follows with reproducer [1].\n\nBUG: kernel NULL pointer dereference, address: 0000000000000228\n...\nRIP: 0010:vlan_dev_hard_header+0x35/0x140 [8021q]\n...\nCall Trace:\n <TASK>\n ? __die+0x24/0x70\n ? page_fault_oops+0x82/0x150\n ? exc_page_fault+0x69/0x150\n ? asm_exc_page_fault+0x26/0x30\n ? vlan_dev_hard_header+0x35/0x140 [8021q]\n ? vlan_dev_hard_header+0x8e/0x140 [8021q]\n neigh_connected_output+0xb2/0x100\n ip6_finish_output2+0x1cb/0x520\n ? nf_hook_slow+0x43/0xc0\n ? ip6_mtu+0x46/0x80\n ip6_finish_output+0x2a/0xb0\n mld_sendpack+0x18f/0x250\n mld_ifc_work+0x39/0x160\n process_one_work+0x1e6/0x3f0\n worker_thread+0x4d/0x2f0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe5/0x120\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n\n[1]\n$ teamd -t team0 -d -c '{"runner": {"name": "loadbalance"}}'\n$ ip link add name t-dummy type dummy\n$ ip link add link t-dummy name t-dummy.100 type vlan id 100\n$ ip link add name t-nlmon type nlmon\n$ ip link set t-nlmon master team0\n$ ip link set t-nlmon nomaster\n$ ip link set t-dummy up\n$ ip link set team0 up\n$ ip link set t-dummy.100 down\n$ ip link set t-dummy.100 master team0\n\nWhen enslave a vlan device to team device and team device type is changed\nfrom non-ether to ether, header_ops of team device is changed to\nvlan_header_ops. That is incorrect and will trigger null-ptr-deref\nfor vlan->real_dev in vlan_dev_hard_header() because team device is not\na vlan device.\n\nCache eth_header_ops in team_setup(), then assign cached header_ops to\nheader_ops of team net device when its type is changed from non-ether\nto ether to fix the bug.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-52574 was patched at 2024-05-22

debian: CVE-2023-52574 was patched at 2024-05-15

oraclelinux: CVE-2023-52574 was patched at 2024-05-02, 2024-05-23

redhat: CVE-2023-52574 was patched at 2024-05-22

4979. Memory Corruption - Linux Kernel (CVE-2023-52576) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()\n\nThe code calling ima_free_kexec_buffer() runs long after the memblock\nallocator has already been torn down, potentially resulting in a use\nafter free in memblock_isolate_range().\n\nWith KASAN or KFENCE, this use after free will result in a BUG\nfrom the idle task, and a subsequent kernel panic.\n\nSwitch ima_free_kexec_buffer() over to memblock_free_late() to avoid\nthat bug.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52576 was patched at 2024-05-15

4980. Memory Corruption - Linux Kernel (CVE-2023-52582) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Only call folio_start_fscache() one time for each folio\n\nIf a network filesystem using netfs implements a clamp_length()\nfunction, it can set subrequest lengths smaller than a page size.\n\nWhen we loop through the folios in netfs_rreq_unlock_folios() to\nset any folios to be written back, we need to make sure we only\ncall folio_start_fscache() once for each folio.\n\nOtherwise, this simple testcase:\n\n mount -o fsc,rsize=1024,wsize=1024 127.0.0.1:/export /mnt/nfs\n dd if=/dev/zero of=/mnt/nfs/file.bin bs=4096 count=1\n 1+0 records in\n 1+0 records out\n 4096 bytes (4.1 kB, 4.0 KiB) copied, 0.0126359 s, 324 kB/s\n echo 3 > /proc/sys/vm/drop_caches\n cat /mnt/nfs/file.bin > /dev/null\n\nwill trigger an oops similar to the following:\n\n page dumped because: VM_BUG_ON_FOLIO(folio_test_private_2(folio))\n ------------[ cut here ]------------\n kernel BUG at include/linux/netfs.h:44!\n ...\n CPU: 5 PID: 134 Comm: kworker/u16:5 Kdump: loaded Not tainted 6.4.0-rc5\n ...\n RIP: 0010:netfs_rreq_unlock_folios+0x68e/0x730 [netfs]\n ...\n Call Trace:\n netfs_rreq_assess+0x497/0x660 [netfs]\n netfs_subreq_terminated+0x32b/0x610 [netfs]\n nfs_netfs_read_completion+0x14e/0x1a0 [nfs]\n nfs_read_completion+0x2f9/0x330 [nfs]\n rpc_free_task+0x72/0xa0 [sunrpc]\n rpc_async_release+0x46/0x70 [sunrpc]\n process_one_work+0x3bd/0x710\n worker_thread+0x89/0x610\n kthread+0x181/0x1c0\n ret_from_fork+0x29/0x50', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52582 was patched at 2024-05-15

4981. Memory Corruption - Linux Kernel (CVE-2023-52586) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registering/unregistering the vblank irq callback. v4: -Removed vblank_ctl_lock from dpu_encoder_virt, so it is only a parameter of dpu_encoder_phys. -Switch from atomic refcnt to a simple int counter as mutex has now been added v3: Mistakenly did not change wording in last version. It is done now. v2: Slightly changed wording of commit message Patchwork: https://patchwork.freedesktop.org/patch/571854/

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52586 was patched at 2024-05-15

4982. Memory Corruption - Linux Kernel (CVE-2023-52614) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are exceeding PAGE_SIZE and exit early from loop. Also add at the end a warning that we exceeded PAGE_SIZE and that stats is disabled. Return -EFBIG in the case where we don't have enough space to write the full transition table. Also document in the ABI that this function can return -EFBIG error.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52614 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52614 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

4983. Memory Corruption - Linux Kernel (CVE-2023-52629) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: sh: push-switch: Reorder cleanup operations to avoid use-after-free bug The original code puts flush_work() before timer_shutdown_sync() in switch_drv_remove(). Although we use flush_work() to stop the worker, it could be rescheduled in switch_timer(). As a result, a use-after-free bug can occur. The details are shown below: (cpu 0) | (cpu 1) switch_drv_remove() | flush_work() | ... | switch_timer // timer | schedule_work(&psw->work) timer_shutdown_sync() | ... | switch_work_handler // worker kfree(psw) // free | | psw->state = 0 // use This patch puts timer_shutdown_sync() before flush_work() to mitigate the bugs. As a result, the worker and timer will be stopped safely before the deallocate operations.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52629 was patched at 2024-05-15

4984. Memory Corruption - Linux Kernel (CVE-2023-52637) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Lock jsk->sk to prevent UAF when setsockopt(..., SO_J1939_FILTER, ...) modifies jsk->filters while receiving packets. Following trace was seen on affected system: ================================================================== BUG: KASAN: slab-use-after-free in j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939] Read of size 4 at addr ffff888012144014 by task j1939/350 CPU: 0 PID: 350 Comm: j1939 Tainted: G W OE 6.5.0-rc5 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: print_report+0xd3/0x620 ? kasan_complete_mode_report_info+0x7d/0x200 ? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939] kasan_report+0xc2/0x100 ? j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939] __asan_load4+0x84/0xb0 j1939_sk_recv_match_one+0x1af/0x2d0 [can_j1939] j1939_sk_recv+0x20b/0x320 [can_j1939] ? __kasan_check_write+0x18/0x20 ? __pfx_j1939_sk_recv+0x10/0x10 [can_j1939] ? j1939_simple_recv+0x69/0x280 [can_j1939] ? j1939_ac_recv+0x5e/0x310 [can_j1939] j1939_can_recv+0x43f/0x580 [can_j1939] ? __pfx_j1939_can_recv+0x10/0x10 [can_j1939] ? raw_rcv+0x42/0x3c0 [can_raw] ? __pfx_j1939_can_recv+0x10/0x10 [can_j1939] can_rcv_filter+0x11f/0x350 [can] can_receive+0x12f/0x190 [can] ? __pfx_can_rcv+0x10/0x10 [can] can_rcv+0xdd/0x130 [can] ? __pfx_can_rcv+0x10/0x10 [can] __netif_receive_skb_one_core+0x13d/0x150 ? __pfx___netif_receive_skb_one_core+0x10/0x10 ? __kasan_check_write+0x18/0x20 ? _raw_spin_lock_irq+0x8c/0xe0 __netif_receive_skb+0x23/0xb0 process_backlog+0x107/0x260 __napi_poll+0x69/0x310 net_rx_action+0x2a1/0x580 ? __pfx_net_rx_action+0x10/0x10 ? __pfx__raw_spin_lock+0x10/0x10 ? handle_irq_event+0x7d/0xa0 __do_softirq+0xf3/0x3f8 do_softirq+0x53/0x80 </IRQ> <TASK> __local_bh_enable_ip+0x6e/0x70 netif_rx+0x16b/0x180 can_send+0x32b/0x520 [can] ? __pfx_can_send+0x10/0x10 [can] ? __check_object_size+0x299/0x410 raw_sendmsg+0x572/0x6d0 [can_raw] ? __pfx_raw_sendmsg+0x10/0x10 [can_raw] ? apparmor_socket_sendmsg+0x2f/0x40 ? __pfx_raw_sendmsg+0x10/0x10 [can_raw] sock_sendmsg+0xef/0x100 sock_write_iter+0x162/0x220 ? __pfx_sock_write_iter+0x10/0x10 ? __rtnl_unlock+0x47/0x80 ? security_file_permission+0x54/0x320 vfs_write+0x6ba/0x750 ? __pfx_vfs_write+0x10/0x10 ? __fget_light+0x1ca/0x1f0 ? __rcu_read_unlock+0x5b/0x280 ksys_write+0x143/0x170 ? __pfx_ksys_write+0x10/0x10 ? __kasan_check_read+0x15/0x20 ? fpregs_assert_state_consistent+0x62/0x70 __x64_sys_write+0x47/0x60 do_syscall_64+0x60/0x90 ? do_syscall_64+0x6d/0x90 ? irqentry_exit+0x3f/0x50 ? exc_page_fault+0x79/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Allocated by task 348: kasan_save_stack+0x2a/0x50 kasan_set_track+0x29/0x40 kasan_save_alloc_info+0x1f/0x30 __kasan_kmalloc+0xb5/0xc0 __kmalloc_node_track_caller+0x67/0x160 j1939_sk_setsockopt+0x284/0x450 [can_j1939] __sys_setsockopt+0x15c/0x2f0 __x64_sys_setsockopt+0x6b/0x80 do_syscall_64+0x60/0x90 entry_SYSCALL_64_after_hwframe+0x6e/0xd8 Freed by task 349: kasan_save_stack+0x2a/0x50 kasan_set_track+0x29/0x40 kasan_save_free_info+0x2f/0x50 __kasan_slab_free+0x12e/0x1c0 __kmem_cache_free+0x1b9/0x380 kfree+0x7a/0x120 j1939_sk_setsockopt+0x3b2/0x450 [can_j1939] __sys_setsockopt+0x15c/0x2f0 __x64_sys_setsockopt+0x6b/0x80 do_syscall_64+0x60/0x90 entry_SYSCALL_64_after_hwframe+0x6e/0xd8

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52637 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52637 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

4985. Memory Corruption - Linux Kernel (CVE-2024-26607) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: sii902x: Fix probing race issue\n\nA null pointer dereference crash has been observed rarely on TI\nplatforms using sii9022 bridge:\n\n[ 53.271356] sii902x_get_edid+0x34/0x70 [sii902x]\n[ 53.276066] sii902x_bridge_get_edid+0x14/0x20 [sii902x]\n[ 53.281381] drm_bridge_get_edid+0x20/0x34 [drm]\n[ 53.286305] drm_bridge_connector_get_modes+0x8c/0xcc [drm_kms_helper]\n[ 53.292955] drm_helper_probe_single_connector_modes+0x190/0x538 [drm_kms_helper]\n[ 53.300510] drm_client_modeset_probe+0x1f0/0xbd4 [drm]\n[ 53.305958] __drm_fb_helper_initial_config_and_unlock+0x50/0x510 [drm_kms_helper]\n[ 53.313611] drm_fb_helper_initial_config+0x48/0x58 [drm_kms_helper]\n[ 53.320039] drm_fbdev_dma_client_hotplug+0x84/0xd4 [drm_dma_helper]\n[ 53.326401] drm_client_register+0x5c/0xa0 [drm]\n[ 53.331216] drm_fbdev_dma_setup+0xc8/0x13c [drm_dma_helper]\n[ 53.336881] tidss_probe+0x128/0x264 [tidss]\n[ 53.341174] platform_probe+0x68/0xc4\n[ 53.344841] really_probe+0x188/0x3c4\n[ 53.348501] __driver_probe_device+0x7c/0x16c\n[ 53.352854] driver_probe_device+0x3c/0x10c\n[ 53.357033] __device_attach_driver+0xbc/0x158\n[ 53.361472] bus_for_each_drv+0x88/0xe8\n[ 53.365303] __device_attach+0xa0/0x1b4\n[ 53.369135] device_initial_probe+0x14/0x20\n[ 53.373314] bus_probe_device+0xb0/0xb4\n[ 53.377145] deferred_probe_work_func+0xcc/0x124\n[ 53.381757] process_one_work+0x1f0/0x518\n[ 53.385770] worker_thread+0x1e8/0x3dc\n[ 53.389519] kthread+0x11c/0x120\n[ 53.392750] ret_from_fork+0x10/0x20\n\nThe issue here is as follows:\n\n- tidss probes, but is deferred as sii902x is still missing.\n- sii902x starts probing and enters sii902x_init().\n- sii902x calls drm_bridge_add(). Now the sii902x bridge is ready from\n DRM's perspective.\n- sii902x calls sii902x_audio_codec_init() and\n platform_device_register_data()\n- The registration of the audio platform device causes probing of the\n deferred devices.\n- tidss probes, which eventually causes sii902x_bridge_get_edid() to be\n called.\n- sii902x_bridge_get_edid() tries to use the i2c to read the edid.\n However, the sii902x driver has not set up the i2c part yet, leading\n to the crash.\n\nFix this by moving the drm_bridge_add() to the end of the\nsii902x_init(), which is also at the very end of sii902x_probe().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26607 was patched at 2024-05-15

ubuntu: CVE-2024-26607 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

4986. Memory Corruption - Linux Kernel (CVE-2024-26608) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix global oob in ksmbd_nl_policy Similar to a reported issue (check the commit b33fb5b801c6 ("net: qualcomm: rmnet: fix global oob in rmnet_policy"), my local fuzzer finds another global out-of-bounds read for policy ksmbd_nl_policy. See bug trace below: ================================================================== BUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline] BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 Read of size 1 at addr ffffffff8f24b100 by task syz-executor.1/62810 CPU: 0 PID: 62810 Comm: syz-executor.1 Tainted: G N 6.1.0 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x172/0x475 mm/kasan/report.c:395 kasan_report+0xbb/0x1c0 mm/kasan/report.c:495 validate_nla lib/nlattr.c:386 [inline] __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 __nla_parse+0x3e/0x50 lib/nlattr.c:697 __nlmsg_parse include/net/netlink.h:748 [inline] genl_family_rcv_msg_attrs_parse.constprop.0+0x1b0/0x290 net/netlink/genetlink.c:565 genl_family_rcv_msg_doit+0xda/0x330 net/netlink/genetlink.c:734 genl_family_rcv_msg net/netlink/genetlink.c:833 [inline] genl_rcv_msg+0x441/0x780 net/netlink/genetlink.c:850 netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540 genl_rcv+0x24/0x40 net/netlink/genetlink.c:861 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0x154/0x190 net/socket.c:734 ____sys_sendmsg+0x6df/0x840 net/socket.c:2482 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536 __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fdd66a8f359 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fdd65e00168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fdd66bbcf80 RCX: 00007fdd66a8f359 RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000003 RBP: 00007fdd66ada493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc84b81aff R14: 00007fdd65e00300 R15: 0000000000022000 </TASK> The buggy address belongs to the variable: ksmbd_nl_policy+0x100/0xa80 The buggy address belongs to the physical page: page:0000000034f47940 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ccc4b flags: 0x200000000001000(reserved|node=0|zone=2) raw: 0200000000001000 ffffea00073312c8 ffffea00073312c8 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffffff8f24b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff8f24b080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffffff8f24b100: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 00 00 07 f9 ^ ffffffff8f24b180: f9 f9 f9 f9 00 05 f9 f9 f9 f9 f9 f9 00 00 00 05 ffffffff8f24b200: f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9 00 00 04 f9 ================================================================== To fix it, add a placeholder named __KSMBD_EVENT_MAX and let KSMBD_EVENT_MAX to be its original value - 1 according to what other netlink families do. Also change two sites that refer the KSMBD_EVENT_MAX to correct value.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26608 was patched at 2024-05-15

ubuntu: CVE-2024-26608 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

4987. Memory Corruption - Linux Kernel (CVE-2024-26610) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the buffer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26610 was patched at 2024-06-05

debian: CVE-2024-26610 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-26610 was patched at 2024-06-05

redhat: CVE-2024-26610 was patched at 2024-06-05

ubuntu: CVE-2024-26610 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

4988. Memory Corruption - Linux Kernel (CVE-2024-26612) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs, fscache: Prevent Oops in fscache_put_cache()\n\nThis function dereferences "cache" and then checks if it's\nIS_ERR_OR_NULL(). Check first, then dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26612 was patched at 2024-05-15

ubuntu: CVE-2024-26612 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

4989. Memory Corruption - Linux Kernel (CVE-2024-26615) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix illegal rmb_desc access in SMC-D connection dump\n\nA crash was found when dumping SMC-D connections. It can be reproduced\nby following steps:\n\n- run nginx/wrk test:\n smc_run nginx\n smc_run wrk -t 16 -c 1000 -d <duration> -H 'Connection: Close' <URL>\n\n- continuously dump SMC-D connections in parallel:\n watch -n 1 'smcss -D'\n\n BUG: kernel NULL pointer dereference, address: 0000000000000030\n CPU: 2 PID: 7204 Comm: smcss Kdump: loaded Tainted: G\tE 6.7.0+ #55\n RIP: 0010:__smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]\n Call Trace:\n <TASK>\n ? __die+0x24/0x70\n ? page_fault_oops+0x66/0x150\n ? exc_page_fault+0x69/0x140\n ? asm_exc_page_fault+0x26/0x30\n ? __smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag]\n ? __kmalloc_node_track_caller+0x35d/0x430\n ? __alloc_skb+0x77/0x170\n smc_diag_dump_proto+0xd0/0xf0 [smc_diag]\n smc_diag_dump+0x26/0x60 [smc_diag]\n netlink_dump+0x19f/0x320\n __netlink_dump_start+0x1dc/0x300\n smc_diag_handler_dump+0x6a/0x80 [smc_diag]\n ? __pfx_smc_diag_dump+0x10/0x10 [smc_diag]\n sock_diag_rcv_msg+0x121/0x140\n ? __pfx_sock_diag_rcv_msg+0x10/0x10\n netlink_rcv_skb+0x5a/0x110\n sock_diag_rcv+0x28/0x40\n netlink_unicast+0x22a/0x330\n netlink_sendmsg+0x1f8/0x420\n __sock_sendmsg+0xb0/0xc0\n ____sys_sendmsg+0x24e/0x300\n ? copy_msghdr_from_user+0x62/0x80\n ___sys_sendmsg+0x7c/0xd0\n ? __do_fault+0x34/0x160\n ? do_read_fault+0x5f/0x100\n ? do_fault+0xb0/0x110\n ? __handle_mm_fault+0x2b0/0x6c0\n __sys_sendmsg+0x4d/0x80\n do_syscall_64+0x69/0x180\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nIt is possible that the connection is in process of being established\nwhen we dump it. Assumed that the connection has been registered in a\nlink group by smc_conn_create() but the rmb_desc has not yet been\ninitialized by smc_buf_create(), thus causing the illegal access to\nconn->rmb_desc. So fix it by checking before dump.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26615 was patched at 2024-06-05

debian: CVE-2024-26615 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-26615 was patched at 2024-06-05

redhat: CVE-2024-26615 was patched at 2024-06-05

ubuntu: CVE-2024-26615 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

4990. Memory Corruption - Linux Kernel (CVE-2024-26622) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26622 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26622 was patched at 2024-05-16, 2024-05-20, 2024-05-21, 2024-05-23, 2024-05-28, 2024-06-11

4991. Memory Corruption - Linux Kernel (CVE-2024-26626) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipmr: fix kernel panic when forwarding mcast packets\n\nThe stacktrace was:\n[ 86.305548] BUG: kernel NULL pointer dereference, address: 0000000000000092\n[ 86.306815] #PF: supervisor read access in kernel mode\n[ 86.307717] #PF: error_code(0x0000) - not-present page\n[ 86.308624] PGD 0 P4D 0\n[ 86.309091] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 86.309883] CPU: 2 PID: 3139 Comm: pimd Tainted: G U 6.8.0-6wind-knet #1\n[ 86.311027] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.1-0-g0551a4be2c-prebuilt.qemu-project.org 04/01/2014\n[ 86.312728] RIP: 0010:ip_mr_forward (/build/work/knet/net/ipv4/ipmr.c:1985)\n[ 86.313399] Code: f9 1f 0f 87 85 03 00 00 48 8d 04 5b 48 8d 04 83 49 8d 44 c5 00 48 8b 40 70 48 39 c2 0f 84 d9 00 00 00 49 8b 46 58 48 83 e0 fe <80> b8 92 00 00 00 00 0f 84 55 ff ff ff 49 83 47 38 01 45 85 e4 0f\n[ 86.316565] RSP: 0018:ffffad21c0583ae0 EFLAGS: 00010246\n[ 86.317497] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n[ 86.318596] RDX: ffff9559cb46c000 RSI: 0000000000000000 RDI: 0000000000000000\n[ 86.319627] RBP: ffffad21c0583b30 R08: 0000000000000000 R09: 0000000000000000\n[ 86.320650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001\n[ 86.321672] R13: ffff9559c093a000 R14: ffff9559cc00b800 R15: ffff9559c09c1d80\n[ 86.322873] FS: 00007f85db661980(0000) GS:ffff955a79d00000(0000) knlGS:0000000000000000\n[ 86.324291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 86.325314] CR2: 0000000000000092 CR3: 000000002f13a000 CR4: 0000000000350ef0\n[ 86.326589] Call Trace:\n[ 86.327036] <TASK>\n[ 86.327434] ? show_regs (/build/work/knet/arch/x86/kernel/dumpstack.c:479)\n[ 86.328049] ? __die (/build/work/knet/arch/x86/kernel/dumpstack.c:421 /build/work/knet/arch/x86/kernel/dumpstack.c:434)\n[ 86.328508] ? page_fault_oops (/build/work/knet/arch/x86/mm/fault.c:707)\n[ 86.329107] ? do_user_addr_fault (/build/work/knet/arch/x86/mm/fault.c:1264)\n[ 86.329756] ? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223)\n[ 86.330350] ? __irq_work_queue_local (/build/work/knet/kernel/irq_work.c:111 (discriminator 1))\n[ 86.331013] ? exc_page_fault (/build/work/knet/./arch/x86/include/asm/paravirt.h:693 /build/work/knet/arch/x86/mm/fault.c:1515 /build/work/knet/arch/x86/mm/fault.c:1563)\n[ 86.331702] ? asm_exc_page_fault (/build/work/knet/./arch/x86/include/asm/idtentry.h:570)\n[ 86.332468] ? ip_mr_forward (/build/work/knet/net/ipv4/ipmr.c:1985)\n[ 86.333183] ? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223)\n[ 86.333920] ipmr_mfc_add (/build/work/knet/./include/linux/rcupdate.h:782 /build/work/knet/net/ipv4/ipmr.c:1009 /build/work/knet/net/ipv4/ipmr.c:1273)\n[ 86.334583] ? __pfx_ipmr_hash_cmp (/build/work/knet/net/ipv4/ipmr.c:363)\n[ 86.335357] ip_mroute_setsockopt (/build/work/knet/net/ipv4/ipmr.c:1470)\n[ 86.336135] ? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223)\n[ 86.336854] ? ip_mroute_setsockopt (/build/work/knet/net/ipv4/ipmr.c:1470)\n[ 86.337679] do_ip_setsockopt (/build/work/knet/net/ipv4/ip_sockglue.c:944)\n[ 86.338408] ? __pfx_unix_stream_read_actor (/build/work/knet/net/unix/af_unix.c:2862)\n[ 86.339232] ? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223)\n[ 86.339809] ? aa_sk_perm (/build/work/knet/security/apparmor/include/cred.h:153 /build/work/knet/security/apparmor/net.c:181)\n[ 86.340342] ip_setsockopt (/build/work/knet/net/ipv4/ip_sockglue.c:1415)\n[ 86.340859] raw_setsockopt (/build/work/knet/net/ipv4/raw.c:836)\n[ 86.341408] ? security_socket_setsockopt (/build/work/knet/security/security.c:4561 (discriminator 13))\n[ 86.342116] sock_common_setsockopt (/build/work/knet/net/core/sock.c:3716)\n[ 86.342747] do_sock_setsockopt (/build/work/knet/net/socket.c:2313)\n[ 86.343363] __sys_setsockopt (/build/work/knet/./include/linux/file.h:32 /build/work/kn\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26626 was patched at 2024-05-15

4992. Memory Corruption - Linux Kernel (CVE-2024-26632) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix iterating over an empty bio with bio_for_each_folio_all\n\nIf the bio contains no data, bio_first_folio() calls page_folio() on a\nNULL pointer and oopses. Move the test that we've reached the end of\nthe bio from bio_next_folio() to bio_first_folio().\n\n[axboe: add unlikely() to error case]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26632 was patched at 2024-05-15

ubuntu: CVE-2024-26632 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

4993. Memory Corruption - Linux Kernel (CVE-2024-26634) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix removing a namespace with conflicting altnames\n\nMark reports a BUG() when a net namespace is removed.\n\n kernel BUG at net/core/dev.c:11520!\n\nPhysical interfaces moved outside of init_net get "refunded"\nto init_net when that namespace disappears. The main interface\nname may get overwritten in the process if it would have\nconflicted. We need to also discard all conflicting altnames.\nRecent fixes addressed ensuring that altnames get moved\nwith the main interface, which surfaced this problem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26634 was patched at 2024-05-15

ubuntu: CVE-2024-26634 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

4994. Memory Corruption - Linux Kernel (CVE-2024-26646) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: thermal: intel: hfi: Add syscore callbacks for system-wide PM The kernel allocates a memory buffer and provides its location to the hardware, which uses it to update the HFI table. This allocation occurs during boot and remains constant throughout runtime. When resuming from hibernation, the restore kernel allocates a second memory buffer and reprograms the HFI hardware with the new location as part of a normal boot. The location of the second memory buffer may differ from the one allocated by the image kernel. When the restore kernel transfers control to the image kernel, its HFI buffer becomes invalid, potentially leading to memory corruption if the hardware writes to it (the hardware continues to use the buffer from the restore kernel). It is also possible that the hardware "forgets" the address of the memory buffer when resuming from "deep" suspend. Memory corruption may also occur in such a scenario. To prevent the described memory corruption, disable HFI when preparing to suspend or hibernate. Enable it when resuming. Add syscore callbacks to handle the package of the boot CPU (packages of non-boot CPUs are handled via CPU offline). Syscore ops always run on the boot CPU. Additionally, HFI only needs to be disabled during "deep" suspend and hibernation. Syscore ops only run in these cases. [ rjw: Comment adjustment, subject and changelog edits ]

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26646 was patched at 2024-05-15

ubuntu: CVE-2024-26646 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

4995. Memory Corruption - Linux Kernel (CVE-2024-26647) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()'\n\nIn link_set_dsc_pps_packet(), 'struct display_stream_compressor *dsc'\nwas dereferenced in a DC_LOGGER_INIT(dsc->ctx->logger); before the 'dsc'\nNULL pointer check.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/link/link_dpms.c:905 link_set_dsc_pps_packet() warn: variable dereferenced before check 'dsc' (see line 903)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26647 was patched at 2024-05-15

ubuntu: CVE-2024-26647 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

4996. Memory Corruption - Linux Kernel (CVE-2024-26648) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay()\n\nIn edp_setup_replay(), 'struct dc *dc' & 'struct dmub_replay *replay'\nwas dereferenced before the pointer 'link' & 'replay' NULL check.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:947 edp_setup_replay() warn: variable dereferenced before check 'link' (see line 933)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26648 was patched at 2024-05-15

4997. Memory Corruption - Linux Kernel (CVE-2024-26656) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size. The bug was reported by Joonkyo Jung <joonkyoj@yonsei.ac.kr>. For example the following code: static void Syzkaller1(int fd) { struct drm_amdgpu_gem_userptr arg; int ret; arg.addr = 0xffffffffffff0000; arg.size = 0x80000000; /*2 Gb*/ arg.flags = 0x7; ret = drmIoctl(fd, 0xc1186451/*amdgpu_gem_userptr_ioctl*/, &arg); } Due to the address and size are not valid there is a failure in amdgpu_hmm_register->mmu_interval_notifier_insert->__mmu_interval_notifier_insert-> check_shl_overflow, but we even the amdgpu_hmm_register failure we still call amdgpu_hmm_unregister into amdgpu_gem_object_free which causes access to a bad address. The following stack is below when the issue is reproduced when Kazan is enabled: [ +0.000014] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020 [ +0.000009] RIP: 0010:mmu_interval_notifier_remove+0x327/0x340 [ +0.000017] Code: ff ff 49 89 44 24 08 48 b8 00 01 00 00 00 00 ad de 4c 89 f7 49 89 47 40 48 83 c0 22 49 89 47 48 e8 ce d1 2d 01 e9 32 ff ff ff <0f> 0b e9 16 ff ff ff 4c 89 ef e8 fa 14 b3 ff e9 36 ff ff ff e8 80 [ +0.000014] RSP: 0018:ffffc90002657988 EFLAGS: 00010246 [ +0.000013] RAX: 0000000000000000 RBX: 1ffff920004caf35 RCX: ffffffff8160565b [ +0.000011] RDX: dffffc0000000000 RSI: 0000000000000004 RDI: ffff8881a9f78260 [ +0.000010] RBP: ffffc90002657a70 R08: 0000000000000001 R09: fffff520004caf25 [ +0.000010] R10: 0000000000000003 R11: ffffffff8161d1d6 R12: ffff88810e988c00 [ +0.000010] R13: ffff888126fb5a00 R14: ffff88810e988c0c R15: ffff8881a9f78260 [ +0.000011] FS: 00007ff9ec848540(0000) GS:ffff8883cc880000(0000) knlGS:0000000000000000 [ +0.000012] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ +0.000010] CR2: 000055b3f7e14328 CR3: 00000001b5770000 CR4: 0000000000350ef0 [ +0.000010] Call Trace: [ +0.000006] <TASK> [ +0.000007] ? show_regs+0x6a/0x80 [ +0.000018] ? __warn+0xa5/0x1b0 [ +0.000019] ? mmu_interval_notifier_remove+0x327/0x340 [ +0.000018] ? report_bug+0x24a/0x290 [ +0.000022] ? handle_bug+0x46/0x90 [ +0.000015] ? exc_invalid_op+0x19/0x50 [ +0.000016] ? asm_exc_invalid_op+0x1b/0x20 [ +0.000017] ? kasan_save_stack+0x26/0x50 [ +0.000017] ? mmu_interval_notifier_remove+0x23b/0x340 [ +0.000019] ? mmu_interval_notifier_remove+0x327/0x340 [ +0.000019] ? mmu_interval_notifier_remove+0x23b/0x340 [ +0.000020] ? __pfx_mmu_interval_notifier_remove+0x10/0x10 [ +0.000017] ? kasan_save_alloc_info+0x1e/0x30 [ +0.000018] ? srso_return_thunk+0x5/0x5f [ +0.000014] ? __kasan_kmalloc+0xb1/0xc0 [ +0.000018] ? srso_return_thunk+0x5/0x5f [ +0.000013] ? __kasan_check_read+0x11/0x20 [ +0.000020] amdgpu_hmm_unregister+0x34/0x50 [amdgpu] [ +0.004695] amdgpu_gem_object_free+0x66/0xa0 [amdgpu] [ +0.004534] ? __pfx_amdgpu_gem_object_free+0x10/0x10 [amdgpu] [ +0.004291] ? do_syscall_64+0x5f/0xe0 [ +0.000023] ? srso_return_thunk+0x5/0x5f [ +0.000017] drm_gem_object_free+0x3b/0x50 [drm] [ +0.000489] amdgpu_gem_userptr_ioctl+0x306/0x500 [amdgpu] [ +0.004295] ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu] [ +0.004270] ? srso_return_thunk+0x5/0x5f [ +0.000014] ? __this_cpu_preempt_check+0x13/0x20 [ +0.000015] ? srso_return_thunk+0x5/0x5f [ +0.000013] ? sysvec_apic_timer_interrupt+0x57/0xc0 [ +0.000020] ? srso_return_thunk+0x5/0x5f [ +0.000014] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ +0.000022] ? drm_ioctl_kernel+0x17b/0x1f0 [drm] [ +0.000496] ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu] [ +0.004272] ? drm_ioctl_kernel+0x190/0x1f0 [drm] [ +0.000492] drm_ioctl_kernel+0x140/0x1f0 [drm] [ +0.000497] ? __pfx_amdgpu_gem_userptr_ioctl+0x10/0x10 [amdgpu] [ +0.004297] ? __pfx_drm_ioctl_kernel+0x10/0x10 [d ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26656 was patched at 2024-05-15

ubuntu: CVE-2024-26656 was patched at 2024-06-07, 2024-06-11, 2024-06-14

4998. Memory Corruption - Linux Kernel (CVE-2024-26660) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 'stream_enc_regs' array is an array of dcn10_stream_enc_registers structures. The array is initialized with four elements, corresponding to the four calls to stream_enc_regs() in the array initializer. This means that valid indices for this array are 0, 1, 2, and 3. The error message 'stream_enc_regs' 4 <= 5 below, is indicating that there is an attempt to access this array with an index of 5, which is out of bounds. This could lead to undefined behavior Here, eng_id is used as an index to access the stream_enc_regs array. If eng_id is 5, this would result in an out-of-bounds access on the stream_enc_regs array. Thus fixing Buffer overflow error in dcn301_stream_encoder_create reported by Smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn301/dcn301_resource.c:1011 dcn301_stream_encoder_create() error: buffer overflow 'stream_enc_regs' 4 <= 5

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26660 was patched at 2024-05-15

ubuntu: CVE-2024-26660 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

4999. Memory Corruption - Linux Kernel (CVE-2024-26669) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: Fix chain template offload When a qdisc is deleted from a net device the stack instructs the underlying driver to remove its flow offload callback from the associated filter block using the 'FLOW_BLOCK_UNBIND' command. The stack then continues to replay the removal of the filters in the block for this driver by iterating over the chains in the block and invoking the 'reoffload' operation of the classifier being used. In turn, the classifier in its 'reoffload' operation prepares and emits a 'FLOW_CLS_DESTROY' command for each filter. However, the stack does not do the same for chain templates and the underlying driver never receives a 'FLOW_CLS_TMPLT_DESTROY' command when a qdisc is deleted. This results in a memory leak [1] which can be reproduced using [2]. Fix by introducing a 'tmplt_reoffload' operation and have the stack invoke it with the appropriate arguments as part of the replay. Implement the operation in the sole classifier that supports chain templates (flower) by emitting the 'FLOW_CLS_TMPLT_{CREATE,DESTROY}' command based on whether a flow offload callback is being bound to a filter block or being unbound from one. As far as I can tell, the issue happens since cited commit which reordered tcf_block_offload_unbind() before tcf_block_flush_all_chains() in __tcf_block_put(). The order cannot be reversed as the filter block is expected to be freed after flushing all the chains. [1] unreferenced object 0xffff888107e28800 (size 2048): comm "tc", pid 1079, jiffies 4294958525 (age 3074.287s) hex dump (first 32 bytes): b1 a6 7c 11 81 88 ff ff e0 5b b3 10 81 88 ff ff ..|......[...... 01 00 00 00 00 00 00 00 e0 aa b0 84 ff ff ff ff ................ backtrace: [<ffffffff81c06a68>] __kmem_cache_alloc_node+0x1e8/0x320 [<ffffffff81ab374e>] __kmalloc+0x4e/0x90 [<ffffffff832aec6d>] mlxsw_sp_acl_ruleset_get+0x34d/0x7a0 [<ffffffff832bc195>] mlxsw_sp_flower_tmplt_create+0x145/0x180 [<ffffffff832b2e1a>] mlxsw_sp_flow_block_cb+0x1ea/0x280 [<ffffffff83a10613>] tc_setup_cb_call+0x183/0x340 [<ffffffff83a9f85a>] fl_tmplt_create+0x3da/0x4c0 [<ffffffff83a22435>] tc_ctl_chain+0xa15/0x1170 [<ffffffff838a863c>] rtnetlink_rcv_msg+0x3cc/0xed0 [<ffffffff83ac87f0>] netlink_rcv_skb+0x170/0x440 [<ffffffff83ac6270>] netlink_unicast+0x540/0x820 [<ffffffff83ac6e28>] netlink_sendmsg+0x8d8/0xda0 [<ffffffff83793def>] ____sys_sendmsg+0x30f/0xa80 [<ffffffff8379d29a>] ___sys_sendmsg+0x13a/0x1e0 [<ffffffff8379d50c>] __sys_sendmsg+0x11c/0x1f0 [<ffffffff843b9ce0>] do_syscall_64+0x40/0xe0 unreferenced object 0xffff88816d2c0400 (size 1024): comm "tc", pid 1079, jiffies 4294958525 (age 3074.287s) hex dump (first 32 bytes): 40 00 00 00 00 00 00 00 57 f6 38 be 00 00 00 00 @.......W.8..... 10 04 2c 6d 81 88 ff ff 10 04 2c 6d 81 88 ff ff ..,m......,m.... backtrace: [<ffffffff81c06a68>] __kmem_cache_alloc_node+0x1e8/0x320 [<ffffffff81ab36c1>] __kmalloc_node+0x51/0x90 [<ffffffff81a8ed96>] kvmalloc_node+0xa6/0x1f0 [<ffffffff82827d03>] bucket_table_alloc.isra.0+0x83/0x460 [<ffffffff82828d2b>] rhashtable_init+0x43b/0x7c0 [<ffffffff832aed48>] mlxsw_sp_acl_ruleset_get+0x428/0x7a0 [<ffffffff832bc195>] mlxsw_sp_flower_tmplt_create+0x145/0x180 [<ffffffff832b2e1a>] mlxsw_sp_flow_block_cb+0x1ea/0x280 [<ffffffff83a10613>] tc_setup_cb_call+0x183/0x340 [<ffffffff83a9f85a>] fl_tmplt_create+0x3da/0x4c0 [<ffffffff83a22435>] tc_ctl_chain+0xa15/0x1170 [<ffffffff838a863c>] rtnetlink_rcv_msg+0x3cc/0xed0 [<ffffffff83ac87f0>] netlink_rcv_skb+0x170/0x440 [<ffffffff83ac6270>] netlink_unicast+0x540/0x820 [<ffffffff83ac6e28>] netlink_sendmsg+0x8d8/0xda0 [<ffffffff83793def>] ____sys_sendmsg+0x30f/0xa80 [2] # tc qdisc add dev swp1 clsact # tc chain add dev swp1 ingress proto ip chain 1 flower dst_ip 0.0.0.0/32 # tc qdisc del dev ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26669 was patched at 2024-05-15

ubuntu: CVE-2024-26669 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

5000. Memory Corruption - Linux Kernel (CVE-2024-26672) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'\n\nFixes the below:\n\ndrivers/gpu/drm/amd/amdgpu/amdgpu_mca.c:377 amdgpu_mca_smu_get_mca_entry() warn: variable dereferenced before check 'mca_funcs' (see line 368)\n\n357 int amdgpu_mca_smu_get_mca_entry(struct amdgpu_device *adev,\n\t\t\t\t enum amdgpu_mca_error_type type,\n358 int idx, struct mca_bank_entry *entry)\n359 {\n360 const struct amdgpu_mca_smu_funcs *mca_funcs =\n\t\t\t\t\t\tadev->mca.mca_funcs;\n361 int count;\n362\n363 switch (type) {\n364 case AMDGPU_MCA_ERROR_TYPE_UE:\n365 count = mca_funcs->max_ue_count;\n\nmca_funcs is dereferenced here.\n\n366 break;\n367 case AMDGPU_MCA_ERROR_TYPE_CE:\n368 count = mca_funcs->max_ce_count;\n\nmca_funcs is dereferenced here.\n\n369 break;\n370 default:\n371 return -EINVAL;\n372 }\n373\n374 if (idx >= count)\n375 return -EINVAL;\n376\n377 if (mca_funcs && mca_funcs->mca_get_mca_entry)\n\t ^^^^^^^^^\n\nChecked too late!', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26672 was patched at 2024-05-15

5001. Memory Corruption - Linux Kernel (CVE-2024-26685) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async_write flag and cause a BUG_ON failure when using nilfs2. Nilfs2 itself does not use end_buffer_async_write(). But, the async_write flag is now used as a marker by commit 7f42ec394156 ("nilfs2: fix issue with race condition of competition between segments for dirty blocks") as a means of resolving double list insertion of dirty blocks in nilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the resulting crash. This modification is safe as long as it is used for file data and b-tree node blocks where the page caches are independent. However, it was irrelevant and redundant to also introduce async_write for segment summary and super root blocks that share buffers with the backing device. This led to the possibility that the BUG_ON check in end_buffer_async_write would fail as described above, if independent writebacks of the backing device occurred in parallel. The use of async_write for segment summary buffers has already been removed in a previous change. Fix this issue by removing the manipulation of the async_write flag for the remaining super root block buffer.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26685 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26685 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

5002. Memory Corruption - Linux Kernel (CVE-2024-26688) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super\n\nWhen configuring a hugetlb filesystem via the fsconfig() syscall, there is\na possible NULL dereference in hugetlbfs_fill_super() caused by assigning\nNULL to ctx->hstate in hugetlbfs_parse_param() when the requested pagesize\nis non valid.\n\nE.g: Taking the following steps:\n\n fd = fsopen("hugetlbfs", FSOPEN_CLOEXEC);\n fsconfig(fd, FSCONFIG_SET_STRING, "pagesize", "1024", 0);\n fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0);\n\nGiven that the requested "pagesize" is invalid, ctxt->hstate will be replaced\nwith NULL, losing its previous value, and we will print an error:\n\n ...\n ...\n case Opt_pagesize:\n ps = memparse(param->string, &rest);\n ctx->hstate = h;\n if (!ctx->hstate) {\n pr_err("Unsupported page size %lu MB\\n", ps / SZ_1M);\n return -EINVAL;\n }\n return 0;\n ...\n ...\n\nThis is a problem because later on, we will dereference ctxt->hstate in\nhugetlbfs_fill_super()\n\n ...\n ...\n sb->s_blocksize = huge_page_size(ctx->hstate);\n ...\n ...\n\nCausing below Oops.\n\nFix this by replacing cxt->hstate value only when then pagesize is known\nto be valid.\n\n kernel: hugetlbfs: Unsupported page size 0 MB\n kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028\n kernel: #PF: supervisor read access in kernel mode\n kernel: #PF: error_code(0x0000) - not-present page\n kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0\n kernel: Oops: 0000 [#1] PREEMPT SMP PTI\n kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f\n kernel: Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017\n kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0\n kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 <8b> 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28\n kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246\n kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004\n kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000\n kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004\n kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000\n kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400\n kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000\n kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0\n kernel: Call Trace:\n kernel: <TASK>\n kernel: ? __die_body+0x1a/0x60\n kernel: ? page_fault_oops+0x16f/0x4a0\n kernel: ? search_bpf_extables+0x65/0x70\n kernel: ? fixup_exception+0x22/0x310\n kernel: ? exc_page_fault+0x69/0x150\n kernel: ? asm_exc_page_fault+0x22/0x30\n kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10\n kernel: ? hugetlbfs_fill_super+0xb4/0x1a0\n kernel: ? hugetlbfs_fill_super+0x28/0x1a0\n kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10\n kernel: vfs_get_super+0x40/0xa0\n kernel: ? __pfx_bpf_lsm_capable+0x10/0x10\n kernel: vfs_get_tree+0x25/0xd0\n kernel: vfs_cmd_create+0x64/0xe0\n kernel: __x64_sys_fsconfig+0x395/0x410\n kernel: do_syscall_64+0x80/0x160\n kernel: ? syscall_exit_to_user_mode+0x82/0x240\n kernel: ? do_syscall_64+0x8d/0x160\n kernel: ? syscall_exit_to_user_mode+0x82/0x240\n kernel: ? do_syscall_64+0x8d/0x160\n kernel: ? exc_page_fault+0x69/0x150\n kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76\n kernel: RIP: 0033:0x7ffbc0cb87c9\n kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48\n kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af\n kernel: RAX: fffffffffff\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26688 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26688 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

5003. Memory Corruption - Linux Kernel (CVE-2024-26689) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), "use after free" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the refcount could be increment here, it was freed. In same file, in "handle_cap_grant()" refcount is decremented by this line - 'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race occurred and resource was freed by the latter line before the former line could increment it. encode_cap_msg() is called by __send_cap() and __send_cap() is called by ceph_check_caps() after calling __prep_cap(). __prep_cap() is where arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where the refcount must be increased to prevent "use after free" error.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26689 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26689 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

5004. Memory Corruption - Linux Kernel (CVE-2024-26695) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked\n\nThe SEV platform device can be shutdown with a null psp_master,\ne.g., using DEBUG_TEST_DRIVER_REMOVE. Found using KASAN:\n\n[ 137.148210] ccp 0000:23:00.1: enabling device (0000 -> 0002)\n[ 137.162647] ccp 0000:23:00.1: no command queues available\n[ 137.170598] ccp 0000:23:00.1: sev enabled\n[ 137.174645] ccp 0000:23:00.1: psp enabled\n[ 137.178890] general protection fault, probably for non-canonical address 0xdffffc000000001e: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN NOPTI\n[ 137.182693] KASAN: null-ptr-deref in range [0x00000000000000f0-0x00000000000000f7]\n[ 137.182693] CPU: 93 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc1+ #311\n[ 137.182693] RIP: 0010:__sev_platform_shutdown_locked+0x51/0x180\n[ 137.182693] Code: 08 80 3c 08 00 0f 85 0e 01 00 00 48 8b 1d 67 b6 01 08 48 b8 00 00 00 00 00 fc ff df 48 8d bb f0 00 00 00 48 89 f9 48 c1 e9 03 <80> 3c 01 00 0f 85 fe 00 00 00 48 8b 9b f0 00 00 00 48 85 db 74 2c\n[ 137.182693] RSP: 0018:ffffc900000cf9b0 EFLAGS: 00010216\n[ 137.182693] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 000000000000001e\n[ 137.182693] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 00000000000000f0\n[ 137.182693] RBP: ffffc900000cf9c8 R08: 0000000000000000 R09: fffffbfff58f5a66\n[ 137.182693] R10: ffffc900000cf9c8 R11: ffffffffac7ad32f R12: ffff8881e5052c28\n[ 137.182693] R13: ffff8881e5052c28 R14: ffff8881758e43e8 R15: ffffffffac64abf8\n[ 137.182693] FS: 0000000000000000(0000) GS:ffff889de7000000(0000) knlGS:0000000000000000\n[ 137.182693] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 137.182693] CR2: 0000000000000000 CR3: 0000001cf7c7e000 CR4: 0000000000350ef0\n[ 137.182693] Call Trace:\n[ 137.182693] <TASK>\n[ 137.182693] ? show_regs+0x6c/0x80\n[ 137.182693] ? __die_body+0x24/0x70\n[ 137.182693] ? die_addr+0x4b/0x80\n[ 137.182693] ? exc_general_protection+0x126/0x230\n[ 137.182693] ? asm_exc_general_protection+0x2b/0x30\n[ 137.182693] ? __sev_platform_shutdown_locked+0x51/0x180\n[ 137.182693] sev_firmware_shutdown.isra.0+0x1e/0x80\n[ 137.182693] sev_dev_destroy+0x49/0x100\n[ 137.182693] psp_dev_destroy+0x47/0xb0\n[ 137.182693] sp_destroy+0xbb/0x240\n[ 137.182693] sp_pci_remove+0x45/0x60\n[ 137.182693] pci_device_remove+0xaa/0x1d0\n[ 137.182693] device_remove+0xc7/0x170\n[ 137.182693] really_probe+0x374/0xbe0\n[ 137.182693] ? srso_return_thunk+0x5/0x5f\n[ 137.182693] __driver_probe_device+0x199/0x460\n[ 137.182693] driver_probe_device+0x4e/0xd0\n[ 137.182693] __driver_attach+0x191/0x3d0\n[ 137.182693] ? __pfx___driver_attach+0x10/0x10\n[ 137.182693] bus_for_each_dev+0x100/0x190\n[ 137.182693] ? __pfx_bus_for_each_dev+0x10/0x10\n[ 137.182693] ? __kasan_check_read+0x15/0x20\n[ 137.182693] ? srso_return_thunk+0x5/0x5f\n[ 137.182693] ? _raw_spin_unlock+0x27/0x50\n[ 137.182693] driver_attach+0x41/0x60\n[ 137.182693] bus_add_driver+0x2a8/0x580\n[ 137.182693] driver_register+0x141/0x480\n[ 137.182693] __pci_register_driver+0x1d6/0x2a0\n[ 137.182693] ? srso_return_thunk+0x5/0x5f\n[ 137.182693] ? esrt_sysfs_init+0x1cd/0x5d0\n[ 137.182693] ? __pfx_sp_mod_init+0x10/0x10\n[ 137.182693] sp_pci_init+0x22/0x30\n[ 137.182693] sp_mod_init+0x14/0x30\n[ 137.182693] ? __pfx_sp_mod_init+0x10/0x10\n[ 137.182693] do_one_initcall+0xd1/0x470\n[ 137.182693] ? __pfx_do_one_initcall+0x10/0x10\n[ 137.182693] ? parameq+0x80/0xf0\n[ 137.182693] ? srso_return_thunk+0x5/0x5f\n[ 137.182693] ? __kmalloc+0x3b0/0x4e0\n[ 137.182693] ? kernel_init_freeable+0x92d/0x1050\n[ 137.182693] ? kasan_populate_vmalloc_pte+0x171/0x190\n[ 137.182693] ? srso_return_thunk+0x5/0x5f\n[ 137.182693] kernel_init_freeable+0xa64/0x1050\n[ 137.182693] ? __pfx_kernel_init+0x10/0x10\n[ 137.182693] kernel_init+0x24/0x160\n[ 137.182693] ? __switch_to_asm+0x3e/0x70\n[ 137.182693] ret_from_fork+0x40/0x80\n[ 137.182693] ? __pfx_kernel_init+0x1\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26695 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26695 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

5005. Memory Corruption - Linux Kernel (CVE-2024-26698) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove In commit ac5047671758 ("hv_netvsc: Disable NAPI before closing the VMBus channel"), napi_disable was getting called for all channels, including all subchannels without confirming if they are enabled or not. This caused hv_netvsc getting hung at napi_disable, when netvsc_probe() has finished running but nvdev->subchan_work has not started yet. netvsc_subchan_work() -> rndis_set_subchannel() has not created the sub-channels and because of that netvsc_sc_open() is not running. netvsc_remove() calls cancel_work_sync(&nvdev->subchan_work), for which netvsc_subchan_work did not run. netif_napi_add() sets the bit NAPI_STATE_SCHED because it ensures NAPI cannot be scheduled. Then netvsc_sc_open() -> napi_enable will clear the NAPIF_STATE_SCHED bit, so it can be scheduled. napi_disable() does the opposite. Now during netvsc_device_remove(), when napi_disable is called for those subchannels, napi_disable gets stuck on infinite msleep. This fix addresses this problem by ensuring that napi_disable() is not getting called for non-enabled NAPI struct. But netif_napi_del() is still necessary for these non-enabled NAPI struct for cleanup purpose. Call trace: [ 654.559417] task:modprobe state:D stack: 0 pid: 2321 ppid: 1091 flags:0x00004002 [ 654.568030] Call Trace: [ 654.571221] <TASK> [ 654.573790] __schedule+0x2d6/0x960 [ 654.577733] schedule+0x69/0xf0 [ 654.581214] schedule_timeout+0x87/0x140 [ 654.585463] ? __bpf_trace_tick_stop+0x20/0x20 [ 654.590291] msleep+0x2d/0x40 [ 654.593625] napi_disable+0x2b/0x80 [ 654.597437] netvsc_device_remove+0x8a/0x1f0 [hv_netvsc] [ 654.603935] rndis_filter_device_remove+0x194/0x1c0 [hv_netvsc] [ 654.611101] ? do_wait_intr+0xb0/0xb0 [ 654.615753] netvsc_remove+0x7c/0x120 [hv_netvsc] [ 654.621675] vmbus_remove+0x27/0x40 [hv_vmbus]

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26698 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26698 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

5006. Memory Corruption - Linux Kernel (CVE-2024-26704) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix double-free of blocks due to wrong extents moved_len\n\nIn ext4_move_extents(), moved_len is only updated when all moves are\nsuccessfully executed, and only discards orig_inode and donor_inode\npreallocations when moved_len is not zero. When the loop fails to exit\nafter successfully moving some extents, moved_len is not updated and\nremains at 0, so it does not discard the preallocations.\n\nIf the moved extents overlap with the preallocated extents, the\noverlapped extents are freed twice in ext4_mb_release_inode_pa() and\next4_process_freed_data() (as described in commit 94d7c16cbbbd ("ext4:\nFix double-free of blocks with EXT4_IOC_MOVE_EXT")), and bb_free is\nincremented twice. Hence when trim is executed, a zero-division bug is\ntriggered in mb_update_avg_fragment_size() because bb_free is not zero\nand bb_fragments is zero.\n\nTherefore, update move_len after each extent move to avoid the issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26704 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26704 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-16, 2024-05-20, 2024-05-21, 2024-05-23, 2024-05-28, 2024-06-11

5007. Memory Corruption - Linux Kernel (CVE-2024-26715) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend\n\nIn current scenario if Plug-out and Plug-In performed continuously\nthere could be a chance while checking for dwc->gadget_driver in\ndwc3_gadget_suspend, a NULL pointer dereference may occur.\n\nCall Stack:\n\n\tCPU1: CPU2:\n\tgadget_unbind_driver dwc3_suspend_common\n\tdwc3_gadget_stop dwc3_gadget_suspend\n dwc3_disconnect_gadget\n\nCPU1 basically clears the variable and CPU2 checks the variable.\nConsider CPU1 is running and right before gadget_driver is cleared\nand in parallel CPU2 executes dwc3_gadget_suspend where it finds\ndwc->gadget_driver which is not NULL and resumes execution and then\nCPU1 completes execution. CPU2 executes dwc3_disconnect_gadget where\nit checks dwc->gadget_driver is already NULL because of which the\nNULL pointer deference occur.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26715 was patched at 2024-05-15

ubuntu: CVE-2024-26715 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

5008. Memory Corruption - Linux Kernel (CVE-2024-26717) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nHID: i2c-hid-of: fix NULL-deref on failed power up\n\nA while back the I2C HID implementation was split in an ACPI and OF\npart, but the new OF driver never initialises the client pointer which\nis dereferenced on power-up failures.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26717 was patched at 2024-05-15

ubuntu: CVE-2024-26717 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

5009. Memory Corruption - Linux Kernel (CVE-2024-26718) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: dm-crypt, dm-verity: disable tasklets Tasklets have an inherent problem with memory corruption. The function tasklet_action_common calls tasklet_trylock, then it calls the tasklet callback and then it calls tasklet_unlock. If the tasklet callback frees the structure that contains the tasklet or if it calls some code that may free it, tasklet_unlock will write into free memory. The commits 8e14f610159d and d9a02e016aaf try to fix it for dm-crypt, but it is not a sufficient fix and the data corruption can still happen [1]. There is no fix for dm-verity and dm-verity will write into free memory with every tasklet-processed bio. There will be atomic workqueues implemented in the kernel 6.9 [2]. They will have better interface and they will not suffer from the memory corruption problem. But we need something that stops the memory corruption now and that can be backported to the stable kernels. So, I'm proposing this commit that disables tasklets in both dm-crypt and dm-verity. This commit doesn't remove the tasklet support, because the tasklet code will be reused when atomic workqueues will be implemented. [1] https://lore.kernel.org/all/d390d7ee-f142-44d3-822a-87949e14608b@suse.de/T/ [2] https://lore.kernel.org/lkml/20240130091300.2968534-1-tj@kernel.org/

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26718 was patched at 2024-05-15

5010. Memory Corruption - Linux Kernel (CVE-2024-26731) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()\n\nsyzbot reported the following NULL pointer dereference issue [1]:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n [...]\n RIP: 0010:0x0\n [...]\n Call Trace:\n <TASK>\n sk_psock_verdict_data_ready+0x232/0x340 net/core/skmsg.c:1230\n unix_stream_sendmsg+0x9b4/0x1230 net/unix/af_unix.c:2293\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\nIf sk_psock_verdict_data_ready() and sk_psock_stop_verdict() are called\nconcurrently, psock->saved_data_ready can be NULL, causing the above issue.\n\nThis patch fixes this issue by calling the appropriate data ready function\nusing the sk_psock_data_ready() helper and protecting it from concurrency\nwith sk->sk_callback_lock.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26731 was patched at 2024-05-15

5011. Memory Corruption - Linux Kernel (CVE-2024-26735) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations structure for the subsystem must be registered before registering the generic netlink family.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26735 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-26735 was patched at 2024-06-06

redhat: CVE-2024-26735 was patched at 2024-05-29

ubuntu: CVE-2024-26735 was patched at 2024-05-16, 2024-05-20, 2024-05-21, 2024-05-23, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

5012. Memory Corruption - Linux Kernel (CVE-2024-26748) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if (request->complete) { 830 spin_unlock(&priv_dev->lock); 831 usb_gadget_giveback_request(&priv_ep->endpoint, 832 request); 833 spin_lock(&priv_dev->lock); 834 } 835 836 if (request->buf == priv_dev->zlp_buf) 837 cdns3_gadget_ep_free_request(&priv_ep->endpoint, request); Driver append an additional zero packet request when queue a packet, which length mod max packet size is 0. When transfer complete, run to line 831, usb_gadget_giveback_request() will free this requestion. 836 condition is true, so cdns3_gadget_ep_free_request() free this request again. Log: [ 1920.140696][ T150] BUG: KFENCE: use-after-free read in cdns3_gadget_giveback+0x134/0x2c0 [cdns3] [ 1920.140696][ T150] [ 1920.151837][ T150] Use-after-free read at 0x000000003d1cd10b (in kfence-#36): [ 1920.159082][ T150] cdns3_gadget_giveback+0x134/0x2c0 [cdns3] [ 1920.164988][ T150] cdns3_transfer_completed+0x438/0x5f8 [cdns3] Add check at line 829, skip call usb_gadget_giveback_request() if it is additional zero length packet request. Needn't call usb_gadget_giveback_request() because it is allocated in this driver.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26748 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26748 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

5013. Memory Corruption - Linux Kernel (CVE-2024-26749) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() ... cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request); list_del_init(&priv_req->list); ... 'priv_req' actually free at cdns3_gadget_ep_free_request(). But list_del_init() use priv_req->list after it. [ 1542.642868][ T534] BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xd4 [ 1542.642868][ T534] [ 1542.653162][ T534] Use-after-free read at 0x000000009ed0ba99 (in kfence-#3): [ 1542.660311][ T534] __list_del_entry_valid+0x10/0xd4 [ 1542.665375][ T534] cdns3_gadget_ep_disable+0x1f8/0x388 [cdns3] [ 1542.671571][ T534] usb_ep_disable+0x44/0xe4 [ 1542.675948][ T534] ffs_func_eps_disable+0x64/0xc8 [ 1542.680839][ T534] ffs_func_set_alt+0x74/0x368 [ 1542.685478][ T534] ffs_func_disable+0x18/0x28 Move list_del_init() before cdns3_gadget_ep_free_request() to resolve this problem.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26749 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26749 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

5014. Memory Corruption - Linux Kernel (CVE-2024-26754) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() The gtp_net_ops pernet operations structure for the subsystem must be registered before registering the generic netlink family. Syzkaller hit 'general protection fault in gtp_genl_dump_pdp' bug: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 1 PID: 5826 Comm: gtp Not tainted 6.8.0-rc3-std-def-alt1 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014 RIP: 0010:gtp_genl_dump_pdp+0x1be/0x800 [gtp] Code: c6 89 c6 e8 64 e9 86 df 58 45 85 f6 0f 85 4e 04 00 00 e8 c5 ee 86 df 48 8b 54 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 de 05 00 00 48 8b 44 24 18 4c 8b 30 4c 39 f0 74 RSP: 0018:ffff888014107220 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 R13: ffff88800fcda588 R14: 0000000000000001 R15: 0000000000000000 FS: 00007f1be4eb05c0(0000) GS:ffff88806ce80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1be4e766cf CR3: 000000000c33e000 CR4: 0000000000750ef0 PKRU: 55555554 Call Trace: <TASK> ? show_regs+0x90/0xa0 ? die_addr+0x50/0xd0 ? exc_general_protection+0x148/0x220 ? asm_exc_general_protection+0x22/0x30 ? gtp_genl_dump_pdp+0x1be/0x800 [gtp] ? __alloc_skb+0x1dd/0x350 ? __pfx___alloc_skb+0x10/0x10 genl_dumpit+0x11d/0x230 netlink_dump+0x5b9/0xce0 ? lockdep_hardirqs_on_prepare+0x253/0x430 ? __pfx_netlink_dump+0x10/0x10 ? kasan_save_track+0x10/0x40 ? __kasan_kmalloc+0x9b/0xa0 ? genl_start+0x675/0x970 __netlink_dump_start+0x6fc/0x9f0 genl_family_rcv_msg_dumpit+0x1bb/0x2d0 ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 ? genl_op_from_small+0x2a/0x440 ? cap_capable+0x1d0/0x240 ? __pfx_genl_start+0x10/0x10 ? __pfx_genl_dumpit+0x10/0x10 ? __pfx_genl_done+0x10/0x10 ? security_capable+0x9d/0xe0

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26754 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26754 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

5015. Memory Corruption - Linux Kernel (CVE-2024-26779) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix race condition on enabling fast-xmit fast-xmit must only be enabled after the sta has been uploaded to the driver, otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls to the driver, leading to potential crashes because of uninitialized drv_priv data. Add a missing sta->uploaded check and re-check fast xmit after inserting a sta.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26779 was patched at 2024-06-05

debian: CVE-2024-26779 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-26779 was patched at 2024-06-05

redhat: CVE-2024-26779 was patched at 2024-06-05

ubuntu: CVE-2024-26779 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

5016. Memory Corruption - Linux Kernel (CVE-2024-26782) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix double-free on socket dismantle\n\nwhen MPTCP server accepts an incoming connection, it clones its listener\nsocket. However, the pointer to 'inet_opt' for the new socket has the same\nvalue as the original one: as a consequence, on program exit it's possible\nto observe the following splat:\n\n BUG: KASAN: double-free in inet_sock_destruct+0x54f/0x8b0\n Free of addr ffff888485950880 by task swapper/25/0\n\n CPU: 25 PID: 0 Comm: swapper/25 Kdump: loaded Not tainted 6.8.0-rc1+ #609\n Hardware name: Supermicro SYS-6027R-72RF/X9DRH-7TF/7F/iTF/iF, BIOS 3.0 07/26/2013\n Call Trace:\n <IRQ>\n dump_stack_lvl+0x32/0x50\n print_report+0xca/0x620\n kasan_report_invalid_free+0x64/0x90\n __kasan_slab_free+0x1aa/0x1f0\n kfree+0xed/0x2e0\n inet_sock_destruct+0x54f/0x8b0\n __sk_destruct+0x48/0x5b0\n rcu_do_batch+0x34e/0xd90\n rcu_core+0x559/0xac0\n __do_softirq+0x183/0x5a4\n irq_exit_rcu+0x12d/0x170\n sysvec_apic_timer_interrupt+0x6b/0x80\n </IRQ>\n <TASK>\n asm_sysvec_apic_timer_interrupt+0x16/0x20\n RIP: 0010:cpuidle_enter_state+0x175/0x300\n Code: 30 00 0f 84 1f 01 00 00 83 e8 01 83 f8 ff 75 e5 48 83 c4 18 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc fb 45 85 ed <0f> 89 60 ff ff ff 48 c1 e5 06 48 c7 43 18 00 00 00 00 48 83 44 2b\n RSP: 0018:ffff888481cf7d90 EFLAGS: 00000202\n RAX: 0000000000000000 RBX: ffff88887facddc8 RCX: 0000000000000000\n RDX: 1ffff1110ff588b1 RSI: 0000000000000019 RDI: ffff88887fac4588\n RBP: 0000000000000004 R08: 0000000000000002 R09: 0000000000043080\n R10: 0009b02ea273363f R11: ffff88887fabf42b R12: ffffffff932592e0\n R13: 0000000000000004 R14: 0000000000000000 R15: 00000022c880ec80\n cpuidle_enter+0x4a/0xa0\n do_idle+0x310/0x410\n cpu_startup_entry+0x51/0x60\n start_secondary+0x211/0x270\n secondary_startup_64_no_verify+0x184/0x18b\n </TASK>\n\n Allocated by task 6853:\n kasan_save_stack+0x1c/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0xa6/0xb0\n __kmalloc+0x1eb/0x450\n cipso_v4_sock_setattr+0x96/0x360\n netlbl_sock_setattr+0x132/0x1f0\n selinux_netlbl_socket_post_create+0x6c/0x110\n selinux_socket_post_create+0x37b/0x7f0\n security_socket_post_create+0x63/0xb0\n __sock_create+0x305/0x450\n __sys_socket_create.part.23+0xbd/0x130\n __sys_socket+0x37/0xb0\n __x64_sys_socket+0x6f/0xb0\n do_syscall_64+0x83/0x160\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\n Freed by task 6858:\n kasan_save_stack+0x1c/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x12c/0x1f0\n kfree+0xed/0x2e0\n inet_sock_destruct+0x54f/0x8b0\n __sk_destruct+0x48/0x5b0\n subflow_ulp_release+0x1f0/0x250\n tcp_cleanup_ulp+0x6e/0x110\n tcp_v4_destroy_sock+0x5a/0x3a0\n inet_csk_destroy_sock+0x135/0x390\n tcp_fin+0x416/0x5c0\n tcp_data_queue+0x1bc8/0x4310\n tcp_rcv_state_process+0x15a3/0x47b0\n tcp_v4_do_rcv+0x2c1/0x990\n tcp_v4_rcv+0x41fb/0x5ed0\n ip_protocol_deliver_rcu+0x6d/0x9f0\n ip_local_deliver_finish+0x278/0x360\n ip_local_deliver+0x182/0x2c0\n ip_rcv+0xb5/0x1c0\n __netif_receive_skb_one_core+0x16e/0x1b0\n process_backlog+0x1e3/0x650\n __napi_poll+0xa6/0x500\n net_rx_action+0x740/0xbb0\n __do_softirq+0x183/0x5a4\n\n The buggy address belongs to the object at ffff888485950880\n which belongs to the cache kmalloc-64 of size 64\n The buggy address is located 0 bytes inside of\n 64-byte region [ffff888485950880, ffff8884859508c0)\n\n The buggy address belongs to the physical page:\n page:0000000056d1e95e refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888485950700 pfn:0x485950\n flags: 0x57ffffc0000800(slab|node=1|zone=2|lastcpupid=0x1fffff)\n page_type: 0xffffffff()\n raw: 0057ffffc0000800 ffff88810004c640 ffffea00121b8ac0 dead000000000006\n raw: ffff888485950700 0000000000200019 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff888485950780: fa fb fb\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26782 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26782 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5017. Memory Corruption - Linux Kernel (CVE-2024-26792) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix double free of anonymous device after snapshot creation failure\n\nWhen creating a snapshot we may do a double free of an anonymous device\nin case there's an error committing the transaction. The second free may\nresult in freeing an anonymous device number that was allocated by some\nother subsystem in the kernel or another btrfs filesystem.\n\nThe steps that lead to this:\n\n1) At ioctl.c:create_snapshot() we allocate an anonymous device number\n and assign it to pending_snapshot->anon_dev;\n\n2) Then we call btrfs_commit_transaction() and end up at\n transaction.c:create_pending_snapshot();\n\n3) There we call btrfs_get_new_fs_root() and pass it the anonymous device\n number stored in pending_snapshot->anon_dev;\n\n4) btrfs_get_new_fs_root() frees that anonymous device number because\n btrfs_lookup_fs_root() returned a root - someone else did a lookup\n of the new root already, which could some task doing backref walking;\n\n5) After that some error happens in the transaction commit path, and at\n ioctl.c:create_snapshot() we jump to the 'fail' label, and after\n that we free again the same anonymous device number, which in the\n meanwhile may have been reallocated somewhere else, because\n pending_snapshot->anon_dev still has the same value as in step 1.\n\nRecently syzbot ran into this and reported the following trace:\n\n ------------[ cut here ]------------\n ida_free called for id=51 which is not allocated.\n WARNING: CPU: 1 PID: 31038 at lib/idr.c:525 ida_free+0x370/0x420 lib/idr.c:525\n Modules linked in:\n CPU: 1 PID: 31038 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-00410-gc02197fc9076 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\n RIP: 0010:ida_free+0x370/0x420 lib/idr.c:525\n Code: 10 42 80 3c 28 (...)\n RSP: 0018:ffffc90015a67300 EFLAGS: 00010246\n RAX: be5130472f5dd000 RBX: 0000000000000033 RCX: 0000000000040000\n RDX: ffffc90009a7a000 RSI: 000000000003ffff RDI: 0000000000040000\n RBP: ffffc90015a673f0 R08: ffffffff81577992 R09: 1ffff92002b4cdb4\n R10: dffffc0000000000 R11: fffff52002b4cdb5 R12: 0000000000000246\n R13: dffffc0000000000 R14: ffffffff8e256b80 R15: 0000000000000246\n FS: 00007fca3f4b46c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f167a17b978 CR3: 000000001ed26000 CR4: 0000000000350ef0\n Call Trace:\n <TASK>\n btrfs_get_root_ref+0xa48/0xaf0 fs/btrfs/disk-io.c:1346\n create_pending_snapshot+0xff2/0x2bc0 fs/btrfs/transaction.c:1837\n create_pending_snapshots+0x195/0x1d0 fs/btrfs/transaction.c:1931\n btrfs_commit_transaction+0xf1c/0x3740 fs/btrfs/transaction.c:2404\n create_snapshot+0x507/0x880 fs/btrfs/ioctl.c:848\n btrfs_mksubvol+0x5d0/0x750 fs/btrfs/ioctl.c:998\n btrfs_mksnapshot+0xb5/0xf0 fs/btrfs/ioctl.c:1044\n __btrfs_ioctl_snap_create+0x387/0x4b0 fs/btrfs/ioctl.c:1306\n btrfs_ioctl_snap_create_v2+0x1ca/0x400 fs/btrfs/ioctl.c:1393\n btrfs_ioctl+0xa74/0xd40\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:871 [inline]\n __se_sys_ioctl+0xfe/0x170 fs/ioctl.c:857\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n RIP: 0033:0x7fca3e67dda9\n Code: 28 00 00 00 (...)\n RSP: 002b:00007fca3f4b40c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n RAX: ffffffffffffffda RBX: 00007fca3e7abf80 RCX: 00007fca3e67dda9\n RDX: 00000000200005c0 RSI: 0000000050009417 RDI: 0000000000000003\n RBP: 00007fca3e6ca47a R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 000000000000000b R14: 00007fca3e7abf80 R15: 00007fff6bf95658\n </TASK>\n\nWhere we get an explicit message where we attempt to free an anonymous\ndevice number that is not currently allocated. It happens in a different\ncode path from the example below, at btrfs_get_root_ref(), so this change\nmay not fix the case triggered by sy\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26792 was patched at 2024-05-15

ubuntu: CVE-2024-26792 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5018. Memory Corruption - Linux Kernel (CVE-2024-26793) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_newlink() The gtp_link_ops operations structure for the subsystem must be registered after registering the gtp_net_ops pernet operations structure. Syzkaller hit 'general protection fault in gtp_genl_dump_pdp' bug: [ 1010.702740] gtp: GTP module unloaded [ 1010.715877] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI [ 1010.715888] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] [ 1010.715895] CPU: 1 PID: 128616 Comm: a.out Not tainted 6.8.0-rc6-std-def-alt1 #1 [ 1010.715899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014 [ 1010.715908] RIP: 0010:gtp_newlink+0x4d7/0x9c0 [gtp] [ 1010.715915] Code: 80 3c 02 00 0f 85 41 04 00 00 48 8b bb d8 05 00 00 e8 ed f6 ff ff 48 89 c2 48 89 c5 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 4f 04 00 00 4c 89 e2 4c 8b 6d 00 48 b8 00 00 00 [ 1010.715920] RSP: 0018:ffff888020fbf180 EFLAGS: 00010203 [ 1010.715929] RAX: dffffc0000000000 RBX: ffff88800399c000 RCX: 0000000000000000 [ 1010.715933] RDX: 0000000000000001 RSI: ffffffff84805280 RDI: 0000000000000282 [ 1010.715938] RBP: 000000000000000d R08: 0000000000000001 R09: 0000000000000000 [ 1010.715942] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800399cc80 [ 1010.715947] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000400 [ 1010.715953] FS: 00007fd1509ab5c0(0000) GS:ffff88805b300000(0000) knlGS:0000000000000000 [ 1010.715958] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1010.715962] CR2: 0000000000000000 CR3: 000000001c07a000 CR4: 0000000000750ee0 [ 1010.715968] PKRU: 55555554 [ 1010.715972] Call Trace: [ 1010.715985] ? __die_body.cold+0x1a/0x1f [ 1010.715995] ? die_addr+0x43/0x70 [ 1010.716002] ? exc_general_protection+0x199/0x2f0 [ 1010.716016] ? asm_exc_general_protection+0x1e/0x30 [ 1010.716026] ? gtp_newlink+0x4d7/0x9c0 [gtp] [ 1010.716034] ? gtp_net_exit+0x150/0x150 [gtp] [ 1010.716042] __rtnl_newlink+0x1063/0x1700 [ 1010.716051] ? rtnl_setlink+0x3c0/0x3c0 [ 1010.716063] ? is_bpf_text_address+0xc0/0x1f0 [ 1010.716070] ? kernel_text_address.part.0+0xbb/0xd0 [ 1010.716076] ? __kernel_text_address+0x56/0xa0 [ 1010.716084] ? unwind_get_return_address+0x5a/0xa0 [ 1010.716091] ? create_prof_cpu_mask+0x30/0x30 [ 1010.716098] ? arch_stack_walk+0x9e/0xf0 [ 1010.716106] ? stack_trace_save+0x91/0xd0 [ 1010.716113] ? stack_trace_consume_entry+0x170/0x170 [ 1010.716121] ? __lock_acquire+0x15c5/0x5380 [ 1010.716139] ? mark_held_locks+0x9e/0xe0 [ 1010.716148] ? kmem_cache_alloc_trace+0x35f/0x3c0 [ 1010.716155] ? __rtnl_newlink+0x1700/0x1700 [ 1010.716160] rtnl_newlink+0x69/0xa0 [ 1010.716166] rtnetlink_rcv_msg+0x43b/0xc50 [ 1010.716172] ? rtnl_fdb_dump+0x9f0/0x9f0 [ 1010.716179] ? lock_acquire+0x1fe/0x560 [ 1010.716188] ? netlink_deliver_tap+0x12f/0xd50 [ 1010.716196] netlink_rcv_skb+0x14d/0x440 [ 1010.716202] ? rtnl_fdb_dump+0x9f0/0x9f0 [ 1010.716208] ? netlink_ack+0xab0/0xab0 [ 1010.716213] ? netlink_deliver_tap+0x202/0xd50 [ 1010.716220] ? netlink_deliver_tap+0x218/0xd50 [ 1010.716226] ? __virt_addr_valid+0x30b/0x590 [ 1010.716233] netlink_unicast+0x54b/0x800 [ 1010.716240] ? netlink_attachskb+0x870/0x870 [ 1010.716248] ? __check_object_size+0x2de/0x3b0 [ 1010.716254] netlink_sendmsg+0x938/0xe40 [ 1010.716261] ? netlink_unicast+0x800/0x800 [ 1010.716269] ? __import_iovec+0x292/0x510 [ 1010.716276] ? netlink_unicast+0x800/0x800 [ 1010.716284] __sock_sendmsg+0x159/0x190 [ 1010.716290] ____sys_sendmsg+0x712/0x880 [ 1010.716297] ? sock_write_iter+0x3d0/0x3d0 [ 1010.716304] ? __ia32_sys_recvmmsg+0x270/0x270 [ 1010.716309] ? lock_acquire+0x1fe/0x560 [ 1010.716315] ? drain_array_locked+0x90/0x90 [ 1010.716324] ___sys_sendmsg+0xf8/0x170 [ 1010.716331] ? sendmsg_copy_msghdr+0x170/0x170 [ 1010.716337] ? lockdep_init_map ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26793 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26793 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

5019. Memory Corruption - Linux Kernel (CVE-2024-26801) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Avoid potential use-after-free in hci_error_reset While handling the HCI_EV_HARDWARE_ERROR event, if the underlying BT controller is not responding, the GPIO reset mechanism would free the hci_dev and lead to a use-after-free in hci_error_reset. Here's the call trace observed on a ChromeOS device with Intel AX201: queue_work_on+0x3e/0x6c __hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth <HASH:3b4a6>] ? init_wait_entry+0x31/0x31 __hci_cmd_sync+0x16/0x20 [bluetooth <HASH:3b4a 6>] hci_error_reset+0x4f/0xa4 [bluetooth <HASH:3b4a 6>] process_one_work+0x1d8/0x33f worker_thread+0x21b/0x373 kthread+0x13a/0x152 ? pr_cont_work+0x54/0x54 ? kthread_blkcg+0x31/0x31 ret_from_fork+0x1f/0x30 This patch holds the reference count on the hci_dev while processing a HCI_EV_HARDWARE_ERROR event to avoid potential crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26801 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26801 was patched at 2024-05-16, 2024-05-20, 2024-05-21, 2024-05-23, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

5020. Memory Corruption - Linux Kernel (CVE-2024-26804) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: prevent perpetual headroom growth syzkaller triggered following kasan splat: BUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170 Read of size 1 at addr ffff88812fb4000e by task syz-executor183/5191 [..] kasan_report+0xda/0x110 mm/kasan/report.c:588 __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170 skb_flow_dissect_flow_keys include/linux/skbuff.h:1514 [inline] ___skb_get_hash net/core/flow_dissector.c:1791 [inline] __skb_get_hash+0xc7/0x540 net/core/flow_dissector.c:1856 skb_get_hash include/linux/skbuff.h:1556 [inline] ip_tunnel_xmit+0x1855/0x33c0 net/ipv4/ip_tunnel.c:748 ipip_tunnel_xmit+0x3cc/0x4e0 net/ipv4/ipip.c:308 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564 __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x42c/0x5d0 net/core/neighbour.c:1592 ... ip_finish_output2+0x833/0x2550 net/ipv4/ip_output.c:235 ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323 .. iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1dbc/0x33c0 net/ipv4/ip_tunnel.c:831 ipgre_xmit+0x4a1/0x980 net/ipv4/ip_gre.c:665 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564 ... The splat occurs because skb->data points past skb->head allocated area. This is because neigh layer does: __skb_pull(skb, skb_network_offset(skb)); ... but skb_network_offset() returns a negative offset and __skb_pull() arg is unsigned. IOW, we skb->data gets "adjusted" by a huge value. The negative value is returned because skb->head and skb->data distance is more than 64k and skb->network_header (u16) has wrapped around. The bug is in the ip_tunnel infrastructure, which can cause dev->needed_headroom to increment ad infinitum. The syzkaller reproducer consists of packets getting routed via a gre tunnel, and route of gre encapsulated packets pointing at another (ipip) tunnel. The ipip encapsulation finds gre0 as next output device. This results in the following pattern: 1). First packet is to be sent out via gre0. Route lookup found an output device, ipip0. 2). ip_tunnel_xmit for gre0 bumps gre0->needed_headroom based on the future output device, rt.dev->needed_headroom (ipip0). 3). ip output / start_xmit moves skb on to ipip0. which runs the same code path again (xmit recursion). 4). Routing step for the post-gre0-encap packet finds gre0 as output device to use for ipip0 encapsulated packet. tunl0->needed_headroom is then incremented based on the (already bumped) gre0 device headroom. This repeats for every future packet: gre0->needed_headroom gets inflated because previous packets' ipip0 step incremented rt->dev (gre0) headroom, and ipip0 incremented because gre0 needed_headroom was increased. For each subsequent packet, gre/ipip0->needed_headroom grows until post-expand-head reallocations result in a skb->head/data distance of more than 64k. Once that happens, skb->network_header (u16) wraps around when pskb_expand_head tries to make sure that skb_network_offset() is unchanged after the headroom expansion/reallocation. After this skb_network_offset(skb) returns a different (and negative) result post headroom expansion. The next trip to neigh layer (or anything else that would __skb_pull the network header) makes skb->data point to a memory location outside skb->head area. v2: Cap the needed_headroom update to an arbitarily chosen upperlimit to prevent perpetual increase instead of dropping the headroom increment completely.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26804 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-26804 was patched at 2024-05-23

redhat: CVE-2024-26804 was patched at 2024-05-29

ubuntu: CVE-2024-26804 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

5021. Memory Corruption - Linux Kernel (CVE-2024-26807) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: spi: cadence-qspi: fix pointer reference in runtime PM hooks dev_get_drvdata() gets used to acquire the pointer to cqspi and the SPI controller. Neither embed the other; this lead to memory corruption. On a given platform (Mobileye EyeQ5) the memory corruption is hidden inside cqspi->f_pdata. Also, this uninitialised memory is used as a mutex (ctlr->bus_lock_mutex) by spi_controller_suspend().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26807 was patched at 2024-05-15

5022. Memory Corruption - Linux Kernel (CVE-2024-26832) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix missing folio cleanup in writeback race path In zswap_writeback_entry(), after we get a folio from __read_swap_cache_async(), we grab the tree lock again to check that the swap entry was not invalidated and recycled. If it was, we delete the folio we just added to the swap cache and exit. However, __read_swap_cache_async() returns the folio locked when it is newly allocated, which is always true for this path, and the folio is ref'd. Make sure to unlock and put the folio before returning. This was discovered by code inspection, probably because this path handles a race condition that should not happen often, and the bug would not crash the system, it will only strand the folio indefinitely.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26832 was patched at 2024-05-15

5023. Memory Corruption - Linux Kernel (CVE-2024-26833) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix memory leak in dm_sw_fini() After destroying dmub_srv, the memory associated with it is not freed, causing a memory leak: unreferenced object 0xffff896302b45800 (size 1024): comm "(udev-worker)", pid 222, jiffies 4294894636 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 6265fd77): [<ffffffff993495ed>] kmalloc_trace+0x29d/0x340 [<ffffffffc0ea4a94>] dm_dmub_sw_init+0xb4/0x450 [amdgpu] [<ffffffffc0ea4e55>] dm_sw_init+0x15/0x2b0 [amdgpu] [<ffffffffc0ba8557>] amdgpu_device_init+0x1417/0x24e0 [amdgpu] [<ffffffffc0bab285>] amdgpu_driver_load_kms+0x15/0x190 [amdgpu] [<ffffffffc0ba09c7>] amdgpu_pci_probe+0x187/0x4e0 [amdgpu] [<ffffffff9968fd1e>] local_pci_probe+0x3e/0x90 [<ffffffff996918a3>] pci_device_probe+0xc3/0x230 [<ffffffff99805872>] really_probe+0xe2/0x480 [<ffffffff99805c98>] __driver_probe_device+0x78/0x160 [<ffffffff99805daf>] driver_probe_device+0x1f/0x90 [<ffffffff9980601e>] __driver_attach+0xce/0x1c0 [<ffffffff99803170>] bus_for_each_dev+0x70/0xc0 [<ffffffff99804822>] bus_add_driver+0x112/0x210 [<ffffffff99807245>] driver_register+0x55/0x100 [<ffffffff990012d1>] do_one_initcall+0x41/0x300 Fix this by freeing dmub_srv after destroying it.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26833 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26833 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5024. Memory Corruption - Linux Kernel (CVE-2024-26840) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix memory leak in cachefiles_add_cache() The following memory leak was reported after unbinding /dev/cachefiles: ================================================================== unreferenced object 0xffff9b674176e3c0 (size 192): comm "cachefilesd2", pid 680, jiffies 4294881224 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc ea38a44b): [<ffffffff8eb8a1a5>] kmem_cache_alloc+0x2d5/0x370 [<ffffffff8e917f86>] prepare_creds+0x26/0x2e0 [<ffffffffc002eeef>] cachefiles_determine_cache_security+0x1f/0x120 [<ffffffffc00243ec>] cachefiles_add_cache+0x13c/0x3a0 [<ffffffffc0025216>] cachefiles_daemon_write+0x146/0x1c0 [<ffffffff8ebc4a3b>] vfs_write+0xcb/0x520 [<ffffffff8ebc5069>] ksys_write+0x69/0xf0 [<ffffffff8f6d4662>] do_syscall_64+0x72/0x140 [<ffffffff8f8000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 ================================================================== Put the reference count of cache_cred in cachefiles_daemon_unbind() to fix the problem. And also put cache_cred in cachefiles_add_cache() error branch to avoid memory leaks.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26840 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26840 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

5025. Memory Corruption - Linux Kernel (CVE-2024-26852) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() syzbot found another use-after-free in ip6_route_mpath_notify() [1] Commit f7225172f25a ("net/ipv6: prevent use after free in ip6_route_mpath_notify") was not able to fix the root cause. We need to defer the fib6_info_release() calls after ip6_route_mpath_notify(), in the cleanup phase. [1] BUG: KASAN: slab-use-after-free in rt6_fill_node+0x1460/0x1ac0 Read of size 4 at addr ffff88809a07fc64 by task syz-executor.2/23037 CPU: 0 PID: 23037 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-01035-gea7f3cfaa588 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0x167/0x540 mm/kasan/report.c:488 kasan_report+0x142/0x180 mm/kasan/report.c:601 rt6_fill_node+0x1460/0x1ac0 inet6_rt_notify+0x13b/0x290 net/ipv6/route.c:6184 ip6_route_mpath_notify net/ipv6/route.c:5198 [inline] ip6_route_multipath_add net/ipv6/route.c:5404 [inline] inet6_rtm_newroute+0x1d0f/0x2300 net/ipv6/route.c:5517 rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367 netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77 RIP: 0033:0x7f73dd87dda9 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f73de6550c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f73dd9ac050 RCX: 00007f73dd87dda9 RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005 RBP: 00007f73dd8ca47a R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 000000000000006e R14: 00007f73dd9ac050 R15: 00007ffdbdeb7858 </TASK> Allocated by task 23037: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:372 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:389 kasan_kmalloc include/linux/kasan.h:211 [inline] __do_kmalloc_node mm/slub.c:3981 [inline] __kmalloc+0x22e/0x490 mm/slub.c:3994 kmalloc include/linux/slab.h:594 [inline] kzalloc include/linux/slab.h:711 [inline] fib6_info_alloc+0x2e/0xf0 net/ipv6/ip6_fib.c:155 ip6_route_info_create+0x445/0x12b0 net/ipv6/route.c:3758 ip6_route_multipath_add net/ipv6/route.c:5298 [inline] inet6_rtm_newroute+0x744/0x2300 net/ipv6/route.c:5517 rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6597 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367 netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77 Freed by task 16: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x4e/0x60 mm/kasan/generic.c:640 poison_slab_object+0xa6/0xe0 m ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26852 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26852 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5026. Memory Corruption - Linux Kernel (CVE-2024-26853) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: igc: avoid returning frame twice in XDP_REDIRECT When a frame can not be transmitted in XDP_REDIRECT (e.g. due to a full queue), it is necessary to free it by calling xdp_return_frame_rx_napi. However, this is the responsibility of the caller of the ndo_xdp_xmit (see for example bq_xmit_all in kernel/bpf/devmap.c) and thus calling it inside igc_xdp_xmit (which is the ndo_xdp_xmit of the igc driver) as well will lead to memory corruption. In fact, bq_xmit_all expects that it can return all frames after the last successfully transmitted one. Therefore, break for the first not transmitted frame, but do not call xdp_return_frame_rx_napi in igc_xdp_xmit. This is equally implemented in other Intel drivers such as the igb. There are two alternatives to this that were rejected: 1. Return num_frames as all the frames would have been transmitted and release them inside igc_xdp_xmit. While it might work technically, it is not what the return value is meant to represent (i.e. the number of SUCCESSFULLY transmitted packets). 2. Rework kernel/bpf/devmap.c and all drivers to support non-consecutively dropped packets. Besides being complex, it likely has a negative performance impact without a significant gain since it is anyway unlikely that the next frame can be transmitted if the previous one was dropped. The memory corruption can be reproduced with the following script which leads to a kernel panic after a few seconds. It basically generates more traffic than a i225 NIC can transmit and pushes it via XDP_REDIRECT from a virtual interface to the physical interface where frames get dropped. #!/bin/bash INTERFACE=enp4s0 INTERFACE_IDX=`cat /sys/class/net/$INTERFACE/ifindex` sudo ip link add dev veth1 type veth peer name veth2 sudo ip link set up $INTERFACE sudo ip link set up veth1 sudo ip link set up veth2 cat << EOF > redirect.bpf.c SEC("prog") int redirect(struct xdp_md *ctx) { return bpf_redirect($INTERFACE_IDX, 0); } char _license[] SEC("license") = "GPL"; EOF clang -O2 -g -Wall -target bpf -c redirect.bpf.c -o redirect.bpf.o sudo ip link set veth2 xdp obj redirect.bpf.o cat << EOF > pass.bpf.c SEC("prog") int pass(struct xdp_md *ctx) { return XDP_PASS; } char _license[] SEC("license") = "GPL"; EOF clang -O2 -g -Wall -target bpf -c pass.bpf.c -o pass.bpf.o sudo ip link set $INTERFACE xdp obj pass.bpf.o cat << EOF > trafgen.cfg { /* Ethernet Header */ 0xe8, 0x6a, 0x64, 0x41, 0xbf, 0x46, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, const16(ETH_P_IP), /* IPv4 Header */ 0b01000101, 0, # IPv4 version, IHL, TOS const16(1028), # IPv4 total length (UDP length + 20 bytes (IP header)) const16(2), # IPv4 ident 0b01000000, 0, # IPv4 flags, fragmentation off 64, # IPv4 TTL 17, # Protocol UDP csumip(14, 33), # IPv4 checksum /* UDP Header */ 10, 0, 1, 1, # IP Src - adapt as needed 10, 0, 1, 2, # IP Dest - adapt as needed const16(6666), # UDP Src Port const16(6666), # UDP Dest Port const16(1008), # UDP length (UDP header 8 bytes + payload length) csumudp(14, 34), # UDP checksum /* Payload */ fill('W', 1000), } EOF sudo trafgen -i trafgen.cfg -b3000MB -o veth1 --cpp

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26853 was patched at 2024-05-15

5027. Memory Corruption - Linux Kernel (CVE-2024-26856) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sparx5: Fix use after free inside sparx5_del_mact_entry\n\nBased on the static analyzis of the code it looks like when an entry\nfrom the MAC table was removed, the entry was still used after being\nfreed. More precise the vid of the mac_entry was used after calling\ndevm_kfree on the mac_entry.\nThe fix consists in first using the vid of the mac_entry to delete the\nentry from the HW and after that to free it.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26856 was patched at 2024-05-15

ubuntu: CVE-2024-26856 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5028. Memory Corruption - Linux Kernel (CVE-2024-26859) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a race condition when handling reset tasks. The bnx2x_tx_timeout() schedules reset tasks via bnx2x_sp_rtnl_task(), which ultimately leads to bnx2x_nic_unload(). In bnx2x_nic_unload() SGEs are freed using bnx2x_free_rx_sge_range(). However, this could overlap with the EEH driver's attempt to reset the device using bnx2x_io_slot_reset(), which also tries to free SGEs. This race condition can result in system crashes due to accessing freed memory locations in bnx2x_free_rx_sge() 799 static inline void bnx2x_free_rx_sge(struct bnx2x *bp, 800 struct bnx2x_fastpath *fp, u16 index) 801 { 802 struct sw_rx_page *sw_buf = &fp->rx_page_ring[index]; 803 struct page *page = sw_buf->page; .... where sw_buf was set to NULL after the call to dma_unmap_page() by the preceding thread. EEH: Beginning: 'slot_reset' PCI 0011:01:00.0#10000: EEH: Invoking bnx2x->slot_reset() bnx2x: [bnx2x_io_slot_reset:14228(eth1)]IO slot reset initializing... bnx2x 0011:01:00.0: enabling device (0140 -> 0142) bnx2x: [bnx2x_io_slot_reset:14244(eth1)]IO slot reset --> driver unload Kernel attempted to read user page (0) - exploit attempt? (uid: 0) BUG: Kernel NULL pointer dereference on read at 0x00000000 Faulting instruction address: 0xc0080000025065fc Oops: Kernel access of bad area, sig: 11 [#1] ..... Call Trace: [c000000003c67a20] [c00800000250658c] bnx2x_io_slot_reset+0x204/0x610 [bnx2x] (unreliable) [c000000003c67af0] [c0000000000518a8] eeh_report_reset+0xb8/0xf0 [c000000003c67b60] [c000000000052130] eeh_pe_report+0x180/0x550 [c000000003c67c70] [c00000000005318c] eeh_handle_normal_event+0x84c/0xa60 [c000000003c67d50] [c000000000053a84] eeh_event_handler+0xf4/0x170 [c000000003c67da0] [c000000000194c58] kthread+0x1c8/0x1d0 [c000000003c67e10] [c00000000000cf64] ret_from_kernel_thread+0x5c/0x64 To solve this issue, we need to verify page pool allocations before freeing.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26859 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26859 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5029. Memory Corruption - Linux Kernel (CVE-2024-26860) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: dm-integrity: fix a memory leak when rechecking the data Memory for the "checksums" pointer will leak if the data is rechecked after checksum failure (because the associated kfree won't happen due to 'goto skip_io'). Fix this by freeing the checksums memory before recheck, and just use the "checksum_onstack" memory for storing checksum during recheck.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26860 was patched at 2024-05-15

ubuntu: CVE-2024-26860 was patched at 2024-06-07, 2024-06-11, 2024-06-14

5030. Memory Corruption - Linux Kernel (CVE-2024-26865) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: rds: tcp: Fix use-after-free of net in reqsk_timer_handler(). syzkaller reported a warning of netns tracker [0] followed by KASAN splat [1] and another ref tracker warning [1]. syzkaller could not find a repro, but in the log, the only suspicious sequence was as follows: 18:26:22 executing program 1: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ... connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4001, 0x0, @loopback}, 0x1c) (async) The notable thing here is 0x4001 in connect(), which is RDS_TCP_PORT. So, the scenario would be: 1. unshare(CLONE_NEWNET) creates a per netns tcp listener in rds_tcp_listen_init(). 2. syz-executor connect()s to it and creates a reqsk. 3. syz-executor exit()s immediately. 4. netns is dismantled. [0] 5. reqsk timer is fired, and UAF happens while freeing reqsk. [1] 6. listener is freed after RCU grace period. [2] Basically, reqsk assumes that the listener guarantees netns safety until all reqsk timers are expired by holding the listener's refcount. However, this was not the case for kernel sockets. Commit 740ea3c4a0b2 ("tcp: Clean up kernel listener's reqsk in inet_twsk_purge()") fixed this issue only for per-netns ehash. Let's apply the same fix for the global ehash. [0]: ref_tracker: net notrefcnt@0000000065449cc3 has 1/1 users at sk_alloc (./include/net/net_namespace.h:337 net/core/sock.c:2146) inet6_create (net/ipv6/af_inet6.c:192 net/ipv6/af_inet6.c:119) __sock_create (net/socket.c:1572) rds_tcp_listen_init (net/rds/tcp_listen.c:279) rds_tcp_init_net (net/rds/tcp.c:577) ops_init (net/core/net_namespace.c:137) setup_net (net/core/net_namespace.c:340) copy_net_ns (net/core/net_namespace.c:497) create_new_namespaces (kernel/nsproxy.c:110) unshare_nsproxy_namespaces (kernel/nsproxy.c:228 (discriminator 4)) ksys_unshare (kernel/fork.c:3429) __x64_sys_unshare (kernel/fork.c:3496) do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) ... WARNING: CPU: 0 PID: 27 at lib/ref_tracker.c:179 ref_tracker_dir_exit (lib/ref_tracker.c:179) [1]: BUG: KASAN: slab-use-after-free in inet_csk_reqsk_queue_drop (./include/net/inet_hashtables.h:180 net/ipv4/inet_connection_sock.c:952 net/ipv4/inet_connection_sock.c:966) Read of size 8 at addr ffff88801b370400 by task swapper/0/0 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 Call Trace: <IRQ> dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1)) print_report (mm/kasan/report.c:378 mm/kasan/report.c:488) kasan_report (mm/kasan/report.c:603) inet_csk_reqsk_queue_drop (./include/net/inet_hashtables.h:180 net/ipv4/inet_connection_sock.c:952 net/ipv4/inet_connection_sock.c:966) reqsk_timer_handler (net/ipv4/inet_connection_sock.c:979 net/ipv4/inet_connection_sock.c:1092) call_timer_fn (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/timer.h:127 kernel/time/timer.c:1701) __run_timers.part.0 (kernel/time/timer.c:1752 kernel/time/timer.c:2038) run_timer_softirq (kernel/time/timer.c:2053) __do_softirq (./arch/x86/include/asm/jump_label.h:27 ./include/linux/jump_label.h:207 ./include/trace/events/irq.h:142 kernel/softirq.c:554) irq_exit_rcu (kernel/softirq.c:427 kernel/softirq.c:632 kernel/softirq.c:644) sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1076 (discriminator 14)) </IRQ> Allocated by task 258 on cpu 0 at 83.612050s: kasan_save_stack (mm/kasan/common.c:48) kasan_save_track (mm/kasan/common.c:68) __kasan_slab_alloc (mm/kasan/common.c:343) kmem_cache_alloc (mm/slub.c:3813 mm/slub.c:3860 mm/slub.c:3867) copy_net_ns (./include/linux/slab.h:701 net/core/net_namespace.c:421 net/core/net_namespace.c:480) create_new_namespaces (kernel/nsproxy.c:110) unshare_nsproxy_name ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26865 was patched at 2024-05-15

ubuntu: CVE-2024-26865 was patched at 2024-06-07, 2024-06-11, 2024-06-14

5031. Memory Corruption - Linux Kernel (CVE-2024-26866) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: spi: lpspi: Avoid potential use-after-free in probe() fsl_lpspi_probe() is allocating/disposing memory manually with spi_alloc_host()/spi_alloc_target(), but uses devm_spi_register_controller(). In case of error after the latter call the memory will be explicitly freed in the probe function by spi_controller_put() call, but used afterwards by "devm" management outside probe() (spi_unregister_controller() <- devm_spi_unregister() below). Unable to handle kernel NULL pointer dereference at virtual address 0000000000000070 ... Call trace: kernfs_find_ns kernfs_find_and_get_ns sysfs_remove_group sysfs_remove_groups device_remove_attrs device_del spi_unregister_controller devm_spi_unregister release_nodes devres_release_all really_probe driver_probe_device __device_attach_driver bus_for_each_drv __device_attach device_initial_probe bus_probe_device deferred_probe_work_func process_one_work worker_thread kthread ret_from_fork

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26866 was patched at 2024-05-15

ubuntu: CVE-2024-26866 was patched at 2024-06-07, 2024-06-11, 2024-06-14

5032. Memory Corruption - Linux Kernel (CVE-2024-26872) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Do not register event handler until srpt device is fully setup Upon rare occasions, KASAN reports a use-after-free Write in srpt_refresh_port(). This seems to be because an event handler is registered before the srpt device is fully setup and a race condition upon error may leave a partially setup event handler in place. Instead, only register the event handler after srpt device initialization is complete.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26872 was patched at 2024-06-05

debian: CVE-2024-26872 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-26872 was patched at 2024-06-05

redhat: CVE-2024-26872 was patched at 2024-06-05

ubuntu: CVE-2024-26872 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5033. Memory Corruption - Linux Kernel (CVE-2024-26874) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip It's possible that mtk_crtc->event is NULL in mtk_drm_crtc_finish_page_flip(). pending_needs_vblank value is set by mtk_crtc->event, but in mtk_drm_crtc_atomic_flush(), it's is not guarded by the same lock in mtk_drm_finish_page_flip(), thus a race condition happens. Consider the following case: CPU1 CPU2 step 1: mtk_drm_crtc_atomic_begin() mtk_crtc->event is not null, step 1: mtk_drm_crtc_atomic_flush: mtk_drm_crtc_update_config( !!mtk_crtc->event) step 2: mtk_crtc_ddp_irq -> mtk_drm_finish_page_flip: lock mtk_crtc->event set to null, pending_needs_vblank set to false unlock pending_needs_vblank set to true, step 2: mtk_crtc_ddp_irq -> mtk_drm_finish_page_flip called again, pending_needs_vblank is still true //null pointer Instead of guarding the entire mtk_drm_crtc_atomic_flush(), it's more efficient to just check if mtk_crtc->event is null before use.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26874 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26874 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5034. Memory Corruption - Linux Kernel (CVE-2024-26875) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix uaf in pvr2_context_set_notify [Syzbot reported] BUG: KASAN: slab-use-after-free in pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35 Read of size 4 at addr ffff888113aeb0d8 by task kworker/1:1/26 CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.8.0-rc1-syzkaller-00046-gf1a27f081c1f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Workqueue: usb_hub_wq hub_event Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc4/0x620 mm/kasan/report.c:488 kasan_report+0xda/0x110 mm/kasan/report.c:601 pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35 pvr2_context_notify drivers/media/usb/pvrusb2/pvrusb2-context.c:95 [inline] pvr2_context_disconnect+0x94/0xb0 drivers/media/usb/pvrusb2/pvrusb2-context.c:272 Freed by task 906: kasan_save_stack+0x33/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640 poison_slab_object mm/kasan/common.c:241 [inline] __kasan_slab_free+0x106/0x1b0 mm/kasan/common.c:257 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2121 [inline] slab_free mm/slub.c:4299 [inline] kfree+0x105/0x340 mm/slub.c:4409 pvr2_context_check drivers/media/usb/pvrusb2/pvrusb2-context.c:137 [inline] pvr2_context_thread_func+0x69d/0x960 drivers/media/usb/pvrusb2/pvrusb2-context.c:158 [Analyze] Task A set disconnect_flag = !0, which resulted in Task B's condition being met and releasing mp, leading to this issue. [Fix] Place the disconnect_flag assignment operation after all code in pvr2_context_disconnect() to avoid this issue.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26875 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26875 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5035. Memory Corruption - Linux Kernel (CVE-2024-26883) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix stackmap overflow check on 32-bit arches\n\nThe stackmap code relies on roundup_pow_of_two() to compute the number\nof hash buckets, and contains an overflow check by checking if the\nresulting value is 0. However, on 32-bit arches, the roundup code itself\ncan overflow by doing a 32-bit left-shift of an unsigned long value,\nwhich is undefined behaviour, so it is not guaranteed to truncate\nneatly. This was triggered by syzbot on the DEVMAP_HASH type, which\ncontains the same check, copied from the hashtab code.\n\nThe commit in the fixes tag actually attempted to fix this, but the fix\ndid not account for the UB, so the fix only works on CPUs where an\noverflow does result in a neat truncation to zero, which is not\nguaranteed. Checking the value before rounding does not have this\nproblem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26883 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26883 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5036. Memory Corruption - Linux Kernel (CVE-2024-26884) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix hashtab overflow check on 32-bit arches\n\nThe hashtab code relies on roundup_pow_of_two() to compute the number of\nhash buckets, and contains an overflow check by checking if the\nresulting value is 0. However, on 32-bit arches, the roundup code itself\ncan overflow by doing a 32-bit left-shift of an unsigned long value,\nwhich is undefined behaviour, so it is not guaranteed to truncate\nneatly. This was triggered by syzbot on the DEVMAP_HASH type, which\ncontains the same check, copied from the hashtab code. So apply the same\nfix to hashtab, by moving the overflow check to before the roundup.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26884 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26884 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5037. Memory Corruption - Linux Kernel (CVE-2024-26885) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix DEVMAP_HASH overflow check on 32-bit arches\n\nThe devmap code allocates a number hash buckets equal to the next power\nof two of the max_entries value provided when creating the map. When\nrounding up to the next power of two, the 32-bit variable storing the\nnumber of buckets can overflow, and the code checks for overflow by\nchecking if the truncated 32-bit value is equal to 0. However, on 32-bit\narches the rounding up itself can overflow mid-way through, because it\nends up doing a left-shift of 32 bits on an unsigned long value. If the\nsize of an unsigned long is four bytes, this is undefined behaviour, so\nthere is no guarantee that we'll end up with a nice and tidy 0-value at\nthe end.\n\nSyzbot managed to turn this into a crash on arm32 by creating a\nDEVMAP_HASH with max_entries > 0x80000000 and then trying to update it.\nFix this by moving the overflow check to before the rounding up\noperation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26885 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26885 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5038. Memory Corruption - Linux Kernel (CVE-2024-26889) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix possible buffer overflow struct hci_dev_info has a fixed size name[8] field so in the event that hdev->name is bigger than that strcpy would attempt to write past its size, so this fixes this problem by switching to use strscpy.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26889 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26889 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5039. Memory Corruption - Linux Kernel (CVE-2024-26893) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix double free in SMC transport cleanup path\n\nWhen the generic SCMI code tears down a channel, it calls the chan_free\ncallback function, defined by each transport. Since multiple protocols\nmight share the same transport_info member, chan_free() might want to\nclean up the same member multiple times within the given SCMI transport\nimplementation. In this case, it is SMC transport. This will lead to a NULL\npointer dereference at the second time:\n\n | scmi_protocol scmi_dev.1: Enabled polling mode TX channel - prot_id:16\n | arm-scmi firmware:scmi: SCMI Notifications - Core Enabled.\n | arm-scmi firmware:scmi: unable to communicate with SCMI\n | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n | Mem abort info:\n | ESR = 0x0000000096000004\n | EC = 0x25: DABT (current EL), IL = 32 bits\n | SET = 0, FnV = 0\n | EA = 0, S1PTW = 0\n | FSC = 0x04: level 0 translation fault\n | Data abort info:\n | ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n | CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n | GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n | user pgtable: 4k pages, 48-bit VAs, pgdp=0000000881ef8000\n | [0000000000000000] pgd=0000000000000000, p4d=0000000000000000\n | Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n | Modules linked in:\n | CPU: 4 PID: 1 Comm: swapper/0 Not tainted 6.7.0-rc2-00124-g455ef3d016c9-dirty #793\n | Hardware name: FVP Base RevC (DT)\n | pstate: 61400009 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n | pc : smc_chan_free+0x3c/0x6c\n | lr : smc_chan_free+0x3c/0x6c\n | Call trace:\n | smc_chan_free+0x3c/0x6c\n | idr_for_each+0x68/0xf8\n | scmi_cleanup_channels.isra.0+0x2c/0x58\n | scmi_probe+0x434/0x734\n | platform_probe+0x68/0xd8\n | really_probe+0x110/0x27c\n | __driver_probe_device+0x78/0x12c\n | driver_probe_device+0x3c/0x118\n | __driver_attach+0x74/0x128\n | bus_for_each_dev+0x78/0xe0\n | driver_attach+0x24/0x30\n | bus_add_driver+0xe4/0x1e8\n | driver_register+0x60/0x128\n | __platform_driver_register+0x28/0x34\n | scmi_driver_init+0x84/0xc0\n | do_one_initcall+0x78/0x33c\n | kernel_init_freeable+0x2b8/0x51c\n | kernel_init+0x24/0x130\n | ret_from_fork+0x10/0x20\n | Code: f0004701 910a0021 aa1403e5 97b91c70 (b9400280)\n | ---[ end trace 0000000000000000 ]---\n\nSimply check for the struct pointer being NULL before trying to access\nits members, to avoid this situation.\n\nThis was found when a transport doesn't really work (for instance no SMC\nservice), the probe routines then tries to clean up, and triggers a crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26893 was patched at 2024-05-15

ubuntu: CVE-2024-26893 was patched at 2024-06-07, 2024-06-11, 2024-06-14

5040. Memory Corruption - Linux Kernel (CVE-2024-26894) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() After unregistering the CPU idle device, the memory associated with it is not freed, leading to a memory leak: unreferenced object 0xffff896282f6c000 (size 1024): comm "swapper/0", pid 1, jiffies 4294893170 hex dump (first 32 bytes): 00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 8836a742): [<ffffffff993495ed>] kmalloc_trace+0x29d/0x340 [<ffffffff9972f3b3>] acpi_processor_power_init+0xf3/0x1c0 [<ffffffff9972d263>] __acpi_processor_start+0xd3/0xf0 [<ffffffff9972d2bc>] acpi_processor_start+0x2c/0x50 [<ffffffff99805872>] really_probe+0xe2/0x480 [<ffffffff99805c98>] __driver_probe_device+0x78/0x160 [<ffffffff99805daf>] driver_probe_device+0x1f/0x90 [<ffffffff9980601e>] __driver_attach+0xce/0x1c0 [<ffffffff99803170>] bus_for_each_dev+0x70/0xc0 [<ffffffff99804822>] bus_add_driver+0x112/0x210 [<ffffffff99807245>] driver_register+0x55/0x100 [<ffffffff9aee4acb>] acpi_processor_driver_init+0x3b/0xc0 [<ffffffff990012d1>] do_one_initcall+0x41/0x300 [<ffffffff9ae7c4b0>] kernel_init_freeable+0x320/0x470 [<ffffffff99b231f6>] kernel_init+0x16/0x1b0 [<ffffffff99042e6d>] ret_from_fork+0x2d/0x50 Fix this by freeing the CPU idle device after unregistering it.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26894 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26894 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5041. Memory Corruption - Linux Kernel (CVE-2024-26895) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces wilc_netdev_cleanup currently triggers a KASAN warning, which can be observed on interface registration error path, or simply by removing the module/unbinding device from driver: echo spi0.1 > /sys/bus/spi/drivers/wilc1000_spi/unbind ================================================================== BUG: KASAN: slab-use-after-free in wilc_netdev_cleanup+0x508/0x5cc Read of size 4 at addr c54d1ce8 by task sh/86 CPU: 0 PID: 86 Comm: sh Not tainted 6.8.0-rc1+ #117 Hardware name: Atmel SAMA5 unwind_backtrace from show_stack+0x18/0x1c show_stack from dump_stack_lvl+0x34/0x58 dump_stack_lvl from print_report+0x154/0x500 print_report from kasan_report+0xac/0xd8 kasan_report from wilc_netdev_cleanup+0x508/0x5cc wilc_netdev_cleanup from wilc_bus_remove+0xc8/0xec wilc_bus_remove from spi_remove+0x8c/0xac spi_remove from device_release_driver_internal+0x434/0x5f8 device_release_driver_internal from unbind_store+0xbc/0x108 unbind_store from kernfs_fop_write_iter+0x398/0x584 kernfs_fop_write_iter from vfs_write+0x728/0xf88 vfs_write from ksys_write+0x110/0x1e4 ksys_write from ret_fast_syscall+0x0/0x1c [...] Allocated by task 1: kasan_save_track+0x30/0x5c __kasan_kmalloc+0x8c/0x94 __kmalloc_node+0x1cc/0x3e4 kvmalloc_node+0x48/0x180 alloc_netdev_mqs+0x68/0x11dc alloc_etherdev_mqs+0x28/0x34 wilc_netdev_ifc_init+0x34/0x8ec wilc_cfg80211_init+0x690/0x910 wilc_bus_probe+0xe0/0x4a0 spi_probe+0x158/0x1b0 really_probe+0x270/0xdf4 __driver_probe_device+0x1dc/0x580 driver_probe_device+0x60/0x140 __driver_attach+0x228/0x5d4 bus_for_each_dev+0x13c/0x1a8 bus_add_driver+0x2a0/0x608 driver_register+0x24c/0x578 do_one_initcall+0x180/0x310 kernel_init_freeable+0x424/0x484 kernel_init+0x20/0x148 ret_from_fork+0x14/0x28 Freed by task 86: kasan_save_track+0x30/0x5c kasan_save_free_info+0x38/0x58 __kasan_slab_free+0xe4/0x140 kfree+0xb0/0x238 device_release+0xc0/0x2a8 kobject_put+0x1d4/0x46c netdev_run_todo+0x8fc/0x11d0 wilc_netdev_cleanup+0x1e4/0x5cc wilc_bus_remove+0xc8/0xec spi_remove+0x8c/0xac device_release_driver_internal+0x434/0x5f8 unbind_store+0xbc/0x108 kernfs_fop_write_iter+0x398/0x584 vfs_write+0x728/0xf88 ksys_write+0x110/0x1e4 ret_fast_syscall+0x0/0x1c [...] David Mosberger-Tan initial investigation [1] showed that this use-after-free is due to netdevice unregistration during vif list traversal. When unregistering a net device, since the needs_free_netdev has been set to true during registration, the netdevice object is also freed, and as a consequence, the corresponding vif object too, since it is attached to it as private netdevice data. The next occurrence of the loop then tries to access freed vif pointer to the list to move forward in the list. Fix this use-after-free thanks to two mechanisms: - navigate in the list with list_for_each_entry_safe, which allows to safely modify the list as we go through each element. For each element, remove it from the list with list_del_rcu - make sure to wait for RCU grace period end after each vif removal to make sure it is safe to free the corresponding vif too (through unregister_netdev) Since we are in a RCU "modifier" path (not a "reader" path), and because such path is expected not to be concurrent to any other modifier (we are using the vif_mutex lock), we do not need to use RCU list API, that's why we can benefit from list_for_each_entry_safe. [1] https://lore.kernel.org/linux-wireless/ab077dbe58b1ea5de0a3b2ca21f275a07af967d2.camel@egauge.net/

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26895 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26895 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5042. Memory Corruption - Linux Kernel (CVE-2024-26896) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix memory leak when starting AP Kmemleak reported this error: unreferenced object 0xd73d1180 (size 184): comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.245s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 1e 00 01 00 00 00 00 00 ................ backtrace: [<5ca11420>] kmem_cache_alloc+0x20c/0x5ac [<127bdd74>] __alloc_skb+0x144/0x170 [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180 [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx] [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211] [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211] [<47bd8b68>] genl_rcv_msg+0x198/0x378 [<453ef796>] netlink_rcv_skb+0xd0/0x130 [<6b7c977a>] genl_rcv+0x34/0x44 [<66b2d04d>] netlink_unicast+0x1b4/0x258 [<f965b9b6>] netlink_sendmsg+0x1e8/0x428 [<aadb8231>] ____sys_sendmsg+0x1e0/0x274 [<d2b5212d>] ___sys_sendmsg+0x80/0xb4 [<69954f45>] __sys_sendmsg+0x64/0xa8 unreferenced object 0xce087000 (size 1024): comm "wpa_supplicant", pid 1559, jiffies 13006305 (age 964.246s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 10 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 ...@............ backtrace: [<9a993714>] __kmalloc_track_caller+0x230/0x600 [<f83ea192>] kmalloc_reserve.constprop.0+0x30/0x74 [<a2c61343>] __alloc_skb+0xa0/0x170 [<fb8a5e38>] __netdev_alloc_skb+0x50/0x180 [<0f9fa1d5>] __ieee80211_beacon_get+0x290/0x4d4 [mac80211] [<7accd02d>] ieee80211_beacon_get_tim+0x54/0x18c [mac80211] [<41e25cc3>] wfx_start_ap+0xc8/0x234 [wfx] [<93a70356>] ieee80211_start_ap+0x404/0x6b4 [mac80211] [<a4a661cd>] nl80211_start_ap+0x76c/0x9e0 [cfg80211] [<47bd8b68>] genl_rcv_msg+0x198/0x378 [<453ef796>] netlink_rcv_skb+0xd0/0x130 [<6b7c977a>] genl_rcv+0x34/0x44 [<66b2d04d>] netlink_unicast+0x1b4/0x258 [<f965b9b6>] netlink_sendmsg+0x1e8/0x428 [<aadb8231>] ____sys_sendmsg+0x1e0/0x274 [<d2b5212d>] ___sys_sendmsg+0x80/0xb4 However, since the kernel is build optimized, it seems the stack is not accurate. It appears the issue is related to wfx_set_mfp_ap(). The issue is obvious in this function: memory allocated by ieee80211_beacon_get() is never released. Fixing this leak makes kmemleak happy.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26896 was patched at 2024-05-15

ubuntu: CVE-2024-26896 was patched at 2024-06-07, 2024-06-11, 2024-06-14

5043. Memory Corruption - Linux Kernel (CVE-2024-26915) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Reset IH OVERFLOW_CLEAR bit Allows us to detect subsequent IH ring buffer overflows as well.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26915 was patched at 2024-05-15

ubuntu: CVE-2024-26915 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5044. Memory Corruption - Linux Kernel (CVE-2024-26921) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ninet: inet_defrag: prevent sk release while still in use\n\nip_local_out() and other functions can pass skb->sk as function argument.\n\nIf the skb is a fragment and reassembly happens before such function call\nreturns, the sk must not be released.\n\nThis affects skb fragments reassembled via netfilter or similar\nmodules, e.g. openvswitch or ct_act.c, when run as part of tx pipeline.\n\nEric Dumazet made an initial analysis of this bug. Quoting Eric:\n Calling ip_defrag() in output path is also implying skb_orphan(),\n which is buggy because output path relies on sk not disappearing.\n\n A relevant old patch about the issue was :\n 8282f27449bf ("inet: frag: Always orphan skbs inside ip_defrag()")\n\n [..]\n\n net/ipv4/ip_output.c depends on skb->sk being set, and probably to an\n inet socket, not an arbitrary one.\n\n If we orphan the packet in ipvlan, then downstream things like FQ\n packet scheduler will not work properly.\n\n We need to change ip_defrag() to only use skb_orphan() when really\n needed, ie whenever frag_list is going to be used.\n\nEric suggested to stash sk in fragment queue and made an initial patch.\nHowever there is a problem with this:\n\nIf skb is refragmented again right after, ip_do_fragment() will copy\nhead->sk to the new fragments, and sets up destructor to sock_wfree.\nIOW, we have no choice but to fix up sk_wmem accouting to reflect the\nfully reassembled skb, else wmem will underflow.\n\nThis change moves the orphan down into the core, to last possible moment.\nAs ip_defrag_offset is aliased with sk_buff->sk member, we must move the\noffset into the FRAG_CB, else skb->sk gets clobbered.\n\nThis allows to delay the orphaning long enough to learn if the skb has\nto be queued or if the skb is completing the reasm queue.\n\nIn the former case, things work as before, skb is orphaned. This is\nsafe because skb gets queued/stolen and won't continue past reasm engine.\n\nIn the latter case, we will steal the skb->sk reference, reattach it to\nthe head skb, and fix up wmem accouting when inet_frag inflates truesize.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26921 was patched at 2024-05-15

5045. Memory Corruption - Linux Kernel (CVE-2024-26924) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: do not free live element\n\nPablo reports a crash with large batches of elements with a\nback-to-back add/remove pattern. Quoting Pablo:\n\n add_elem("00000000") timeout 100 ms\n ...\n add_elem("0000000X") timeout 100 ms\n del_elem("0000000X") <---------------- delete one that was just added\n ...\n add_elem("00005000") timeout 100 ms\n\n 1) nft_pipapo_remove() removes element 0000000X\n Then, KASAN shows a splat.\n\nLooking at the remove function there is a chance that we will drop a\nrule that maps to a non-deactivated element.\n\nRemoval happens in two steps, first we do a lookup for key k and return the\nto-be-removed element and mark it as inactive in the next generation.\nThen, in a second step, the element gets removed from the set/map.\n\nThe _remove function does not work correctly if we have more than one\nelement that share the same key.\n\nThis can happen if we insert an element into a set when the set already\nholds an element with same key, but the element mapping to the existing\nkey has timed out or is not active in the next generation.\n\nIn such case its possible that removal will unmap the wrong element.\nIf this happens, we will leak the non-deactivated element, it becomes\nunreachable.\n\nThe element that got deactivated (and will be freed later) will\nremain reachable in the set data structure, this can result in\na crash when such an element is retrieved during lookup (stale\npointer).\n\nAdd a check that the fully matching key does in fact map to the element\nthat we have marked as inactive in the deactivation step.\nIf not, we need to continue searching.\n\nAdd a bug/warn trap at the end of the function as well, the remove\nfunction must not ever be called with an invisible/unreachable/non-existent\nelement.\n\nv2: avoid uneeded temporary variable (Stefano)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26924 was patched at 2024-05-06, 2024-05-15

5046. Memory Corruption - Linux Kernel (CVE-2024-26927) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: Add some bounds checking to firmware data\n\nSmatch complains about "head->full_size - head->header_size" can\nunderflow. To some extent, we're always going to have to trust the\nfirmware a bit. However, it's easy enough to add a check for negatives,\nand let's add a upper bounds check as well.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26927 was patched at 2024-05-15

ubuntu: CVE-2024-26927 was patched at 2024-06-07, 2024-06-11, 2024-06-14

5047. Memory Corruption - Linux Kernel (CVE-2024-26928) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential UAF in cifs_debug_files_proc_show()\n\nSkip sessions that are being teared down (status == SES_EXITING) to\navoid UAF.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26928 was patched at 2024-05-15

5048. Memory Corruption - Linux Kernel (CVE-2024-26944) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free in do_zone_finish() Shinichiro reported the following use-after-free triggered by the device replace operation in fstests btrfs/070. BTRFS info (device nullb1): scrub: finished on devid 1 with status: 0 ================================================================== BUG: KASAN: slab-use-after-free in do_zone_finish+0x91a/0xb90 [btrfs] Read of size 8 at addr ffff8881543c8060 by task btrfs-cleaner/3494007 CPU: 0 PID: 3494007 Comm: btrfs-cleaner Tainted: G W 6.8.0-rc5-kts #1 Hardware name: Supermicro Super Server/X11SPi-TF, BIOS 3.3 02/21/2020 Call Trace: <TASK> dump_stack_lvl+0x5b/0x90 print_report+0xcf/0x670 ? __virt_addr_valid+0x200/0x3e0 kasan_report+0xd8/0x110 ? do_zone_finish+0x91a/0xb90 [btrfs] ? do_zone_finish+0x91a/0xb90 [btrfs] do_zone_finish+0x91a/0xb90 [btrfs] btrfs_delete_unused_bgs+0x5e1/0x1750 [btrfs] ? __pfx_btrfs_delete_unused_bgs+0x10/0x10 [btrfs] ? btrfs_put_root+0x2d/0x220 [btrfs] ? btrfs_clean_one_deleted_snapshot+0x299/0x430 [btrfs] cleaner_kthread+0x21e/0x380 [btrfs] ? __pfx_cleaner_kthread+0x10/0x10 [btrfs] kthread+0x2e3/0x3c0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> Allocated by task 3493983: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 __kasan_kmalloc+0xaa/0xb0 btrfs_alloc_device+0xb3/0x4e0 [btrfs] device_list_add.constprop.0+0x993/0x1630 [btrfs] btrfs_scan_one_device+0x219/0x3d0 [btrfs] btrfs_control_ioctl+0x26e/0x310 [btrfs] __x64_sys_ioctl+0x134/0x1b0 do_syscall_64+0x99/0x190 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Freed by task 3494056: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3f/0x60 poison_slab_object+0x102/0x170 __kasan_slab_free+0x32/0x70 kfree+0x11b/0x320 btrfs_rm_dev_replace_free_srcdev+0xca/0x280 [btrfs] btrfs_dev_replace_finishing+0xd7e/0x14f0 [btrfs] btrfs_dev_replace_by_ioctl+0x1286/0x25a0 [btrfs] btrfs_ioctl+0xb27/0x57d0 [btrfs] __x64_sys_ioctl+0x134/0x1b0 do_syscall_64+0x99/0x190 entry_SYSCALL_64_after_hwframe+0x6e/0x76 The buggy address belongs to the object at ffff8881543c8000 which belongs to the cache kmalloc-1k of size 1024 The buggy address is located 96 bytes inside of freed 1024-byte region [ffff8881543c8000, ffff8881543c8400) The buggy address belongs to the physical page: page:00000000fe2c1285 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1543c8 head:00000000fe2c1285 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 flags: 0x17ffffc0000840(slab|head|node=0|zone=2|lastcpupid=0x1fffff) page_type: 0xffffffff() raw: 0017ffffc0000840 ffff888100042dc0 ffffea0019e8f200 dead000000000002 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8881543c7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8881543c7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8881543c8000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8881543c8080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8881543c8100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb This UAF happens because we're accessing stale zone information of a already removed btrfs_device in do_zone_finish(). The sequence of events is as follows: btrfs_dev_replace_start btrfs_scrub_dev btrfs_dev_replace_finishing btrfs_dev_replace_update_device_in_mapping_tree <-- devices replaced btrfs_rm_dev_replace_free_srcdev btrfs_free_device <-- device freed cleaner_kthread btrfs_delete_unused_bgs btrfs_zone_finish do_zone_finish <-- refers the freed device The reason for this is that we're using a ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26944 was patched at 2024-05-15

ubuntu: CVE-2024-26944 was patched at 2024-06-07, 2024-06-11, 2024-06-14

5049. Memory Corruption - Linux Kernel (CVE-2024-26951) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: check for dangling peer via is_dead instead of empty list If all peers are removed via wg_peer_remove_all(), rather than setting peer_list to empty, the peer is added to a temporary list with a head on the stack of wg_peer_remove_all(). If a netlink dump is resumed and the cursored peer is one that has been removed via wg_peer_remove_all(), it will iterate from that peer and then attempt to dump freed peers. Fix this by instead checking peer->is_dead, which was explictly created for this purpose. Also move up the device_update_lock lockdep assertion, since reading is_dead relies on that. It can be reproduced by a small script like: echo "Setting config..." ip link add dev wg0 type wireguard wg setconf wg0 /big-config ( while true; do echo "Showing config..." wg showconf wg0 > /dev/null done ) & sleep 4 wg setconf wg0 <(printf "[Peer]\nPublicKey=$(wg genkey)\n") Resulting in: BUG: KASAN: slab-use-after-free in __lock_acquire+0x182a/0x1b20 Read of size 8 at addr ffff88811956ec70 by task wg/59 CPU: 2 PID: 59 Comm: wg Not tainted 6.8.0-rc2-debug+ #5 Call Trace: <TASK> dump_stack_lvl+0x47/0x70 print_address_description.constprop.0+0x2c/0x380 print_report+0xab/0x250 kasan_report+0xba/0xf0 __lock_acquire+0x182a/0x1b20 lock_acquire+0x191/0x4b0 down_read+0x80/0x440 get_peer+0x140/0xcb0 wg_get_device_dump+0x471/0x1130

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26951 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26951 was patched at 2024-06-07, 2024-06-11, 2024-06-14

5050. Memory Corruption - Linux Kernel (CVE-2024-26954) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() If ->NameOffset of smb2_create_req is smaller than Buffer offset of smb2_create_req, slab-out-of-bounds read can happen from smb2_open. This patch set the minimum value of the name offset to the buffer offset to validate name length of smb2_create_req().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26954 was patched at 2024-05-15

ubuntu: CVE-2024-26954 was patched at 2024-06-07, 2024-06-11, 2024-06-14

5051. Memory Corruption - Linux Kernel (CVE-2024-26958) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28 refcount_warn_saturate+0x9c/0xe0 Workqueue: nfsiod nfs_direct_write_schedule_work [nfs] RIP: 0010:refcount_warn_saturate+0x9c/0xe0 PKRU: 55555554 Call Trace: <TASK> ? __warn+0x9f/0x130 ? refcount_warn_saturate+0x9c/0xe0 ? report_bug+0xcc/0x150 ? handle_bug+0x3d/0x70 ? exc_invalid_op+0x16/0x40 ? asm_exc_invalid_op+0x16/0x20 ? refcount_warn_saturate+0x9c/0xe0 nfs_direct_write_schedule_work+0x237/0x250 [nfs] process_one_work+0x12f/0x4a0 worker_thread+0x14e/0x3b0 ? ZSTD_getCParams_internal+0x220/0x220 kthread+0xdc/0x120 ? __btf_name_valid+0xa0/0xa0 ret_from_fork+0x1f/0x30 This is because we're completing the nfs_direct_request twice in a row. The source of this is when we have our commit requests to submit, we process them and send them off, and then in the completion path for the commit requests we have if (nfs_commit_end(cinfo.mds)) nfs_direct_write_complete(dreq); However since we're submitting asynchronous requests we sometimes have one that completes before we submit the next one, so we end up calling complete on the nfs_direct_request twice. The only other place we use nfs_generic_commit_list() is in __nfs_commit_inode, which wraps this call in a nfs_commit_begin(); nfs_commit_end(); Which is a common pattern for this style of completion handling, one that is also repeated in the direct code with get_dreq()/put_dreq() calls around where we process events as well as in the completion paths. Fix this by using the same pattern for the commit requests. Before with my 200 node rocksdb stress running this warning would pop every 10ish minutes. With my patch the stress test has been running for several hours without popping.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26958 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26958 was patched at 2024-06-07, 2024-06-11, 2024-06-14

5052. Memory Corruption - Linux Kernel (CVE-2024-26961) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: mac802154: fix llsec key resources release in mac802154_llsec_key_del mac802154_llsec_key_del() can free resources of a key directly without following the RCU rules for waiting before the end of a grace period. This may lead to use-after-free in case llsec_lookup_key() is traversing the list of keys in parallel with a key deletion: refcount_t: addition on 0; use-after-free. WARNING: CPU: 4 PID: 16000 at lib/refcount.c:25 refcount_warn_saturate+0x162/0x2a0 Modules linked in: CPU: 4 PID: 16000 Comm: wpan-ping Not tainted 6.7.0 #19 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:refcount_warn_saturate+0x162/0x2a0 Call Trace: <TASK> llsec_lookup_key.isra.0+0x890/0x9e0 mac802154_llsec_encrypt+0x30c/0x9c0 ieee802154_subif_start_xmit+0x24/0x1e0 dev_hard_start_xmit+0x13e/0x690 sch_direct_xmit+0x2ae/0xbc0 __dev_queue_xmit+0x11dd/0x3c20 dgram_sendmsg+0x90b/0xd60 __sys_sendto+0x466/0x4c0 __x64_sys_sendto+0xe0/0x1c0 do_syscall_64+0x45/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Also, ieee802154_llsec_key_entry structures are not freed by mac802154_llsec_key_del(): unreferenced object 0xffff8880613b6980 (size 64): comm "iwpan", pid 2176, jiffies 4294761134 (age 60.475s) hex dump (first 32 bytes): 78 0d 8f 18 80 88 ff ff 22 01 00 00 00 00 ad de x......."....... 00 00 00 00 00 00 00 00 03 00 cd ab 00 00 00 00 ................ backtrace: [<ffffffff81dcfa62>] __kmem_cache_alloc_node+0x1e2/0x2d0 [<ffffffff81c43865>] kmalloc_trace+0x25/0xc0 [<ffffffff88968b09>] mac802154_llsec_key_add+0xac9/0xcf0 [<ffffffff8896e41a>] ieee802154_add_llsec_key+0x5a/0x80 [<ffffffff8892adc6>] nl802154_add_llsec_key+0x426/0x5b0 [<ffffffff86ff293e>] genl_family_rcv_msg_doit+0x1fe/0x2f0 [<ffffffff86ff46d1>] genl_rcv_msg+0x531/0x7d0 [<ffffffff86fee7a9>] netlink_rcv_skb+0x169/0x440 [<ffffffff86ff1d88>] genl_rcv+0x28/0x40 [<ffffffff86fec15c>] netlink_unicast+0x53c/0x820 [<ffffffff86fecd8b>] netlink_sendmsg+0x93b/0xe60 [<ffffffff86b91b35>] ____sys_sendmsg+0xac5/0xca0 [<ffffffff86b9c3dd>] ___sys_sendmsg+0x11d/0x1c0 [<ffffffff86b9c65a>] __sys_sendmsg+0xfa/0x1d0 [<ffffffff88eadbf5>] do_syscall_64+0x45/0xf0 [<ffffffff890000ea>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 Handle the proper resource release in the RCU callback function mac802154_llsec_key_del_rcu(). Note that if llsec_lookup_key() finds a key, it gets a refcount via llsec_key_get() and locally copies key id from key_entry (which is a list element). So it's safe to call llsec_key_put() and free the list entry after the RCU grace period elapses. Found by Linux Verification Center (linuxtesting.org).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26961 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26961 was patched at 2024-06-07, 2024-06-11, 2024-06-14

5053. Memory Corruption - Linux Kernel (CVE-2024-26974) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: crypto: qat - resolve race condition during AER recovery During the PCI AER system's error recovery process, the kernel driver may encounter a race condition with freeing the reset_data structure's memory. If the device restart will take more than 10 seconds the function scheduling that restart will exit due to a timeout, and the reset_data structure will be freed. However, this data structure is used for completion notification after the restart is completed, which leads to a UAF bug. This results in a KFENCE bug notice. BUG: KFENCE: use-after-free read in adf_device_reset_worker+0x38/0xa0 [intel_qat] Use-after-free read at 0x00000000bc56fddf (in kfence-#142): adf_device_reset_worker+0x38/0xa0 [intel_qat] process_one_work+0x173/0x340 To resolve this race condition, the memory associated to the container of the work_struct is freed on the worker if the timeout expired, otherwise on the function that schedules the worker. The timeout detection can be done by checking if the caller is still waiting for completion or not by using completion_done() function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26974 was patched at 2024-05-06, 2024-05-15

5054. Memory Corruption - Linux Kernel (CVE-2024-26978) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: max310x: fix NULL pointer dereference in I2C instantiation\n\nWhen trying to instantiate a max14830 device from userspace:\n\n echo max14830 0x60 > /sys/bus/i2c/devices/i2c-2/new_device\n\nwe get the following error:\n\n Unable to handle kernel NULL pointer dereference at virtual address...\n ...\n Call trace:\n max310x_i2c_probe+0x48/0x170 [max310x]\n i2c_device_probe+0x150/0x2a0\n ...\n\nAdd check for validity of devtype to prevent the error, and abort probe\nwith a meaningful error message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26978 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26978 was patched at 2024-06-07, 2024-06-11, 2024-06-14

5055. Memory Corruption - Linux Kernel (CVE-2024-26980) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf If ->ProtocolId is SMB2_TRANSFORM_PROTO_NUM, smb2 request size validation could be skipped. if request size is smaller than sizeof(struct smb2_query_info_req), slab-out-of-bounds read can happen in smb2_allocate_rsp_buf(). This patch allocate response buffer after decrypting transform request. smb3_decrypt_req() will validate transform request size and avoid slab-out-of-bound in smb2_allocate_rsp_buf().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26980 was patched at 2024-05-06, 2024-05-15

5056. Memory Corruption - Linux Kernel (CVE-2024-26983) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: bootconfig: use memblock_free_late to free xbc memory to buddy On the time to free xbc memory in xbc_exit(), memblock may has handed over memory to buddy allocator. So it doesn't make sense to free memory back to memblock. memblock_free() called by xbc_exit() even causes UAF bugs on architectures with CONFIG_ARCH_KEEP_MEMBLOCK disabled like x86. Following KASAN logs shows this case. This patch fixes the xbc memory free problem by calling memblock_free() in early xbc init error rewind path and calling memblock_free_late() in xbc exit path to free memory to buddy allocator. [ 9.410890] ================================================================== [ 9.418962] BUG: KASAN: use-after-free in memblock_isolate_range+0x12d/0x260 [ 9.426850] Read of size 8 at addr ffff88845dd30000 by task swapper/0/1 [ 9.435901] CPU: 9 PID: 1 Comm: swapper/0 Tainted: G U 6.9.0-rc3-00208-g586b5dfb51b9 #5 [ 9.446403] Hardware name: Intel Corporation RPLP LP5 (CPU:RaptorLake)/RPLP LP5 (ID:13), BIOS IRPPN02.01.01.00.00.19.015.D-00000000 Dec 28 2023 [ 9.460789] Call Trace: [ 9.463518] <TASK> [ 9.465859] dump_stack_lvl+0x53/0x70 [ 9.469949] print_report+0xce/0x610 [ 9.473944] ? __virt_addr_valid+0xf5/0x1b0 [ 9.478619] ? memblock_isolate_range+0x12d/0x260 [ 9.483877] kasan_report+0xc6/0x100 [ 9.487870] ? memblock_isolate_range+0x12d/0x260 [ 9.493125] memblock_isolate_range+0x12d/0x260 [ 9.498187] memblock_phys_free+0xb4/0x160 [ 9.502762] ? __pfx_memblock_phys_free+0x10/0x10 [ 9.508021] ? mutex_unlock+0x7e/0xd0 [ 9.512111] ? __pfx_mutex_unlock+0x10/0x10 [ 9.516786] ? kernel_init_freeable+0x2d4/0x430 [ 9.521850] ? __pfx_kernel_init+0x10/0x10 [ 9.526426] xbc_exit+0x17/0x70 [ 9.529935] kernel_init+0x38/0x1e0 [ 9.533829] ? _raw_spin_unlock_irq+0xd/0x30 [ 9.538601] ret_from_fork+0x2c/0x50 [ 9.542596] ? __pfx_kernel_init+0x10/0x10 [ 9.547170] ret_from_fork_asm+0x1a/0x30 [ 9.551552] </TASK> [ 9.555649] The buggy address belongs to the physical page: [ 9.561875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x45dd30 [ 9.570821] flags: 0x200000000000000(node=0|zone=2) [ 9.576271] page_type: 0xffffffff() [ 9.580167] raw: 0200000000000000 ffffea0011774c48 ffffea0012ba1848 0000000000000000 [ 9.588823] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 9.597476] page dumped because: kasan: bad access detected [ 9.605362] Memory state around the buggy address: [ 9.610714] ffff88845dd2ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.618786] ffff88845dd2ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 9.626857] >ffff88845dd30000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.634930] ^ [ 9.638534] ffff88845dd30080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.646605] ffff88845dd30100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 9.654675] ==================================================================

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26983 was patched at 2024-05-06, 2024-05-15

5057. Memory Corruption - Linux Kernel (CVE-2024-26984) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race condition around ptr stores Running a lot of VK CTS in parallel against nouveau, once every few hours you might see something like this crash. BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 8000000114e6e067 P4D 8000000114e6e067 PUD 109046067 PMD 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 7 PID: 53891 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27 Hardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS PRO WIFI/Z390 I AORUS PRO WIFI-CF, BIOS F8 11/05/2021 RIP: 0010:gp100_vmm_pgt_mem+0xe3/0x180 [nouveau] Code: c7 48 01 c8 49 89 45 58 85 d2 0f 84 95 00 00 00 41 0f b7 46 12 49 8b 7e 08 89 da 42 8d 2c f8 48 8b 47 08 41 83 c7 01 48 89 ee <48> 8b 40 08 ff d0 0f 1f 00 49 8b 7e 08 48 89 d9 48 8d 75 04 48 c1 RSP: 0000:ffffac20c5857838 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 00000000004d8001 RCX: 0000000000000001 RDX: 00000000004d8001 RSI: 00000000000006d8 RDI: ffffa07afe332180 RBP: 00000000000006d8 R08: ffffac20c5857ad0 R09: 0000000000ffff10 R10: 0000000000000001 R11: ffffa07af27e2de0 R12: 000000000000001c R13: ffffac20c5857ad0 R14: ffffa07a96fe9040 R15: 000000000000001c FS: 00007fe395eed7c0(0000) GS:ffffa07e2c980000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 000000011febe001 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ... ? gp100_vmm_pgt_mem+0xe3/0x180 [nouveau] ? gp100_vmm_pgt_mem+0x37/0x180 [nouveau] nvkm_vmm_iter+0x351/0xa20 [nouveau] ? __pfx_nvkm_vmm_ref_ptes+0x10/0x10 [nouveau] ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau] ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau] ? __lock_acquire+0x3ed/0x2170 ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau] nvkm_vmm_ptes_get_map+0xc2/0x100 [nouveau] ? __pfx_nvkm_vmm_ref_ptes+0x10/0x10 [nouveau] ? __pfx_gp100_vmm_pgt_mem+0x10/0x10 [nouveau] nvkm_vmm_map_locked+0x224/0x3a0 [nouveau] Adding any sort of useful debug usually makes it go away, so I hand wrote the function in a line, and debugged the asm. Every so often pt->memory->ptrs is NULL. This ptrs ptr is set in the nv50_instobj_acquire called from nvkm_kmap. If Thread A and Thread B both get to nv50_instobj_acquire around the same time, and Thread A hits the refcount_set line, and in lockstep thread B succeeds at refcount_inc_not_zero, there is a chance the ptrs value won't have been stored since refcount_set is unordered. Force a memory barrier here, I picked smp_mb, since we want it on all CPUs and it's write followed by a read. v2: use paired smp_rmb/smp_wmb.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26984 was patched at 2024-05-06, 2024-05-15

5058. Memory Corruption - Linux Kernel (CVE-2024-26996) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error When ncm function is working and then stop usb0 interface for link down, eth_stop() is called. At this piont, accidentally if usb transport error should happen in usb_ep_enable(), 'in_ep' and/or 'out_ep' may not be enabled. After that, ncm_disable() is called to disable for ncm unbind but gether_disconnect() is never called since 'in_ep' is not enabled. As the result, ncm object is released in ncm unbind but 'dev->port_usb' associated to 'ncm->port' is not NULL. And when ncm bind again to recover netdev, ncm object is reallocated but usb0 interface is already associated to previous released ncm object. Therefore, once usb0 interface is up and eth_start_xmit() is called, released ncm object is dereferrenced and it might cause use-after-free memory. [function unlink via configfs] usb0: eth_stop dev->port_usb=ffffff9b179c3200 --> error happens in usb_ep_enable(). NCM: ncm_disable: ncm=ffffff9b179c3200 --> no gether_disconnect() since ncm->port.in_ep->enabled is false. NCM: ncm_unbind: ncm unbind ncm=ffffff9b179c3200 NCM: ncm_free: ncm free ncm=ffffff9b179c3200 <-- released ncm [function link via configfs] NCM: ncm_alloc: ncm alloc ncm=ffffff9ac4f8a000 NCM: ncm_bind: ncm bind ncm=ffffff9ac4f8a000 NCM: ncm_set_alt: ncm=ffffff9ac4f8a000 alt=0 usb0: eth_open dev->port_usb=ffffff9b179c3200 <-- previous released ncm usb0: eth_start dev->port_usb=ffffff9b179c3200 <-- eth_start_xmit() --> dev->wrap() Unable to handle kernel paging request at virtual address dead00000000014f This patch addresses the issue by checking if 'ncm->netdev' is not NULL at ncm_disable() to call gether_disconnect() to deassociate 'dev->port_usb'. It's more reasonable to check 'ncm->netdev' to call gether_connect/disconnect rather than check 'ncm->port.in_ep->enabled' since it might not be enabled but the gether connection might be established.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26996 was patched at 2024-05-06, 2024-05-15

5059. Memory Corruption - Linux Kernel (CVE-2024-27009) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccw_device_set_online() that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent attempts to set that device online fail with return code ENODEV. The problem occurs when a path verification request arrives after a wait for final device state completed, but before the result state is evaluated. Fix this by ensuring that the CCW-device lock is held between determining final state and checking result state. Note that since: commit 2297791c92d0 ("s390/cio: dont unregister subchannel from child-drivers") path verification requests are much more likely to occur during boot, resulting in an increased chance of this race condition occurring.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27009 was patched at 2024-05-06, 2024-05-15

5060. Memory Corruption - Linux Kernel (CVE-2024-27028) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-mt65xx: Fix NULL pointer access in interrupt handler\n\nThe TX buffer in spi_transfer can be a NULL pointer, so the interrupt\nhandler may end up writing to the invalid memory and cause crashes.\n\nAdd a check to trans->tx_buf before using it.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27028 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-27028 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5061. Memory Corruption - Linux Kernel (CVE-2024-27030) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Use separate handlers for interrupts For PF to AF interrupt vector and VF to AF vector same interrupt handler is registered which is causing race condition. When two interrupts are raised to two CPUs at same time then two cores serve same event corrupting the data.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27030 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-27030 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5062. Memory Corruption - Linux Kernel (CVE-2024-27043) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocation, causing use-after-frees in many places, for example, in the following call chain: budget_register |-> dvb_dmxdev_init |-> dvb_register_device |-> dvb_dmxdev_release |-> dvb_unregister_device |-> dvb_remove_device |-> dvb_device_put |-> kref_put When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in dvb_register_device) could point to memory that had been freed in dvb_register_device. Thereafter, this pointer is transferred to kref_put and triggering a use-after-free.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27043 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-27043 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5063. Memory Corruption - Linux Kernel (CVE-2024-27045) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' Tell snprintf() to store at most 10 bytes in the output buffer instead of 30. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_debugfs.c:1508 dp_dsc_clock_en_read() error: snprintf() is printing too much 30 vs 10

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27045 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-27045 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5064. Memory Corruption - Linux Kernel (CVE-2024-27052) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work The workqueue might still be running, when the driver is stopped. To avoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop().

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-27052 was patched at 2024-06-05

debian: CVE-2024-27052 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-27052 was patched at 2024-06-05

redhat: CVE-2024-27052 was patched at 2024-06-05

ubuntu: CVE-2024-27052 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5065. Memory Corruption - Linux Kernel (CVE-2024-27076) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak Free the memory allocated in v4l2_ctrl_handler_init on release.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27076 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-27076 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5066. Memory Corruption - Linux Kernel (CVE-2024-27079) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix NULL domain on device release\n\nIn the kdump kernel, the IOMMU operates in deferred_attach mode. In this\nmode, info->domain may not yet be assigned by the time the release_device\nfunction is called. It leads to the following crash in the crash kernel:\n\n BUG: kernel NULL pointer dereference, address: 000000000000003c\n ...\n RIP: 0010:do_raw_spin_lock+0xa/0xa0\n ...\n _raw_spin_lock_irqsave+0x1b/0x30\n intel_iommu_release_device+0x96/0x170\n iommu_deinit_device+0x39/0xf0\n __iommu_group_remove_device+0xa0/0xd0\n iommu_bus_notifier+0x55/0xb0\n notifier_call_chain+0x5a/0xd0\n blocking_notifier_call_chain+0x41/0x60\n bus_notify+0x34/0x50\n device_del+0x269/0x3d0\n pci_remove_bus_device+0x77/0x100\n p2sb_bar+0xae/0x1d0\n ...\n i801_probe+0x423/0x740\n\nUse the release_domain mechanism to fix it. The scalable mode context\nentry which is not part of release domain should be cleared in\nrelease_device().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27079 was patched at 2024-05-15

ubuntu: CVE-2024-27079 was patched at 2024-06-07, 2024-06-11, 2024-06-14

5067. Memory Corruption - Linux Kernel (CVE-2024-27393) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Add missing skb_mark_for_recycle Notice that skb_mark_for_recycle() is introduced later than fixes tag in commit 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling"). It is believed that fixes tag were missing a call to page_pool_release_page() between v5.9 to v5.14, after which is should have used skb_mark_for_recycle(). Since v6.6 the call page_pool_release_page() were removed (in commit 535b9c61bdef ("net: page_pool: hide page_pool_release_page()") and remaining callers converted (in commit 6bfef2ec0172 ("Merge branch 'net-page_pool-remove-page_pool_release_page'")). This leak became visible in v6.8 via commit dba1b8a7ab68 ("mm/page_pool: catch page_pool memory leaks").

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27393 was patched at 2024-05-15

5068. Memory Corruption - Linux Kernel (CVE-2024-27395) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: Fix Use-After-Free in ovs_ct_exit\n\nSince kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof ovs_ct_limit_exit, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27395 was patched at 2024-05-15

5069. Memory Corruption - Linux Kernel (CVE-2024-27396) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gtp: Fix Use-After-Free in gtp_dellink\n\nSince call_rcu, which is called in the hlist_for_each_entry_rcu traversal\nof gtp_dellink, is not part of the RCU read critical section, it\nis possible that the RCU grace period will pass during the traversal and\nthe key will be free.\n\nTo prevent this, it should be changed to hlist_for_each_entry_safe.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27396 was patched at 2024-05-15

5070. Memory Corruption - Linux Kernel (CVE-2024-27398) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be scheduled to judge whether the sco disconnection is timeout. The sock will be deallocated later, but it is dereferenced again in sco_sock_timeout. As a result, the use-after-free bugs will happen. The root cause is shown below: Cleanup Thread | Worker Thread sco_sock_release | sco_sock_close | __sco_sock_close | sco_sock_set_timer | schedule_delayed_work | sco_sock_kill | (wait a time) sock_put(sk) //FREE | sco_sock_timeout | sock_hold(sk) //USE The KASAN report triggered by POC is shown below: [ 95.890016] ================================================================== [ 95.890496] BUG: KASAN: slab-use-after-free in sco_sock_timeout+0x5e/0x1c0 [ 95.890755] Write of size 4 at addr ffff88800c388080 by task kworker/0:0/7 ... [ 95.890755] Workqueue: events sco_sock_timeout [ 95.890755] Call Trace: [ 95.890755] <TASK> [ 95.890755] dump_stack_lvl+0x45/0x110 [ 95.890755] print_address_description+0x78/0x390 [ 95.890755] print_report+0x11b/0x250 [ 95.890755] ? __virt_addr_valid+0xbe/0xf0 [ 95.890755] ? sco_sock_timeout+0x5e/0x1c0 [ 95.890755] kasan_report+0x139/0x170 [ 95.890755] ? update_load_avg+0xe5/0x9f0 [ 95.890755] ? sco_sock_timeout+0x5e/0x1c0 [ 95.890755] kasan_check_range+0x2c3/0x2e0 [ 95.890755] sco_sock_timeout+0x5e/0x1c0 [ 95.890755] process_one_work+0x561/0xc50 [ 95.890755] worker_thread+0xab2/0x13c0 [ 95.890755] ? pr_cont_work+0x490/0x490 [ 95.890755] kthread+0x279/0x300 [ 95.890755] ? pr_cont_work+0x490/0x490 [ 95.890755] ? kthread_blkcg+0xa0/0xa0 [ 95.890755] ret_from_fork+0x34/0x60 [ 95.890755] ? kthread_blkcg+0xa0/0xa0 [ 95.890755] ret_from_fork_asm+0x11/0x20 [ 95.890755] </TASK> [ 95.890755] [ 95.890755] Allocated by task 506: [ 95.890755] kasan_save_track+0x3f/0x70 [ 95.890755] __kasan_kmalloc+0x86/0x90 [ 95.890755] __kmalloc+0x17f/0x360 [ 95.890755] sk_prot_alloc+0xe1/0x1a0 [ 95.890755] sk_alloc+0x31/0x4e0 [ 95.890755] bt_sock_alloc+0x2b/0x2a0 [ 95.890755] sco_sock_create+0xad/0x320 [ 95.890755] bt_sock_create+0x145/0x320 [ 95.890755] __sock_create+0x2e1/0x650 [ 95.890755] __sys_socket+0xd0/0x280 [ 95.890755] __x64_sys_socket+0x75/0x80 [ 95.890755] do_syscall_64+0xc4/0x1b0 [ 95.890755] entry_SYSCALL_64_after_hwframe+0x67/0x6f [ 95.890755] [ 95.890755] Freed by task 506: [ 95.890755] kasan_save_track+0x3f/0x70 [ 95.890755] kasan_save_free_info+0x40/0x50 [ 95.890755] poison_slab_object+0x118/0x180 [ 95.890755] __kasan_slab_free+0x12/0x30 [ 95.890755] kfree+0xb2/0x240 [ 95.890755] __sk_destruct+0x317/0x410 [ 95.890755] sco_sock_release+0x232/0x280 [ 95.890755] sock_close+0xb2/0x210 [ 95.890755] __fput+0x37f/0x770 [ 95.890755] task_work_run+0x1ae/0x210 [ 95.890755] get_signal+0xe17/0xf70 [ 95.890755] arch_do_signal_or_restart+0x3f/0x520 [ 95.890755] syscall_exit_to_user_mode+0x55/0x120 [ 95.890755] do_syscall_64+0xd1/0x1b0 [ 95.890755] entry_SYSCALL_64_after_hwframe+0x67/0x6f [ 95.890755] [ 95.890755] The buggy address belongs to the object at ffff88800c388000 [ 95.890755] which belongs to the cache kmalloc-1k of size 1024 [ 95.890755] The buggy address is located 128 bytes inside of [ 95.890755] freed 1024-byte region [ffff88800c388000, ffff88800c388400) [ 95.890755] [ 95.890755] The buggy address belongs to the physical page: [ 95.890755] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88800c38a800 pfn:0xc388 [ 95.890755] head: order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 95.890755] ano ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27398 was patched at 2024-05-15, 2024-06-02

5071. Memory Corruption - Linux Kernel (CVE-2024-27399) - Medium [239]

Description: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() and l2cap_chan_del(). When we use l2cap_chan_del() to delete the channel, the chan->conn will be set to null. But the conn could be dereferenced again in the mutex_lock() of l2cap_chan_timeout(). As a result the null pointer dereference bug will happen. The KASAN report triggered by POC is shown below: [ 472.074580] ================================================================== [ 472.075284] BUG: KASAN: null-ptr-deref in mutex_lock+0x68/0xc0 [ 472.075308] Write of size 8 at addr 0000000000000158 by task kworker/0:0/7 [ 472.075308] [ 472.075308] CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 6.9.0-rc5-00356-g78c0094a146b #36 [ 472.075308] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu4 [ 472.075308] Workqueue: events l2cap_chan_timeout [ 472.075308] Call Trace: [ 472.075308] <TASK> [ 472.075308] dump_stack_lvl+0x137/0x1a0 [ 472.075308] print_report+0x101/0x250 [ 472.075308] ? __virt_addr_valid+0x77/0x160 [ 472.075308] ? mutex_lock+0x68/0xc0 [ 472.075308] kasan_report+0x139/0x170 [ 472.075308] ? mutex_lock+0x68/0xc0 [ 472.075308] kasan_check_range+0x2c3/0x2e0 [ 472.075308] mutex_lock+0x68/0xc0 [ 472.075308] l2cap_chan_timeout+0x181/0x300 [ 472.075308] process_one_work+0x5d2/0xe00 [ 472.075308] worker_thread+0xe1d/0x1660 [ 472.075308] ? pr_cont_work+0x5e0/0x5e0 [ 472.075308] kthread+0x2b7/0x350 [ 472.075308] ? pr_cont_work+0x5e0/0x5e0 [ 472.075308] ? kthread_blkcg+0xd0/0xd0 [ 472.075308] ret_from_fork+0x4d/0x80 [ 472.075308] ? kthread_blkcg+0xd0/0xd0 [ 472.075308] ret_from_fork_asm+0x11/0x20 [ 472.075308] </TASK> [ 472.075308] ================================================================== [ 472.094860] Disabling lock debugging due to kernel taint [ 472.096136] BUG: kernel NULL pointer dereference, address: 0000000000000158 [ 472.096136] #PF: supervisor write access in kernel mode [ 472.096136] #PF: error_code(0x0002) - not-present page [ 472.096136] PGD 0 P4D 0 [ 472.096136] Oops: 0002 [#1] PREEMPT SMP KASAN NOPTI [ 472.096136] CPU: 0 PID: 7 Comm: kworker/0:0 Tainted: G B 6.9.0-rc5-00356-g78c0094a146b #36 [ 472.096136] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu4 [ 472.096136] Workqueue: events l2cap_chan_timeout [ 472.096136] RIP: 0010:mutex_lock+0x88/0xc0 [ 472.096136] Code: be 08 00 00 00 e8 f8 23 1f fd 4c 89 f7 be 08 00 00 00 e8 eb 23 1f fd 42 80 3c 23 00 74 08 48 88 [ 472.096136] RSP: 0018:ffff88800744fc78 EFLAGS: 00000246 [ 472.096136] RAX: 0000000000000000 RBX: 1ffff11000e89f8f RCX: ffffffff8457c865 [ 472.096136] RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffff88800744fc78 [ 472.096136] RBP: 0000000000000158 R08: ffff88800744fc7f R09: 1ffff11000e89f8f [ 472.096136] R10: dffffc0000000000 R11: ffffed1000e89f90 R12: dffffc0000000000 [ 472.096136] R13: 0000000000000158 R14: ffff88800744fc78 R15: ffff888007405a00 [ 472.096136] FS: 0000000000000000(0000) GS:ffff88806d200000(0000) knlGS:0000000000000000 [ 472.096136] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 472.096136] CR2: 0000000000000158 CR3: 000000000da32000 CR4: 00000000000006f0 [ 472.096136] Call Trace: [ 472.096136] <TASK> [ 472.096136] ? __die_body+0x8d/0xe0 [ 472.096136] ? page_fault_oops+0x6b8/0x9a0 [ 472.096136] ? kernelmode_fixup_or_oops+0x20c/0x2a0 [ 472.096136] ? do_user_addr_fault+0x1027/0x1340 [ 472.096136] ? _printk+0x7a/0xa0 [ 472.096136] ? mutex_lock+0x68/0xc0 [ 472.096136] ? add_taint+0x42/0xd0 [ 472.096136] ? exc_page_fault+0x6a/0x1b0 [ 472.096136] ? asm_exc_page_fault+0x26/0x30 [ 472.096136] ? mutex_lock+0x75/0xc0 [ 472.096136] ? mutex_lock+0x88/0xc0 [ 472.096136] ? mutex_lock+0x75/0xc0 [ 472.096136] l2cap_chan_timeo ---truncated---

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27399 was patched at 2024-05-15, 2024-06-02

5072. Memory Corruption - Linux Kernel (CVE-2024-27400) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2\n\nThis reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always move\non same heap. The basic problem here is that after the move the old\nlocation is simply not available any more.\n\nSome fixes were suggested, but essentially we should call the move\nnotification before actually moving things because only this way we have\nthe correct order for DMA-buf and VM move notifications as well.\n\nAlso rework the statistic handling so that we don't update the eviction\ncounter before the move.\n\nv2: add missing NULL check', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27400 was patched at 2024-05-15

5073. Memory Corruption - Linux Kernel (CVE-2024-27401) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: nosy: ensure user_length is taken into account when fetching packet contents\n\nEnsure that packet_buffer_get respects the user_length provided. If\nthe length of the head packet exceeds the user_length, packet_buffer_get\nwill now return 0 to signify to the user that no data were read\nand a larger buffer size is required. Helps prevent user space overflows.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27401 was patched at 2024-05-15, 2024-06-02

5074. Memory Corruption - Windows Encrypting File System (CVE-2024-26939) - Medium [239]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/vma: Fix UAF on destroy against retire race\n\nObject debugging tools were sporadically reporting illegal attempts to\nfree a still active i915 VMA object when parking a GT believed to be idle.\n\n[161.359441] ODEBUG: free active (active state 0) object: ffff88811643b958 object type: i915_active hint: __i915_vma_active+0x0/0x50 [i915]\n[161.360082] WARNING: CPU: 5 PID: 276 at lib/debugobjects.c:514 debug_print_object+0x80/0xb0\n...\n[161.360304] CPU: 5 PID: 276 Comm: kworker/5:2 Not tainted 6.5.0-rc1-CI_DRM_13375-g003f860e5577+ #1\n[161.360314] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022\n[161.360322] Workqueue: i915-unordered __intel_wakeref_put_work [i915]\n[161.360592] RIP: 0010:debug_print_object+0x80/0xb0\n...\n[161.361347] debug_object_free+0xeb/0x110\n[161.361362] i915_active_fini+0x14/0x130 [i915]\n[161.361866] release_references+0xfe/0x1f0 [i915]\n[161.362543] i915_vma_parked+0x1db/0x380 [i915]\n[161.363129] __gt_park+0x121/0x230 [i915]\n[161.363515] ____intel_wakeref_put_last+0x1f/0x70 [i915]\n\nThat has been tracked down to be happening when another thread is\ndeactivating the VMA inside __active_retire() helper, after the VMA's\nactive counter has been already decremented to 0, but before deactivation\nof the VMA's object is reported to the object debugging tool.\n\nWe could prevent from that race by serializing i915_active_fini() with\n__active_retire() via ref->tree_lock, but that wouldn't stop the VMA from\nbeing used, e.g. from __i915_vma_retire() called at the end of\n__active_retire(), after that VMA has been already freed by a concurrent\ni915_vma_destroy() on return from the i915_active_fini(). Then, we should\nrather fix the issue at the VMA level, not in i915_active.\n\nSince __i915_vma_parked() is called from __gt_park() on last put of the\nGT's wakeref, the issue could be addressed by holding the GT wakeref long\nenough for __active_retire() to complete before that wakeref is released\nand the GT parked.\n\nI believe the issue was introduced by commit d93939730347 ("drm/i915:\nRemove the vma refcount") which moved a call to i915_active_fini() from\na dropped i915_vma_release(), called on last put of the removed VMA kref,\nto i915_vma_parked() processing path called on last put of a GT wakeref.\nHowever, its visibility to the object debugging tool was suppressed by a\nbug in i915_active that was fixed two weeks later with commit e92eb246feb9\n("drm/i915/active: Fix missing debug object activation").\n\nA VMA associated with a request doesn't acquire a GT wakeref by itself.\nInstead, it depends on a wakeref held directly by the request's active\nintel_context for a GT associated with its VM, and indirectly on that\nintel_context's engine wakeref if the engine belongs to the same GT as the\nVMA's VM. Those wakerefs are released asynchronously to VMA deactivation.\n\nFix the issue by getting a wakeref for the VMA's GT when activating it,\nand putting that wakeref only after the VMA is deactivated. However,\nexclude global GTT from that processing path, otherwise the GPU never goes\nidle. Since __i915_vma_retire() may be called from atomic contexts, use\nasync variant of wakeref put. Also, to avoid circular locking dependency,\ntake care of acquiring the wakeref before VM mutex when both are needed.\n\nv7: Add inline comments with justifications for:\n - using untracked variants of intel_gt_pm_get/put() (Nirmoy),\n - using async variant of _put(),\n - not getting the wakeref in case of a global GTT,\n - always getting the first wakeref outside vm->mutex.\nv6: Since __i915_vma_active/retire() callbacks are not serialized, storing\n a wakeref tracking handle inside struct i915_vma is not safe, and\n there is no other good place for that. Use untracked variants of\n intel_gt_pm_get/put_async().\nv5: Replace "tile" with "GT" across commit description (Rodrigo),\n - \n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.914Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26939 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26939 was patched at 2024-06-07, 2024-06-11, 2024-06-14

5075. Cross Site Scripting - Unknown Product (CVE-2015-4410) - Medium [238]

Description: {'vulners_cve_data_all': 'The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-4410 was patched at 2024-05-15

5076. Cross Site Scripting - Unknown Product (CVE-2021-41164) - Medium [238]

Description: {'vulners_cve_data_all': 'CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41164 was patched at 2024-05-15

5077. Cross Site Scripting - Unknown Product (CVE-2021-41165) - Medium [238]

Description: {'vulners_cve_data_all': 'CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. The vulnerability allowed to inject malformed comments HTML bypassing content sanitization, which could result in executing JavaScript code. It affects all users using the CKEditor 4 at version < 4.17.0. The problem has been recognized and patched. The fix will be available in version 4.17.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41165 was patched at 2024-05-15

5078. Cross Site Scripting - Unknown Product (CVE-2021-46900) - Medium [238]

Description: {'vulners_cve_data_all': 'Sympa before 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46900 was patched at 2024-05-15

5079. Cross Site Scripting - Unknown Product (CVE-2024-28233) - Medium [238]

Description: {'vulners_cve_data_all': 'JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API and user's single-user server. The affected configurations are single-origin JupyterHub deployments and JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server. This vulnerability is fixed in 4.1.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28233 was patched at 2024-05-15

5080. Remote Code Execution - Unknown Product (CVE-2002-1424) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in munpack in mpack 1.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1424 was patched at 2024-05-15

5081. Remote Code Execution - Unknown Product (CVE-2003-0102) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0102 was patched at 2024-05-15

5082. Remote Code Execution - Unknown Product (CVE-2003-0128) - Medium [238]

Description: {'vulners_cve_data_all': 'The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0128 was patched at 2024-05-15

5083. Remote Code Execution - Unknown Product (CVE-2003-0245) - Medium [238]

Description: {'vulners_cve_data_all': 'Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0245 was patched at 2024-05-15

5084. Remote Code Execution - Unknown Product (CVE-2003-0390) - Medium [238]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0390 was patched at 2024-05-15

5085. Remote Code Execution - Unknown Product (CVE-2003-0771) - Medium [238]

Description: {'vulners_cve_data_all': 'Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0771 was patched at 2024-05-15

5086. Remote Code Execution - Unknown Product (CVE-2003-0853) - Medium [238]

Description: {'vulners_cve_data_all': 'An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0853 was patched at 2024-05-15

5087. Remote Code Execution - Unknown Product (CVE-2003-0932) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in omega-rpg 0.90 allows local users to execute arbitrary code via a long (1) command line or (2) environment variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0932 was patched at 2024-05-15

5088. Remote Code Execution - Unknown Product (CVE-2003-1053) - Medium [238]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in XShisen allow attackers to execute arbitrary code via a long (1) -KCONV command line option or (2) XSHISENLIB environment variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-1053 was patched at 2024-05-15

5089. Remote Code Execution - Unknown Product (CVE-2004-0156) - Medium [238]

Description: {'vulners_cve_data_all': 'Format string vulnerabilities in the (1) die or (2) log_event functions for ssmtp before 2.50.6 allow remote mail relays to cause a denial of service and possibly execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0156 was patched at 2024-05-15

5090. Remote Code Execution - Unknown Product (CVE-2004-0157) - Medium [238]

Description: {'vulners_cve_data_all': 'x11.c in xonix 1.4 and earlier uses the current working directory to find and execute the rmail program, which allows local users to execute arbitrary code by modifying the path to point to a malicious rmail program.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0157 was patched at 2024-05-15

5091. Remote Code Execution - Unknown Product (CVE-2004-0232) - Medium [238]

Description: {'vulners_cve_data_all': 'Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0232 was patched at 2024-05-15

5092. Remote Code Execution - Unknown Product (CVE-2004-0802) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0802 was patched at 2024-05-15

5093. Remote Code Execution - Unknown Product (CVE-2004-1183) - Medium [238]

Description: {'vulners_cve_data_all': 'Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1183 was patched at 2024-05-15

5094. Remote Code Execution - Unknown Product (CVE-2004-1476) - Medium [238]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1476 was patched at 2024-05-15

5095. Remote Code Execution - Unknown Product (CVE-2004-1484) - Medium [238]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the _msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1484 was patched at 2024-05-15

5096. Remote Code Execution - Unknown Product (CVE-2004-1488) - Medium [238]

Description: {'vulners_cve_data_all': 'wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1488 was patched at 2024-05-15

5097. Remote Code Execution - Unknown Product (CVE-2004-1772) - Medium [238]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1772 was patched at 2024-05-15

5098. Remote Code Execution - Unknown Product (CVE-2004-2093) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2093 was patched at 2024-05-15

5099. Remote Code Execution - Unknown Product (CVE-2004-2552) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in XBoard 4.2.7 and earlier might allow local users to execute arbitrary code via a long -icshost command line argument. NOTE: since the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2552 was patched at 2024-05-15

5100. Remote Code Execution - Unknown Product (CVE-2005-0073) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in queue.c in a support script for sympa 3.3.3, when running setuid, allows local users to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0073 was patched at 2024-05-15

5101. Remote Code Execution - Unknown Product (CVE-2005-0087) - Medium [238]

Description: {'vulners_cve_data_all': 'The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier for attackers to execute arbitrary code if there are other vulnerabilities in the library.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0087 was patched at 2024-05-15

5102. Remote Code Execution - Unknown Product (CVE-2005-0117) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in XShisen before 1.36 allows local users to execute arbitrary code via a long GECOS field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0117 was patched at 2024-05-15

5103. Remote Code Execution - Unknown Product (CVE-2005-0160) - Medium [238]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in unace 1.2b allow attackers to execute arbitrary code via (1) 2 overflows in ACE archives, (2) a long command line argument, or (3) certain "Ready for next volume" messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0160 was patched at 2024-05-15

5104. Remote Code Execution - Unknown Product (CVE-2005-0763) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0763 was patched at 2024-05-15

5105. Remote Code Execution - Unknown Product (CVE-2005-0876) - Medium [238]

Description: {'vulners_cve_data_all': 'Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers to execute arbitrary code via the DHCP lease file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0876 was patched at 2024-05-15

5106. Remote Code Execution - Unknown Product (CVE-2005-0926) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0926 was patched at 2024-05-15

5107. Remote Code Execution - Unknown Product (CVE-2005-1194) - Medium [238]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1194 was patched at 2024-05-15

5108. Remote Code Execution - Unknown Product (CVE-2005-1545) - Medium [238]

Description: {'vulners_cve_data_all': 'Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1545 was patched at 2024-05-15

5109. Remote Code Execution - Unknown Product (CVE-2005-1546) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in the PE parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted PE file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1546 was patched at 2024-05-15

5110. Remote Code Execution - Unknown Product (CVE-2005-2040) - Medium [238]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in the getterminaltype function in telnetd for Heimdal before 0.6.5 may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2005-0468 and CVE-2005-0469.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2040 was patched at 2024-05-15

5111. Remote Code Execution - Unknown Product (CVE-2005-2081) - Medium [238]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2081 was patched at 2024-05-15

5112. Remote Code Execution - Unknown Product (CVE-2005-2693) - Medium [238]

Description: {'vulners_cve_data_all': 'cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2693 was patched at 2024-05-15

5113. Remote Code Execution - Unknown Product (CVE-2005-2930) - Medium [238]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the _chm_find_in_PMGL function in chm_lib.c for chmlib before 0.36, as used in products such as KchmViewer, allows user-assisted attackers to execute arbitrary code via a CHM file containing a long element, a different vulnerability than CVE-2005-3318.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2930 was patched at 2024-05-15

5114. Remote Code Execution - Unknown Product (CVE-2005-3191) - Medium [238]

Description: {'vulners_cve_data_all': 'Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3191 was patched at 2024-05-15

5115. Remote Code Execution - Unknown Product (CVE-2005-3193) - Medium [238]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3193 was patched at 2024-05-15

5116. Remote Code Execution - Unknown Product (CVE-2005-3318) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in the _chm_decompress_block function in CHM lib (chmlib) before 0.37, as used in products such as KchmViewer, allows attackers to execute arbitrary code, a different vulnerability than CVE-2005-2930.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3318 was patched at 2024-05-15

5117. Remote Code Execution - Unknown Product (CVE-2005-3354) - Medium [238]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3354 was patched at 2024-05-15

5118. Remote Code Execution - Unknown Product (CVE-2005-3632) - Medium [238]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow attackers to execute arbitrary code via a crafted PNM file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3632 was patched at 2024-05-15

5119. Remote Code Execution - Unknown Product (CVE-2005-3662) - Medium [238]

Description: {'vulners_cve_data_all': 'Off-by-one buffer overflow in pnmtopng before 2.39, when using the -alpha command line option (Alphas_Of_Color), allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM file with exactly 256 colors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3662 was patched at 2024-05-15

5120. Remote Code Execution - Unknown Product (CVE-2005-3737) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3737 was patched at 2024-05-15

5121. Remote Code Execution - Unknown Product (CVE-2006-0051) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the http_peek function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0051 was patched at 2024-05-15

5122. Remote Code Execution - Unknown Product (CVE-2006-0083) - Medium [238]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the logging code of SMS Server Tools (smstools) 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0083 was patched at 2024-05-15

5123. Remote Code Execution - Unknown Product (CVE-2006-0224) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0224 was patched at 2024-05-15

5124. Remote Code Execution - Unknown Product (CVE-2006-1356) - Medium [238]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the count_vcards function in LibVC 3, as used in Rolo, allows user-assisted attackers to execute arbitrary code via a vCard file (e.g. contacts.vcf) containing a long line.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1356 was patched at 2024-05-15

5125. Remote Code Execution - Unknown Product (CVE-2006-1614) - Medium [238]

Description: {'vulners_cve_data_all': 'Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1614 was patched at 2024-05-15

5126. Remote Code Execution - Unknown Product (CVE-2006-1744) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows local users to execute arbitrary code via a long player name that is used in a scanf function call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1744 was patched at 2024-05-15

5127. Remote Code Execution - Unknown Product (CVE-2006-1989) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1989 was patched at 2024-05-15

5128. Remote Code Execution - Unknown Product (CVE-2006-2200) - Medium [238]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2200 was patched at 2024-05-15

5129. Remote Code Execution - Unknown Product (CVE-2006-2480) - Medium [238]

Description: {'vulners_cve_data_all': 'Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms for input that are automatically processed by Dia, such as a crafted .dia file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2480 was patched at 2024-05-15

5130. Remote Code Execution - Unknown Product (CVE-2006-3404) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3404 was patched at 2024-05-15

5131. Remote Code Execution - Unknown Product (CVE-2006-3581) - Medium [238]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in Audacious AdPlug 2.0 and earlier allow remote user-assisted attackers to execute arbitrary code via large (1) DTM and (2) S3M files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3581 was patched at 2024-05-15

5132. Remote Code Execution - Unknown Product (CVE-2006-3582) - Medium [238]

Description: {'vulners_cve_data_all': 'Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and earlier allow remote user-assisted attackers to execute arbitrary code via the size specified in the package header of (1) CFF, (2) MTK, (3) DMO, and (4) U6M files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3582 was patched at 2024-05-15

5133. Remote Code Execution - Unknown Product (CVE-2006-4146) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4146 was patched at 2024-05-15

5134. Remote Code Execution - Unknown Product (CVE-2006-4192) - Medium [238]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary code via (1) long strings in ITP files used by the CSoundFile::ReadITProject function in soundlib/Load_it.cpp and (2) crafted modules used by the CSoundFile::ReadSample function in soundlib/Sndfile.cpp, as demonstrated by crafted AMF files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4192 was patched at 2024-05-15

5135. Remote Code Execution - Unknown Product (CVE-2006-4250) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4250 was patched at 2024-05-15

5136. Remote Code Execution - Unknown Product (CVE-2006-4806) - Medium [238]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4806 was patched at 2024-05-15

5137. Remote Code Execution - Unknown Product (CVE-2006-4809) - Medium [238]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4809 was patched at 2024-05-15

5138. Remote Code Execution - Unknown Product (CVE-2006-4810) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4810 was patched at 2024-05-15

5139. Remote Code Execution - Unknown Product (CVE-2006-5466) - Medium [238]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5466 was patched at 2024-05-15

5140. Remote Code Execution - Unknown Product (CVE-2006-5864) - Medium [238]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5864 was patched at 2024-05-15

5141. Remote Code Execution - Unknown Product (CVE-2007-1544) - Medium [238]

Description: {'vulners_cve_data_all': 'Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1544 was patched at 2024-05-15

5142. Remote Code Execution - Unknown Product (CVE-2007-5940) - Medium [238]

Description: {'vulners_cve_data_all': 'feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the feynmf$$.pl temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5940 was patched at 2024-05-15

5143. Remote Code Execution - Unknown Product (CVE-2007-6531) - Medium [238]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips. NOTE: a second buffer overflow (over-read) in the xfce_mkdirhier function was also reported, but it might not be exploitable for a crash or code execution, so it is not a vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6531 was patched at 2024-05-15

5144. Remote Code Execution - Unknown Product (CVE-2008-1658) - Medium [238]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1658 was patched at 2024-05-15

5145. Remote Code Execution - Unknown Product (CVE-2008-2147) - Medium [238]

Description: {'vulners_cve_data_all': 'Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2147 was patched at 2024-05-15

5146. Remote Code Execution - Unknown Product (CVE-2008-2230) - Medium [238]

Description: {'vulners_cve_data_all': 'Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and (2) reportbug-ng before 0.2008.06.04, allows local users to execute arbitrary code via a malicious module file in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2230 was patched at 2024-05-15

5147. Remote Code Execution - Unknown Product (CVE-2008-3577) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the "-g" parameter in the ttd_main function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3577 was patched at 2024-05-15

5148. Remote Code Execution - Unknown Product (CVE-2009-1755) - Medium [238]

Description: {'vulners_cve_data_all': 'Off-by-one error in the packet_read_query_section function in packet.c in nsd 3.2.1, and process_query_section in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1755 was patched at 2024-05-15

5149. Remote Code Execution - Unknown Product (CVE-2010-2520) - Medium [238]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2520 was patched at 2024-05-15

5150. Remote Code Execution - Unknown Product (CVE-2010-2801) - Medium [238]

Description: {'vulners_cve_data_all': 'Integer signedness error in the Quantum decompressor in cabextract before 1.3, when archive test mode is used, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Quantum archive in a .cab file, related to the libmspack library.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2801 was patched at 2024-05-15

5151. Remote Code Execution - Unknown Product (CVE-2010-4096) - Medium [238]

Description: {'vulners_cve_data_all': 'share/ma/keys_for_user in Monkeysphere 0.31 and 0.32 allows local users to execute arbitrary code via unknown manipulations related to the "monkeysphere-authentication keys-for-user" command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4096 was patched at 2024-05-15

5152. Remote Code Execution - Unknown Product (CVE-2010-4260) - Medium [238]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4260 was patched at 2024-05-15

5153. Remote Code Execution - Unknown Product (CVE-2011-2515) - Medium [238]

Description: {'vulners_cve_data_all': 'PackageKit 0.6.17 allows installation of unsigned RPM packages as though they were signed which may allow installation of non-trusted packages and execution of arbitrary code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2515 was patched at 2024-05-15

5154. Remote Code Execution - Unknown Product (CVE-2011-5129) - Medium [238]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long response string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-5129 was patched at 2024-05-15

5155. Remote Code Execution - Unknown Product (CVE-2012-0065) - Medium [238]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNumber field in a property list.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0065 was patched at 2024-05-15

5156. Remote Code Execution - Unknown Product (CVE-2012-3418) - Medium [238]

Description: {'vulners_cve_data_all': 'libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3418 was patched at 2024-05-15

5157. Remote Code Execution - Unknown Product (CVE-2013-0263) - Medium [238]

Description: {'vulners_cve_data_all': 'Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0263 was patched at 2024-05-15

5158. Remote Code Execution - Unknown Product (CVE-2013-2054) - Medium [238]

Description: {'vulners_cve_data_all': 'Buffer overflow in the atodn function in strongSwan 2.0.0 through 4.3.4, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2053 and CVE-2013-2054.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2054 was patched at 2024-05-15

5159. Remote Code Execution - Unknown Product (CVE-2013-4112) - Medium [238]

Description: {'vulners_cve_data_all': 'The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4112 was patched at 2024-05-15

5160. Remote Code Execution - Unknown Product (CVE-2013-7039) - Medium [238]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7039 was patched at 2024-05-15

5161. Remote Code Execution - Unknown Product (CVE-2013-7386) - Medium [238]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the PROJECT::write_account_file function in client/cs_account.cpp in BOINC, possibly 7.2.33, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the gui_urls item in an account file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7386 was patched at 2024-05-15

5162. Remote Code Execution - Unknown Product (CVE-2019-11388) - Medium [238]

Description: {'vulners_cve_data_all': 'An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators. NOTE: the software maintainer disputes that this is a vulnerability because the issue cannot be exploited via ModSecurity', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11388 was patched at 2024-05-15

5163. Remote Code Execution - Unknown Product (CVE-2021-33966) - Medium [238]

Description: {'vulners_cve_data_all': 'Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33966 was patched at 2024-05-15

5164. Remote Code Execution - Unknown Product (CVE-2023-51580) - Medium [238]

Description: {'vulners_cve_data_all': 'BlueZ Audio Profile AVRCP avrcp_parse_attribute_list Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.\n\nThe specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20852.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51580 was patched at 2024-05-15

5165. Remote Code Execution - Unknown Product (CVE-2023-51589) - Medium [238]

Description: {'vulners_cve_data_all': 'BlueZ Audio Profile AVRCP parse_media_element Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.\n\nThe specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20853.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51589 was patched at 2024-05-15

5166. Remote Code Execution - Unknown Product (CVE-2023-51592) - Medium [238]

Description: {'vulners_cve_data_all': 'BlueZ Audio Profile AVRCP parse_media_folder Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device.\n\nThe specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20854.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51592 was patched at 2024-05-15

5167. Spoofing - TLS (CVE-2020-15260) - Medium [238]

Description: PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is insufficient for secure transport since it lacks remote hostname authentication. Suppose we have created a TLS connection to `sip.foo.com`, which has an IP address `100.1.1.1`. If we want to create a TLS connection to another hostname, say `sip.bar.com`, which has the same IP address, then it will reuse that existing connection, even though `100.1.1.1` does not have certificate to authenticate as `sip.bar.com`. The vulnerability allows for an insecure interaction without user awareness. It affects users who need access to connections to different destinations that translate to the same address, and allows man-in-the-middle attack if attacker can route a connection to another destination such as in the case of DNS spoofing.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common0.514TLS
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15260 was patched at 2024-05-15

5168. Unknown Vulnerability Type - Kerberos (CVE-2012-1012) - Medium [238]

Description: {'vulners_cve_data_all': 'server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1012 was patched at 2024-05-15

5169. Unknown Vulnerability Type - Unknown Product (CVE-2008-3903) - Medium [238]

Description: {'vulners_cve_data_all': 'Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and 1.6.0.x before 1.6.0.8; Asterisk Business Edition A.x.x, B.x.x before B.2.5.8, C.1.x.x before C.1.10.5, and C.2.x.x before C.2.3.3; s800i 1.3.x before 1.3.0.2; and Trixbox PBX 2.6.1, when Digest authentication and authalwaysreject are enabled, generates different responses depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Asterisk认证SIP响应用户名枚举漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3903 was patched at 2024-05-15

5170. Unknown Vulnerability Type - Unknown Product (CVE-2012-5868) - Medium [238]

Description: {'vulners_cve_data_all': 'WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upon an administrator's logout action, which makes it easier for remote attackers to discover valid session identifiers via a brute-force attack, or modify data via a replay attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] WordPress 'wp-login.php'安全绕过漏洞(CVE-2012-5868))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5868 was patched at 2024-05-15

5171. Unknown Vulnerability Type - Unknown Product (CVE-2013-7048) - Medium [238]

Description: {'vulners_cve_data_all': 'OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] OpenStack Compute (Nova) 不安全目录权限漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7048 was patched at 2024-05-15

5172. Unknown Vulnerability Type - Unknown Product (CVE-2014-0027) - Medium [238]

Description: {'vulners_cve_data_all': 'The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Flite 'play_wave_from_socket()'不安全临时文件创建漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0027 was patched at 2024-05-15

5173. Memory Corruption - Perl (CVE-2007-0472) - Medium [236]

Description: Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lines to the sudoers file via a symlink attack on temporary files, which isn't properly handled by the writeFile function in core/smb4kfileio.cpp.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0472 was patched at 2024-05-15

5174. Memory Corruption - Perl (CVE-2014-3251) - Medium [236]

Description: The MCollective aes_security plugin, as used in Puppet Enterprise before 3.3.0 and Mcollective before 2.5.3, does not properly validate new server certificates based on the CA certificate, which allows local users to establish unauthorized Mcollective connections via unspecified vectors related to a race condition.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3251 was patched at 2024-05-15

5175. Elevation of Privilege - Unknown Product (CVE-2011-2910) - Medium [235]

Description: {'vulners_cve_data_all': 'The AX.25 daemon (ax25d) in ax25-tools before 0.0.8-13 does not check the return value of a setuid call. The setuid call is responsible for dropping privileges but if the call fails the daemon would continue to run with root privileges which can allow possible privilege escalation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2910 was patched at 2024-05-15

5176. Elevation of Privilege - Unknown Product (CVE-2018-12183) - Medium [235]

Description: {'vulners_cve_data_all': 'Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12183 was patched at 2024-05-15

5177. Elevation of Privilege - Unknown Product (CVE-2019-11782) - Medium [235]

Description: {'vulners_cve_data_all': 'Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users with access to contact management to modify user accounts, leading to privilege escalation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11782 was patched at 2024-05-15

5178. Elevation of Privilege - Unknown Product (CVE-2019-18932) - Medium [235]

Description: {'vulners_cve_data_all': 'log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-18932 was patched at 2024-05-15

5179. Elevation of Privilege - Unknown Product (CVE-2020-0347) - Medium [235]

Description: {'vulners_cve_data_all': 'In iptables, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136658008', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-0347 was patched at 2024-05-15

5180. Elevation of Privilege - Unknown Product (CVE-2020-24455) - Medium [235]

Description: {'vulners_cve_data_all': 'Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially enable an escalation of privilege via local access. This affects tpm2-tss before 3.0.1 and before 2.4.3.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24455 was patched at 2024-05-15

5181. Elevation of Privilege - Unknown Product (CVE-2020-27066) - Medium [235]

Description: {'vulners_cve_data_all': 'In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168043318', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27066 was patched at 2024-05-15

5182. Elevation of Privilege - Unknown Product (CVE-2021-39656) - Medium [235]

Description: {'vulners_cve_data_all': 'In __configfs_open_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174049066References: Upstream kernel', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39656 was patched at 2024-05-15

5183. Elevation of Privilege - Unknown Product (CVE-2021-39796) - Medium [235]

Description: {'vulners_cve_data_all': 'In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205595291', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39796 was patched at 2024-05-15

5184. Elevation of Privilege - Unknown Product (CVE-2022-20153) - Medium [235]

Description: {'vulners_cve_data_all': 'In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222091980References: Upstream kernel', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-20153 was patched at 2024-05-15

5185. Elevation of Privilege - Unknown Product (CVE-2022-20409) - Medium [235]

Description: {'vulners_cve_data_all': 'In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238177383References: Upstream kernel', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-20409 was patched at 2024-05-15

5186. Elevation of Privilege - Unknown Product (CVE-2022-25328) - Medium [235]

Description: {'vulners_cve_data_all': 'The bash_completion script for fscrypt allows injection of commands via crafted mountpoint paths, allowing privilege escalation under a specific set of circumstances. A local user who has control over mountpoint paths could potentially escalate their privileges if they create a malicious mountpoint path and if the system administrator happens to be using the fscrypt bash completion script to complete mountpoint paths. We recommend upgrading to version 0.3.3 or above', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25328 was patched at 2024-05-15

5187. Elevation of Privilege - Unknown Product (CVE-2023-28144) - Medium [235]

Description: {'vulners_cve_data_all': 'KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-28144 was patched at 2024-05-15

5188. Elevation of Privilege - Unknown Product (CVE-2023-28736) - Medium [235]

Description: {'vulners_cve_data_all': 'Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-28736 was patched at 2024-05-15

5189. Unknown Vulnerability Type - .NET (CVE-2019-10648) - Medium [235]

Description: {'vulners_cve_data_all': 'Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714.NET
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10648 was patched at 2024-05-15

5190. Unknown Vulnerability Type - .NET (CVE-2020-5253) - Medium [235]

Description: {'vulners_cve_data_all': 'NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file (usually .nethackrc) which could be exploited. This bug is patched in NetHack 3.6.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714.NET
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5253 was patched at 2024-05-15

5191. Unknown Vulnerability Type - Apache Traffic Server (CVE-2014-3525) - Medium [235]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, 4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3525 was patched at 2024-05-15

5192. Unknown Vulnerability Type - Apache Traffic Server (CVE-2014-3624) - Medium [235]

Description: {'vulners_cve_data_all': 'Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3624 was patched at 2024-05-15

5193. Unknown Vulnerability Type - BIND (CVE-2012-1166) - Medium [235]

Description: {'vulners_cve_data_all': 'The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1166 was patched at 2024-05-15

5194. Unknown Vulnerability Type - BIND (CVE-2018-1287) - Medium [235]

Description: {'vulners_cve_data_all': 'In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1287 was patched at 2024-05-15

5195. Unknown Vulnerability Type - BIND (CVE-2021-29462) - Medium [235]

Description: {'vulners_cve_data_all': 'The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This can be mitigated by using DNS revolvers which block DNS-rebinding attacks. The vulnerability is fixed in version 1.14.6 and later.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29462 was patched at 2024-05-15

5196. Unknown Vulnerability Type - FFmpeg (CVE-2008-4867) - Medium [235]

Description: {'vulners_cve_data_all': 'Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4867 was patched at 2024-05-15

5197. Unknown Vulnerability Type - FFmpeg (CVE-2008-4868) - Medium [235]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4868 was patched at 2024-05-15

5198. Unknown Vulnerability Type - FFmpeg (CVE-2012-2771) - Medium [235]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2771 was patched at 2024-05-15

5199. Unknown Vulnerability Type - FFmpeg (CVE-2012-2772) - Medium [235]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the ff_rv34_decode_frame function in libavcodec/rv34.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing with frame threading."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2772 was patched at 2024-05-15

5200. Unknown Vulnerability Type - FFmpeg (CVE-2012-2773) - Medium [235]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2773 was patched at 2024-05-15

5201. Unknown Vulnerability Type - FFmpeg (CVE-2012-2775) - Medium [235]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the read_var_block_data function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large order and an "out of array write in quant_cof."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2775 was patched at 2024-05-15

5202. Unknown Vulnerability Type - FFmpeg (CVE-2012-2776) - Medium [235]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the decode_cell_data function in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to an "out of picture write."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2776 was patched at 2024-05-15

5203. Unknown Vulnerability Type - FFmpeg (CVE-2012-2777) - Medium [235]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2784.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2777 was patched at 2024-05-15

5204. Unknown Vulnerability Type - FFmpeg (CVE-2012-2778) - Medium [235]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2778 was patched at 2024-05-15

5205. Unknown Vulnerability Type - FFmpeg (CVE-2012-2779) - Medium [235]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the decode_frame function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an invalid "gop header" and decoding in a "half initialized context."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2779 was patched at 2024-05-15

5206. Unknown Vulnerability Type - FFmpeg (CVE-2012-2780) - Medium [235]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2780 was patched at 2024-05-15

5207. Unknown Vulnerability Type - FFmpeg (CVE-2012-2781) - Medium [235]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2781 was patched at 2024-05-15

5208. Unknown Vulnerability Type - FFmpeg (CVE-2012-2783) - Medium [235]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to "freeing the returned frame."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2783 was patched at 2024-05-15

5209. Unknown Vulnerability Type - FFmpeg (CVE-2012-2784) - Medium [235]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to "width/height changing in CAVS," a different vulnerability than CVE-2012-2777.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2784 was patched at 2024-05-15

5210. Unknown Vulnerability Type - FFmpeg (CVE-2012-2788) - Medium [235]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the avi_read_packet function in libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an "out of array read" when a "packet is shrunk."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2788 was patched at 2024-05-15

5211. Unknown Vulnerability Type - FFmpeg (CVE-2012-2797) - Medium [235]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the decode_frame_mp3on4 function in libavcodec/mpegaudiodec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors related to a calculation that prevents a frame from being "large enough."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2797 was patched at 2024-05-15

5212. Unknown Vulnerability Type - FFmpeg (CVE-2012-2801) - Medium [235]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and "out of array writes."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2801 was patched at 2024-05-15

5213. Unknown Vulnerability Type - FFmpeg (CVE-2012-2803) - Medium [235]

Description: {'vulners_cve_data_all': 'Double free vulnerability in the mpeg_decode_frame function in libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors, related to resetting the data size value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2803 was patched at 2024-05-15

5214. Unknown Vulnerability Type - FFmpeg (CVE-2012-2804) - Medium [235]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors, related to "reallocation code" and the luma height and width.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2804 was patched at 2024-05-15

5215. Unknown Vulnerability Type - FFmpeg (CVE-2013-0873) - Medium [235]

Description: {'vulners_cve_data_all': 'The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to "freeing invalid addresses."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0873 was patched at 2024-05-15

5216. Unknown Vulnerability Type - MediaWiki (CVE-2015-8626) - Medium [235]

Description: {'vulners_cve_data_all': 'The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8626 was patched at 2024-05-15

5217. Authentication Bypass - Unknown Product (CVE-2011-1409) - Medium [234]

Description: {'vulners_cve_data_all': 'Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1409 was patched at 2024-05-15

5218. Authentication Bypass - Unknown Product (CVE-2012-2132) - Medium [234]

Description: {'vulners_cve_data_all': 'libsoup 2.32.2 and earlier does not validate certificates or clear the trust flag when the ssl-ca-file does not exist, which allows remote attackers to bypass authentication by connecting with a SSL connection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2132 was patched at 2024-05-15

5219. Authentication Bypass - Unknown Product (CVE-2020-29582) - Medium [234]

Description: {'vulners_cve_data_all': 'In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to read data from such files and list directories due to insecure permissions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-29582 was patched at 2024-05-15

5220. Unknown Vulnerability Type - GitLab (CVE-2021-39880) - Medium [233]

Description: {'vulners_cve_data_all': 'A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted requests to the apollo_upload_server middleware.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914GitLab is a DevOps software package that combines the ability to develop, secure, and operate software in a single application
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39880 was patched at 2024-05-15

5221. Unknown Vulnerability Type - HTTP/2 (CVE-2023-41337) - Medium [233]

Description: {'vulners_cve_data_all': 'h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the opportunity to observe or inject packets exchanged between the client and h2o may misdirect HTTPS requests going to other backends and observe the contents of that HTTPS request being sent.\n\nThe attack involves a victim client trying to resume a TLS connection and an attacker redirecting the packets to a different address or port than that intended by the client. The attacker must already have been configured by the administrator of h2o to act as a backend to one of the addresses or ports that the h2o instance listens to. Session IDs and tickets generated by h2o are not bound to information specific to the server address, port, or the X.509 certificate, and therefore it is possible for an attacker to force the victim connection to wrongfully resume against a different server address or port on which the same h2o instance is listening.\n\nOnce a TLS session is misdirected to resume to a server address / port that is configured to use an attacker-controlled server as the backend, depending on the configuration, HTTPS requests from the victim client may be forwarded to the attacker's server.\n\nAn H2O instance is vulnerable to this attack only if the instance is configured to listen to different addresses or ports using the listen directive at the host level and the instance is configured to connect to backend servers managed by multiple entities.\n\nA patch is available at commit 35760540337a47e5150da0f4a66a609fad2ef0ab. As a workaround, one may stop using using host-level listen directives in favor of global-level ones.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-41337 was patched at 2024-05-15

5222. Unknown Vulnerability Type - Linux Kernel (CVE-2020-29370) - Medium [233]

Description: {'vulners_cve_data_all': 'An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-29370 was patched at 2024-05-15

5223. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46953) - Medium [233]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure\n\nWhen failing the driver probe because of invalid firmware properties,\nthe GTDT driver unmaps the interrupt that it mapped earlier.\n\nHowever, it never checks whether the mapping of the interrupt actially\nsucceeded. Even more, should the firmware report an illegal interrupt\nnumber that overlaps with the GIC SGI range, this can result in an\nIPI being unmapped, and subsequent fireworks (as reported by Dann\nFrazier).\n\nRework the driver to have a slightly saner behaviour and actually\ncheck whether the interrupt has been mapped before unmapping things.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46953 was patched at 2024-05-15

5224. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48689) - Medium [233]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: TX zerocopy should not sense pfmemalloc status\n\nWe got a recent syzbot report [1] showing a possible misuse\nof pfmemalloc page status in TCP zerocopy paths.\n\nIndeed, for pages coming from user space or other layers,\nusing page_is_pfmemalloc() is moot, and possibly could give\nfalse positives.\n\nThere has been attempts to make page_is_pfmemalloc() more robust,\nbut not using it in the first place in this context is probably better,\nremoving cpu cycles.\n\nNote to stable teams :\n\nYou need to backport 84ce071e38a6 ("net: introduce\n__skb_fill_page_desc_noacc") as a prereq.\n\nRace is more probable after commit c07aea3ef4d4\n("mm: add a signature in struct page") because page_is_pfmemalloc()\nis now using low order bit from page->lru.next, which can change\nmore often than page->index.\n\nLow order bit should never be set for lru.next (when used as an anchor\nin LRU list), so KCSAN report is mostly a false positive.\n\nBackporting to older kernel versions seems not necessary.\n\n[1]\nBUG: KCSAN: data-race in lru_add_fn / tcp_build_frag\n\nwrite to 0xffffea0004a1d2c8 of 8 bytes by task 18600 on cpu 0:\n__list_add include/linux/list.h:73 [inline]\nlist_add include/linux/list.h:88 [inline]\nlruvec_add_folio include/linux/mm_inline.h:105 [inline]\nlru_add_fn+0x440/0x520 mm/swap.c:228\nfolio_batch_move_lru+0x1e1/0x2a0 mm/swap.c:246\nfolio_batch_add_and_move mm/swap.c:263 [inline]\nfolio_add_lru+0xf1/0x140 mm/swap.c:490\nfilemap_add_folio+0xf8/0x150 mm/filemap.c:948\n__filemap_get_folio+0x510/0x6d0 mm/filemap.c:1981\npagecache_get_page+0x26/0x190 mm/folio-compat.c:104\ngrab_cache_page_write_begin+0x2a/0x30 mm/folio-compat.c:116\next4_da_write_begin+0x2dd/0x5f0 fs/ext4/inode.c:2988\ngeneric_perform_write+0x1d4/0x3f0 mm/filemap.c:3738\next4_buffered_write_iter+0x235/0x3e0 fs/ext4/file.c:270\next4_file_write_iter+0x2e3/0x1210\ncall_write_iter include/linux/fs.h:2187 [inline]\nnew_sync_write fs/read_write.c:491 [inline]\nvfs_write+0x468/0x760 fs/read_write.c:578\nksys_write+0xe8/0x1a0 fs/read_write.c:631\n__do_sys_write fs/read_write.c:643 [inline]\n__se_sys_write fs/read_write.c:640 [inline]\n__x64_sys_write+0x3e/0x50 fs/read_write.c:640\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nread to 0xffffea0004a1d2c8 of 8 bytes by task 18611 on cpu 1:\npage_is_pfmemalloc include/linux/mm.h:1740 [inline]\n__skb_fill_page_desc include/linux/skbuff.h:2422 [inline]\nskb_fill_page_desc include/linux/skbuff.h:2443 [inline]\ntcp_build_frag+0x613/0xb20 net/ipv4/tcp.c:1018\ndo_tcp_sendpages+0x3e8/0xaf0 net/ipv4/tcp.c:1075\ntcp_sendpage_locked net/ipv4/tcp.c:1140 [inline]\ntcp_sendpage+0x89/0xb0 net/ipv4/tcp.c:1150\ninet_sendpage+0x7f/0xc0 net/ipv4/af_inet.c:833\nkernel_sendpage+0x184/0x300 net/socket.c:3561\nsock_sendpage+0x5a/0x70 net/socket.c:1054\npipe_to_sendpage+0x128/0x160 fs/splice.c:361\nsplice_from_pipe_feed fs/splice.c:415 [inline]\n__splice_from_pipe+0x222/0x4d0 fs/splice.c:559\nsplice_from_pipe fs/splice.c:594 [inline]\ngeneric_splice_sendpage+0x89/0xc0 fs/splice.c:743\ndo_splice_from fs/splice.c:764 [inline]\ndirect_splice_actor+0x80/0xa0 fs/splice.c:931\nsplice_direct_to_actor+0x305/0x620 fs/splice.c:886\ndo_splice_direct+0xfb/0x180 fs/splice.c:974\ndo_sendfile+0x3bf/0x910 fs/read_write.c:1249\n__do_sys_sendfile64 fs/read_write.c:1317 [inline]\n__se_sys_sendfile64 fs/read_write.c:1303 [inline]\n__x64_sys_sendfile64+0x10c/0x150 fs/read_write.c:1303\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x2b/0x70 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nvalue changed: 0x0000000000000000 -> 0xffffea0004a1d288\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 18611 Comm: syz-executor.4 Not tainted 6.0.0-rc2-syzkaller-00248-ge022620b5d05-dirty #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48689 was patched at 2024-05-15

5225. Unknown Vulnerability Type - Sudo (CVE-2004-1051) - Medium [233]

Description: {'vulners_cve_data_all': 'sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1051 was patched at 2024-05-15

5226. Unknown Vulnerability Type - Sudo (CVE-2015-8239) - Medium [233]

Description: {'vulners_cve_data_all': 'The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8239 was patched at 2024-05-15

5227. Unknown Vulnerability Type - Windows Kernel (CVE-2018-17780) - Medium [233]

Description: {'vulners_cve_data_all': 'Telegram Desktop (aka tdesktop) 1.3.14, and Telegram 3.3.0.0 WP8.1 on Windows, leaks end-user public and private IP addresses during a call because of an unsafe default behavior in which P2P connections are accepted from clients outside of the My Contacts list.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17780 was patched at 2024-05-15

5228. Unknown Vulnerability Type - Windows LDAP (CVE-2006-7191) - Medium [233]

Description: {'vulners_cve_data_all': 'Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-7191 was patched at 2024-05-15

5229. Denial of Service - Unknown Product (CVE-2007-6263) - Medium [232]

Description: {'vulners_cve_data_all': 'The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via some types of FTP over SSL protocol behavior, as demonstrated by breaking a passive FTP DATA connection in a way that triggers an error in the server's SSL_accept function. NOTE: the netkit ftp issue is covered by CVE-2007-5769.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6263 was patched at 2024-05-15

5230. Denial of Service - Unknown Product (CVE-2016-6171) - Medium [232]

Description: {'vulners_cve_data_all': 'Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6171 was patched at 2024-05-15

5231. Denial of Service - Unknown Product (CVE-2017-17051) - Medium [232]

Description: {'vulners_cve_data_all': 'An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17051 was patched at 2024-05-15

5232. Denial of Service - Unknown Product (CVE-2017-8787) - Medium [232]

Description: {'vulners_cve_data_all': 'The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in base/PdfXRefStreamParserObject.cpp:224 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other impact via a crafted PDF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8787 was patched at 2024-05-15

5233. Denial of Service - Unknown Product (CVE-2018-10112) - Medium [232]

Description: {'vulners_cve_data_all': 'An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10112 was patched at 2024-05-15

5234. Denial of Service - Unknown Product (CVE-2018-10114) - Medium [232]

Description: {'vulners_cve_data_all': 'An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10114 was patched at 2024-05-15

5235. Denial of Service - Unknown Product (CVE-2018-11489) - Medium [232]

Description: {'vulners_cve_data_all': 'The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11489 was patched at 2024-05-15

5236. Denial of Service - Unknown Product (CVE-2018-11516) - Medium [232]

Description: {'vulners_cve_data_all': 'The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11516 was patched at 2024-05-15

5237. Denial of Service - Unknown Product (CVE-2018-11694) - Medium [232]

Description: {'vulners_cve_data_all': 'An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11694 was patched at 2024-05-15

5238. Denial of Service - Unknown Product (CVE-2018-14473) - Medium [232]

Description: {'vulners_cve_data_all': 'OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14473 was patched at 2024-05-15

5239. Denial of Service - Unknown Product (CVE-2018-16376) - Medium [232]

Description: {'vulners_cve_data_all': 'An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16376 was patched at 2024-05-15

5240. Denial of Service - Unknown Product (CVE-2018-17795) - Medium [232]

Description: {'vulners_cve_data_all': 'The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, a similar issue to CVE-2017-9935.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17795 was patched at 2024-05-15

5241. Denial of Service - Unknown Product (CVE-2018-19532) - Medium [232]

Description: {'vulners_cve_data_all': 'A NULL pointer dereference vulnerability exists in the function PdfTranslator::setTarget() in pdftranslator.cpp of PoDoFo 0.9.6, while creating the PdfXObject, as demonstrated by podofoimpose. It allows an attacker to cause Denial of Service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19532 was patched at 2024-05-15

5242. Denial of Service - Unknown Product (CVE-2018-19655) - Medium [232]

Description: {'vulners_cve_data_all': 'A stack-based buffer overflow in the find_green() function of dcraw through 9.28, as used in ufraw-batch and many other products, may allow a remote attacker to cause a control-flow hijack, denial-of-service, or unspecified other impact via a maliciously crafted raw photo file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19655 was patched at 2024-05-15

5243. Denial of Service - Unknown Product (CVE-2018-20452) - Medium [232]

Description: {'vulners_cve_data_all': 'The read_MSAT_body function in ole.c in libxls 1.4.0 has an invalid free that allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, because of inconsistent memory management (new versus free) in ole2_read_header in ole.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20452 was patched at 2024-05-15

5244. Denial of Service - Unknown Product (CVE-2019-13465) - Medium [232]

Description: {'vulners_cve_data_all': 'An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. ROS_ASSERT_MSG only works when ROS_ASSERT_ENABLED is defined. This leads to a problem in the remove() function in clients/roscpp/src/libros/spinner.cpp. When ROS_ASSERT_ENABLED is not defined, the iterator loop will run out of the scope of the array, and cause denial of service for other components (that depend on the communication-related functions of this package). NOTE: The reporter of this issue now believes it was a false alarm.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-13465 was patched at 2024-05-15

5245. Denial of Service - Unknown Product (CVE-2019-9144) - Medium [232]

Description: {'vulners_cve_data_all': 'An issue was discovered in Exiv2 0.27. There is infinite recursion at BigTiffImage::printIFD in the file bigtiffimage.cpp. This can be triggered by a crafted file. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9144 was patched at 2024-05-15

5246. Denial of Service - Unknown Product (CVE-2019-9199) - Medium [232]

Description: {'vulners_cve_data_all': 'PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9199 was patched at 2024-05-15

5247. Denial of Service - Unknown Product (CVE-2019-9543) - Medium [232]

Description: {'vulners_cve_data_all': 'An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9543 was patched at 2024-05-15

5248. Denial of Service - Unknown Product (CVE-2019-9545) - Medium [232]

Description: {'vulners_cve_data_all': 'An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9545 was patched at 2024-05-15

5249. Denial of Service - Unknown Product (CVE-2020-29040) - Medium [232]

Description: {'vulners_cve_data_all': 'An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-29040 was patched at 2024-05-15

5250. Denial of Service - Unknown Product (CVE-2021-40633) - Medium [232]

Description: {'vulners_cve_data_all': 'A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40633 was patched at 2024-05-15

ubuntu: CVE-2021-40633 was patched at 2024-06-10

5251. Memory Corruption - TLS (CVE-2018-19608) - Medium [232]

Description: {'vulners_cve_data_all': 'Arm Mbed TLS before 2.14.1, before 2.7.8, and before 2.1.17 allows a local unprivileged attacker to recover the plaintext of RSA decryption, which is used in RSA-without-(EC)DH(E) cipher suites.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514TLS
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19608 was patched at 2024-05-15

5252. Path Traversal - Unknown Product (CVE-2017-8805) - Medium [232]

Description: {'vulners_cve_data_all': 'Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8805 was patched at 2024-05-15

5253. Path Traversal - Unknown Product (CVE-2018-12559) - Medium [232]

Description: {'vulners_cve_data_all': 'An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequences such as a home/../usr substring.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12559 was patched at 2024-05-15

5254. Path Traversal - Unknown Product (CVE-2018-7442) - Medium [232]

Description: {'vulners_cve_data_all': 'An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7442 was patched at 2024-05-15

5255. Security Feature Bypass - Unknown Product (CVE-2019-0147) - Medium [232]

Description: {'vulners_cve_data_all': 'Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-0147 was patched at 2024-05-15

5256. Security Feature Bypass - Unknown Product (CVE-2019-0149) - Medium [232]

Description: {'vulners_cve_data_all': 'Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-0149 was patched at 2024-05-15

5257. Security Feature Bypass - Unknown Product (CVE-2019-12400) - Medium [232]

Description: {'vulners_cve_data_all': 'In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12400 was patched at 2024-05-15

5258. Security Feature Bypass - Unknown Product (CVE-2022-46768) - Medium [232]

Description: {'vulners_cve_data_all': 'Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-46768 was patched at 2024-05-15

5259. Security Feature Bypass - Unknown Product (CVE-2023-22655) - Medium [232]

Description: {'vulners_cve_data_all': 'Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22655 was patched at 2024-05-15

ubuntu: CVE-2023-22655 was patched at 2024-05-29

5260. Security Feature Bypass - Unknown Product (CVE-2023-25951) - Medium [232]

Description: {'vulners_cve_data_all': 'Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow a privileged user to potentially enable escalation of privilege via local access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-25951 was patched at 2024-05-15

5261. Security Feature Bypass - Unknown Product (CVE-2024-29040) - Medium [232]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to BDU data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29040 was patched at 2024-05-15

redos: CVE-2024-29040 was patched at 2024-06-11

ubuntu: CVE-2024-29040 was patched at 2024-05-29

5262. Arbitrary File Reading - Unknown Product (CVE-2006-3695) - Medium [231]

Description: {'vulners_cve_data_all': 'Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3695 was patched at 2024-05-15

5263. Information Disclosure - Unknown Product (CVE-2009-3611) - Medium [231]

Description: {'vulners_cve_data_all': 'common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3611 was patched at 2024-05-15

5264. Information Disclosure - Unknown Product (CVE-2014-3250) - Medium [231]

Description: {'vulners_cve_data_all': 'The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3250 was patched at 2024-05-15

5265. Information Disclosure - Unknown Product (CVE-2015-1029) - Medium [231]

Description: {'vulners_cve_data_all': 'The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1029 was patched at 2024-05-15

5266. Information Disclosure - Unknown Product (CVE-2015-7514) - Medium [231]

Description: {'vulners_cve_data_all': 'OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7514 was patched at 2024-05-15

5267. Information Disclosure - Unknown Product (CVE-2016-11086) - Medium [231]

Description: {'vulners_cve_data_all': 'lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-11086 was patched at 2024-05-15

5268. Information Disclosure - Unknown Product (CVE-2016-6345) - Medium [231]

Description: {'vulners_cve_data_all': 'RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6345 was patched at 2024-05-15

5269. Information Disclosure - Unknown Product (CVE-2017-16899) - Medium [231]

Description: {'vulners_cve_data_all': 'An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16899 was patched at 2024-05-15

5270. Information Disclosure - Unknown Product (CVE-2017-9465) - Medium [231]

Description: {'vulners_cve_data_all': 'The yr_arena_write_data function in YARA 3.6.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) or obtain sensitive information from process memory via a crafted file that is mishandled in the yr_re_fast_exec function in libyara/re.c and the _yr_scan_match_callback function in libyara/scan.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9465 was patched at 2024-05-15

5271. Information Disclosure - Unknown Product (CVE-2018-19960) - Medium [231]

Description: {'vulners_cve_data_all': 'The debug_mode function in web/web.py in OnionShare through 1.3.1, when --debug is enabled, uses the /tmp/onionshare_server.log pathname for logging, which might allow local users to overwrite files or obtain sensitive information by using this pathname.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19960 was patched at 2024-05-15

5272. Information Disclosure - Unknown Product (CVE-2019-5152) - Medium [231]

Description: {'vulners_cve_data_all': 'An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An attacker can send arbitrary packets to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5152 was patched at 2024-05-15

5273. Information Disclosure - Unknown Product (CVE-2020-28590) - Medium [231]

Description: {'vulners_cve_data_all': 'An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted obj file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28590 was patched at 2024-05-15

5274. Information Disclosure - Unknown Product (CVE-2020-28591) - Medium [231]

Description: {'vulners_cve_data_all': 'An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted AMF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28591 was patched at 2024-05-15

5275. Information Disclosure - Unknown Product (CVE-2020-35681) - Medium [231]

Description: {'vulners_cve_data_all': 'Django Channels 3.x before 3.0.3 allows remote attackers to obtain sensitive information from a different request scope. The legacy channels.http.AsgiHandler class, used for handling HTTP type requests in an ASGI environment prior to Django 3.0, did not correctly separate request scopes in Channels 3.0. In many cases this would result in a crash but, with correct timing, responses could be sent to the wrong client, resulting in potential leakage of session identifiers and other sensitive data. Note that this affects only the legacy Channels provided class, and not Django's similar ASGIHandler, available from Django 3.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35681 was patched at 2024-05-15

5276. Information Disclosure - Unknown Product (CVE-2022-23318) - Medium [231]

Description: {'vulners_cve_data_all': 'A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attacker to trigger unsafe memory access via a specially crafted PCF font file. This out-of-bound read may lead to an application crash, information disclosure via program memory or other context-dependent impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-23318 was patched at 2024-05-15

5277. Information Disclosure - Unknown Product (CVE-2022-34673) - Medium [231]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-34673 was patched at 2024-05-15

5278. Information Disclosure - Unknown Product (CVE-2022-34684) - Medium [231]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one error may lead to data tampering or information disclosure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-34684 was patched at 2024-05-15

5279. Information Disclosure - Unknown Product (CVE-2022-42263) - Medium [231]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-42263 was patched at 2024-05-15

5280. Information Disclosure - Unknown Product (CVE-2022-42265) - Medium [231]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure or data tampering.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-42265 was patched at 2024-05-15

5281. Information Disclosure - Unknown Product (CVE-2022-47630) - Medium [231]

Description: {'vulners_cve_data_all': 'Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-47630 was patched at 2024-05-15

5282. Information Disclosure - Unknown Product (CVE-2023-0180) - Medium [231]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0180 was patched at 2024-05-15

5283. Information Disclosure - Unknown Product (CVE-2023-0185) - Medium [231]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0185 was patched at 2024-05-15

5284. Information Disclosure - Unknown Product (CVE-2023-25516) - Medium [231]

Description: {'vulners_cve_data_all': '\nNVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of service.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-25516 was patched at 2024-05-15

5285. Information Disclosure - Unknown Product (CVE-2023-28746) - Medium [231]

Description: {'vulners_cve_data_all': 'Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-28746 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-28746 was patched at 2024-05-29

5286. Information Disclosure - Unknown Product (CVE-2023-48161) - Medium [231]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-48161 was patched at 2024-05-15

5287. Arbitrary File Writing - Unknown Product (CVE-2000-0992) - Medium [229]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2000-0992 was patched at 2024-05-15

5288. Arbitrary File Writing - Unknown Product (CVE-2002-1216) - Medium [229]

Description: {'vulners_cve_data_all': 'GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1216 was patched at 2024-05-15

5289. Arbitrary File Writing - Unknown Product (CVE-2003-0021) - Medium [229]

Description: {'vulners_cve_data_all': 'The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0021 was patched at 2024-05-15

5290. Arbitrary File Writing - Unknown Product (CVE-2003-0214) - Medium [229]

Description: {'vulners_cve_data_all': 'run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0214 was patched at 2024-05-15

5291. Arbitrary File Writing - Unknown Product (CVE-2003-0440) - Medium [229]

Description: {'vulners_cve_data_all': 'The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0440 was patched at 2024-05-15

5292. Arbitrary File Writing - Unknown Product (CVE-2003-0537) - Medium [229]

Description: {'vulners_cve_data_all': 'The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporary files insecurely, which could allow local users to overwrite arbitrary files as other users.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0537 was patched at 2024-05-15

5293. Arbitrary File Writing - Unknown Product (CVE-2003-0539) - Medium [229]

Description: {'vulners_cve_data_all': 'skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0539 was patched at 2024-05-15

5294. Arbitrary File Writing - Unknown Product (CVE-2004-0107) - Medium [229]

Description: {'vulners_cve_data_all': 'The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0107 was patched at 2024-05-15

5295. Arbitrary File Writing - Unknown Product (CVE-2004-0108) - Medium [229]

Description: {'vulners_cve_data_all': 'The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0108 was patched at 2024-05-15

5296. Arbitrary File Writing - Unknown Product (CVE-2004-0647) - Medium [229]

Description: {'vulners_cve_data_all': 'shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local users to overwrite arbitrary files via a symlink attack on the chains-$$ temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0647 was patched at 2024-05-15

5297. Arbitrary File Writing - Unknown Product (CVE-2004-0916) - Medium [229]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0916 was patched at 2024-05-15

5298. Arbitrary File Writing - Unknown Product (CVE-2004-1294) - Medium [229]

Description: {'vulners_cve_data_all': 'The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1294 was patched at 2024-05-15

5299. Arbitrary File Writing - Unknown Product (CVE-2004-1951) - Medium [229]

Description: {'vulners_cve_data_all': 'xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1951 was patched at 2024-05-15

5300. Arbitrary File Writing - Unknown Product (CVE-2004-2462) - Medium [229]

Description: {'vulners_cve_data_all': 'cplay 1.49 on Linux allows local users to overwrite arbitrary files via a symlink attack on the cplay_control temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2462 was patched at 2024-05-15

5301. Arbitrary File Writing - Unknown Product (CVE-2005-0071) - Medium [229]

Description: {'vulners_cve_data_all': 'vdr before 1.2.6 does not securely create files, which allows attackers to overwrite arbitrary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0071 was patched at 2024-05-15

5302. Arbitrary File Writing - Unknown Product (CVE-2006-3178) - Medium [229]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in extract_chmLib example program in CHM Lib (chmlib) before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a .. (dot dot) in their filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3178 was patched at 2024-05-15

5303. Arbitrary File Writing - Unknown Product (CVE-2006-3324) - Medium [229]

Description: {'vulners_cve_data_all': 'The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3324 was patched at 2024-05-15

5304. Arbitrary File Writing - Unknown Product (CVE-2006-3325) - Medium [229]

Description: {'vulners_cve_data_all': 'client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3325 was patched at 2024-05-15

5305. Arbitrary File Writing - Unknown Product (CVE-2006-6939) - Medium [229]

Description: {'vulners_cve_data_all': 'GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6939 was patched at 2024-05-15

5306. Arbitrary File Writing - Unknown Product (CVE-2007-0237) - Medium [229]

Description: {'vulners_cve_data_all': 'The ndeb-binary feature in Lookup (lookup-el) allows local users to overwrite arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0237 was patched at 2024-05-15

5307. Arbitrary File Writing - Unknown Product (CVE-2007-6209) - Medium [229]

Description: {'vulners_cve_data_all': 'Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6209 was patched at 2024-05-15

5308. Arbitrary File Writing - Unknown Product (CVE-2007-6358) - Medium [229]

Description: {'vulners_cve_data_all': 'pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked by CUPS.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6358 was patched at 2024-05-15

5309. Arbitrary File Writing - Unknown Product (CVE-2008-3216) - Medium [229]

Description: {'vulners_cve_data_all': 'The save function in br/prefmanager.d in projectl 1.001 creates a projectL.prf file in the current working directory, which allows local users to overwrite arbitrary files via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3216 was patched at 2024-05-15

5310. Arbitrary File Writing - Unknown Product (CVE-2008-3791) - Medium [229]

Description: {'vulners_cve_data_all': 'src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rot.jpg temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3791 was patched at 2024-05-15

5311. Arbitrary File Writing - Unknown Product (CVE-2008-4639) - Medium [229]

Description: {'vulners_cve_data_all': 'jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4639 was patched at 2024-05-15

5312. Arbitrary File Writing - Unknown Product (CVE-2012-3447) - Medium [229]

Description: {'vulners_cve_data_all': 'virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3447 was patched at 2024-05-15

5313. Arbitrary File Writing - Unknown Product (CVE-2014-5254) - Medium [229]

Description: {'vulners_cve_data_all': 'xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5254 was patched at 2024-05-15

5314. Arbitrary File Writing - Unknown Product (CVE-2018-14329) - Medium [229]

Description: {'vulners_cve_data_all': 'In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14329 was patched at 2024-05-15

5315. Unknown Vulnerability Type - APT (CVE-2005-1854) - Medium [228]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing input sanitising," allows remote attackers to execute arbitrary commands on the caching server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1854 was patched at 2024-05-15

5316. Unknown Vulnerability Type - APT (CVE-2011-2930) - Medium [228]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2930 was patched at 2024-05-15

5317. Unknown Vulnerability Type - APT (CVE-2011-4929) - Medium [228]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the bazaar repository adapter in Redmine 0.9.x and 1.0.x before 1.0.5 allows remote attackers to execute arbitrary commands via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4929 was patched at 2024-05-15

5318. Unknown Vulnerability Type - APT (CVE-2013-6049) - Medium [228]

Description: {'vulners_cve_data_all': 'apt-listbugs before 0.1.10 creates temporary files insecurely, which allows attackers to have unspecified impact via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6049 was patched at 2024-05-15

5319. Unknown Vulnerability Type - APT (CVE-2016-3100) - Medium [228]

Description: {'vulners_cve_data_all': 'kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 8.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3100 was patched at 2024-05-15

5320. Unknown Vulnerability Type - APT (CVE-2023-38313) - Medium [228]

Description: {'vulners_cve_data_all': 'An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38313 was patched at 2024-05-15

5321. Unknown Vulnerability Type - APT (CVE-2023-38315) - Medium [228]

Description: {'vulners_cve_data_all': 'An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38315 was patched at 2024-05-15

5322. Unknown Vulnerability Type - APT (CVE-2023-38320) - Medium [228]

Description: {'vulners_cve_data_all': 'An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38320 was patched at 2024-05-15

5323. Unknown Vulnerability Type - APT (CVE-2023-38322) - Medium [228]

Description: {'vulners_cve_data_all': 'An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated, and can be triggered only when the BinAuth option is set.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38322 was patched at 2024-05-15

5324. Unknown Vulnerability Type - Adobe Reader (CVE-2003-0434) - Medium [228]

Description: {'vulners_cve_data_all': 'Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage Portable Document Format files
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0434 was patched at 2024-05-15

5325. Unknown Vulnerability Type - Binutils (CVE-2005-4808) - Medium [228]

Description: {'vulners_cve_data_all': 'Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4808 was patched at 2024-05-15

5326. Unknown Vulnerability Type - FreeIPA (CVE-2015-5179) - Medium [228]

Description: {'vulners_cve_data_all': 'FreeIPA might display user data improperly via vectors involving non-printable characters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814FreeIPA is a free and open source identity management system
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5179 was patched at 2024-05-15

5327. Unknown Vulnerability Type - FreeIPA (CVE-2017-12169) - Medium [228]

Description: {'vulners_cve_data_all': 'It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814FreeIPA is a free and open source identity management system
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12169 was patched at 2024-05-15

5328. Unknown Vulnerability Type - GNOME desktop (CVE-2012-6111) - Medium [228]

Description: {'vulners_cve_data_all': 'gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6111 was patched at 2024-05-15

5329. Unknown Vulnerability Type - GNOME desktop (CVE-2017-1000025) - Medium [228]

Description: {'vulners_cve_data_all': 'GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfiltration of stored passwords for a selected set of websites.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000025 was patched at 2024-05-15

5330. Unknown Vulnerability Type - GNOME desktop (CVE-2017-8288) - Medium [228]

Description: {'vulners_cve_data_all': 'gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8288 was patched at 2024-05-15

5331. Unknown Vulnerability Type - GNOME desktop (CVE-2018-19358) - Medium [228]

Description: {'vulners_cve_data_all': 'GNOME Keyring through 3.28.2 allows local users to retrieve login credentials via a Secret Service API call and the D-Bus interface if the keyring is unlocked, a similar issue to CVE-2008-7320. One perspective is that this occurs because available D-Bus protection mechanisms (involving the busconfig and policy XML elements) are not used. NOTE: the vendor disputes this because, according to the security model, untrusted applications must not be allowed to access the user's session bus socket.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19358 was patched at 2024-05-15

5332. Unknown Vulnerability Type - GNOME desktop (CVE-2019-11461) - Medium [228]

Description: {'vulners_cve_data_all': 'An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11461 was patched at 2024-05-15

5333. Unknown Vulnerability Type - GNOME desktop (CVE-2020-16118) - Medium [228]

Description: {'vulners_cve_data_all': 'In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-16118 was patched at 2024-05-15

5334. Unknown Vulnerability Type - GNU C Library (CVE-2010-0015) - Medium [228]

Description: {'vulners_cve_data_all': 'nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0015 was patched at 2024-05-15

5335. Unknown Vulnerability Type - GNU C Library (CVE-2013-4412) - Medium [228]

Description: {'vulners_cve_data_all': 'slim has NULL pointer dereference when using crypt() method from glibc 2.17', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4412 was patched at 2024-05-15

5336. Unknown Vulnerability Type - GNU C Library (CVE-2019-6488) - Medium [228]

Description: {'vulners_cve_data_all': 'The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6488 was patched at 2024-05-15

5337. Unknown Vulnerability Type - GNU C Library (CVE-2019-9192) - Medium [228]

Description: {'vulners_cve_data_all': 'In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9192 was patched at 2024-05-15

5338. Unknown Vulnerability Type - GNU C Library (CVE-2021-43396) - Medium [228]

Description: {'vulners_cve_data_all': 'In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43396 was patched at 2024-05-15

5339. Unknown Vulnerability Type - ICMP (CVE-2019-5598) - Medium [228]

Description: {'vulners_cve_data_all': 'In FreeBSD 11.3-PRERELEASE before r345378, 12.0-STABLE before r345377, 11.2-RELEASE before 11.2-RELEASE-p10, and 12.0-RELEASE before 12.0-RELEASE-p4, a bug in pf does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet allowing a maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to diagnose network communication issues
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5598 was patched at 2024-05-15

5340. Unknown Vulnerability Type - Mozilla Firefox (CVE-2006-1727) - Medium [228]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1727 was patched at 2024-05-15

5341. Unknown Vulnerability Type - Mozilla Firefox (CVE-2006-2775) - Medium [228]

Description: {'vulners_cve_data_all': 'Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2775 was patched at 2024-05-15

5342. Unknown Vulnerability Type - Mozilla Firefox (CVE-2006-3801) - Medium [228]

Description: {'vulners_cve_data_all': 'Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3801 was patched at 2024-05-15

5343. Unknown Vulnerability Type - Mozilla Firefox (CVE-2006-3809) - Medium [228]

Description: {'vulners_cve_data_all': 'Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3809 was patched at 2024-05-15

5344. Unknown Vulnerability Type - Mozilla Firefox (CVE-2006-5463) - Medium [228]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5463 was patched at 2024-05-15

5345. Unknown Vulnerability Type - Node.js (CVE-2014-6394) - Medium [228]

Description: {'vulners_cve_data_all': 'visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as demonstrated using "public-restricted" under a "public" directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-6394 was patched at 2024-05-15

5346. Unknown Vulnerability Type - Node.js (CVE-2016-2216) - Medium [228]

Description: {'vulners_cve_data_all': 'The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2216 was patched at 2024-05-15

5347. Unknown Vulnerability Type - Node.js (CVE-2017-20165) - Medium [228]

Description: {'vulners_cve_data_all': 'A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. The identifier of the patch is c38a0166c266a679c8de012d4eaccec3f944e685. It is recommended to upgrade the affected component. The identifier VDB-217665 was assigned to this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-20165 was patched at 2024-05-15

5348. Unknown Vulnerability Type - Node.js (CVE-2018-12120) - Medium [228]

Description: {'vulners_cve_data_all': 'Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12120 was patched at 2024-05-15

5349. Unknown Vulnerability Type - Node.js (CVE-2023-32695) - Medium [228]

Description: {'vulners_cve_data_all': 'socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-32695 was patched at 2024-05-15

5350. Unknown Vulnerability Type - OpenSSH (CVE-2001-1459) - Medium [228]

Description: {'vulners_cve_data_all': 'OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2001-1459 was patched at 2024-05-15

5351. Unknown Vulnerability Type - OpenSSH (CVE-2001-1507) - Medium [228]

Description: {'vulners_cve_data_all': 'OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2001-1507 was patched at 2024-05-15

5352. Unknown Vulnerability Type - OpenSSH (CVE-2002-0765) - Medium [228]

Description: {'vulners_cve_data_all': 'sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0765 was patched at 2024-05-15

5353. Unknown Vulnerability Type - OpenSSH (CVE-2003-0386) - Medium [228]

Description: {'vulners_cve_data_all': 'OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0386 was patched at 2024-05-15

5354. Unknown Vulnerability Type - OpenSSH (CVE-2003-0682) - Medium [228]

Description: {'vulners_cve_data_all': '"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0682 was patched at 2024-05-15

5355. Unknown Vulnerability Type - OpenSSH (CVE-2003-0787) - Medium [228]

Description: {'vulners_cve_data_all': 'The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0787 was patched at 2024-05-15

5356. Unknown Vulnerability Type - OpenSSL (CVE-2000-1254) - Medium [228]

Description: {'vulners_cve_data_all': 'crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2000-1254 was patched at 2024-05-15

5357. Unknown Vulnerability Type - OpenSSL (CVE-2003-0131) - Medium [228]

Description: {'vulners_cve_data_all': 'The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the "Klima-Pokorny-Rosa attack."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0131 was patched at 2024-05-15

5358. Unknown Vulnerability Type - OpenSSL (CVE-2005-2946) - Medium [228]

Description: {'vulners_cve_data_all': 'The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2946 was patched at 2024-05-15

5359. Unknown Vulnerability Type - OpenSSL (CVE-2008-0166) - Medium [228]

Description: {'vulners_cve_data_all': 'OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0166 was patched at 2024-05-15

5360. Unknown Vulnerability Type - OpenSSL (CVE-2009-0653) - Medium [228]

Description: {'vulners_cve_data_all': 'OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0653 was patched at 2024-05-15

5361. Unknown Vulnerability Type - PHP (CVE-2003-1598) - Medium [228]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-1598 was patched at 2024-05-15

5362. Unknown Vulnerability Type - PHP (CVE-2004-2630) - Medium [228]

Description: {'vulners_cve_data_all': 'The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2630 was patched at 2024-05-15

5363. Unknown Vulnerability Type - PHP (CVE-2004-2631) - Medium [228]

Description: {'vulners_cve_data_all': 'Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2631 was patched at 2024-05-15

5364. Unknown Vulnerability Type - PHP (CVE-2005-0567) - Medium [228]

Description: {'vulners_cve_data_all': 'Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0567 was patched at 2024-05-15

5365. Unknown Vulnerability Type - PHP (CVE-2005-1687) - Medium [228]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1687 was patched at 2024-05-15

5366. Unknown Vulnerability Type - PHP (CVE-2005-1810) - Medium [228]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1810 was patched at 2024-05-15

5367. Unknown Vulnerability Type - PHP (CVE-2006-0517) - Medium [228]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to "session handling"; and (5) when posting "petitions".', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0517 was patched at 2024-05-15

5368. Unknown Vulnerability Type - PHP (CVE-2006-1804) - Medium [228]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1804 was patched at 2024-05-15

5369. Unknown Vulnerability Type - PHP (CVE-2006-4675) - Medium [228]

Description: {'vulners_cve_data_all': 'Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4675 was patched at 2024-05-15

5370. Unknown Vulnerability Type - PHP (CVE-2006-6944) - Medium [228]

Description: {'vulners_cve_data_all': 'phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6944 was patched at 2024-05-15

5371. Unknown Vulnerability Type - PHP (CVE-2007-2821) - Medium [228]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2821 was patched at 2024-05-15

5372. Unknown Vulnerability Type - PHP (CVE-2007-3432) - Medium [228]

Description: {'vulners_cve_data_all': 'Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3432 was patched at 2024-05-15

5373. Unknown Vulnerability Type - PHP (CVE-2007-3905) - Medium [228]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote attackers to execute arbitrary SQL commands via the _order parameter to (1) photos.php and (2) edit_photos.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3905 was patched at 2024-05-15

5374. Unknown Vulnerability Type - PHP (CVE-2007-4525) - Medium [228]

Description: {'vulners_cve_data_all': 'PHP remote file inclusion vulnerability in inc-calcul.php3 in SPIP 1.7.2 allows remote attackers to execute arbitrary PHP code via a URL in the squelette_cache parameter, a different vector than CVE-2006-1702. NOTE: this issue has been disputed by third party researchers, stating that the squelette_cache variable is initialized before use, and is only used within the scope of a function', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4525 was patched at 2024-05-15

5375. Unknown Vulnerability Type - PHP (CVE-2007-5156) - Medium [228]

Description: {'vulners_cve_data_all': 'Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5156 was patched at 2024-05-15

5376. Unknown Vulnerability Type - PHP (CVE-2008-3747) - Medium [228]

Description: {'vulners_cve_data_all': 'The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3747 was patched at 2024-05-15

5377. Unknown Vulnerability Type - PHP (CVE-2008-5186) - Medium [228]

Description: {'vulners_cve_data_all': 'The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows control of the default language path', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5186 was patched at 2024-05-15

5378. Unknown Vulnerability Type - PHP (CVE-2008-5813) - Medium [228]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5813 was patched at 2024-05-15

5379. Unknown Vulnerability Type - PHP (CVE-2009-1149) - Medium [228]

Description: {'vulners_cve_data_all': 'CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1149 was patched at 2024-05-15

5380. Unknown Vulnerability Type - PHP (CVE-2009-2762) - Medium [228]

Description: {'vulners_cve_data_all': 'wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2762 was patched at 2024-05-15

5381. Unknown Vulnerability Type - PHP (CVE-2009-3040) - Medium [228]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3040 was patched at 2024-05-15

5382. Unknown Vulnerability Type - PHP (CVE-2009-3042) - Medium [228]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3042 was patched at 2024-05-15

5383. Unknown Vulnerability Type - PHP (CVE-2009-5053) - Medium [228]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5053 was patched at 2024-05-15

5384. Unknown Vulnerability Type - PHP (CVE-2010-0288) - Medium [228]

Description: {'vulners_cve_data_all': 'A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0288 was patched at 2024-05-15

5385. Unknown Vulnerability Type - PHP (CVE-2010-1595) - Medium [228]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1595 was patched at 2024-05-15

5386. Unknown Vulnerability Type - PHP (CVE-2010-3484) - Medium [228]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3484 was patched at 2024-05-15

5387. Unknown Vulnerability Type - PHP (CVE-2010-3485) - Medium [228]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3485 was patched at 2024-05-15

5388. Unknown Vulnerability Type - PHP (CVE-2010-4879) - Medium [228]

Description: {'vulners_cve_data_all': 'PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4879 was patched at 2024-05-15

5389. Unknown Vulnerability Type - PHP (CVE-2010-5049) - Medium [228]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the nav_time parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-5049 was patched at 2024-05-15

5390. Unknown Vulnerability Type - PHP (CVE-2011-3130) - Medium [228]

Description: {'vulners_cve_data_all': 'wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3130 was patched at 2024-05-15

5391. Unknown Vulnerability Type - PHP (CVE-2011-4625) - Medium [228]

Description: {'vulners_cve_data_all': 'simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4625 was patched at 2024-05-15

5392. Unknown Vulnerability Type - PHP (CVE-2012-6707) - Medium [228]

Description: {'vulners_cve_data_all': 'WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. NOTE: the approach to changing this may not be fully compatible with certain use cases, such as migration of a WordPress site from a web host that uses a recent PHP version to a different web host that uses PHP 5.2. These use cases are plausible (but very unlikely) based on statistics showing widespread deployment of WordPress with obsolete PHP versions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6707 was patched at 2024-05-15

5393. Unknown Vulnerability Type - PHP (CVE-2013-0232) - Medium [228]

Description: {'vulners_cve_data_all': 'includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0232 was patched at 2024-05-15

5394. Unknown Vulnerability Type - PHP (CVE-2014-9450) - Medium [228]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9450 was patched at 2024-05-15

5395. Unknown Vulnerability Type - PHP (CVE-2016-6617) - Medium [228]

Description: {'vulners_cve_data_all': 'An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4) are affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6617 was patched at 2024-05-15

5396. Unknown Vulnerability Type - PHP (CVE-2016-9862) - Medium [228]

Description: {'vulners_cve_data_all': 'An issue was discovered in phpMyAdmin. With a crafted login request it is possible to inject BBCode in the login page. All 4.6.x versions (prior to 4.6.5) are affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9862 was patched at 2024-05-15

5397. Unknown Vulnerability Type - PHP (CVE-2017-1000018) - Medium [228]

Description: {'vulners_cve_data_all': 'phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000018 was patched at 2024-05-15

5398. Unknown Vulnerability Type - PHP (CVE-2017-1001000) - Medium [228]

Description: {'vulners_cve_data_all': 'The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1001000 was patched at 2024-05-15

5399. Unknown Vulnerability Type - PHP (CVE-2019-13464) - Medium [228]

Description: {'vulners_cve_data_all': 'An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) 3.0.2. Use of X.Filename instead of X_Filename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-13464 was patched at 2024-05-15

5400. Unknown Vulnerability Type - PHP (CVE-2020-25788) - Medium [228]

Description: {'vulners_cve_data_all': 'An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25788 was patched at 2024-05-15

5401. Unknown Vulnerability Type - PHP (CVE-2022-3979) - Medium [228]

Description: {'vulners_cve_data_all': 'A vulnerability was found in NagVis up to 1.9.33 and classified as problematic. This issue affects the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. The manipulation of the argument hash leads to incorrect type conversion. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 1.9.34 is able to address this issue. The identifier of the patch is 7574fd8a2903282c2e0d1feef5c4876763db21d5. It is recommended to upgrade the affected component. The identifier VDB-213557 was assigned to this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3979 was patched at 2024-05-15

5402. Unknown Vulnerability Type - PHP (CVE-2023-27560) - Medium [228]

Description: {'vulners_cve_data_all': 'Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-27560 was patched at 2024-05-15

5403. Unknown Vulnerability Type - PHP (CVE-2023-50262) - Medium [228]

Description: {'vulners_cve_data_all': 'Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the SVG are allowed. One of the validations is that the SVG document does not reference itself. However, prior to version 2.0.4, a recursive chained using two or more SVG documents is not correctly validated. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself.\n\nphp-svg-lib, when run in isolation, does not support SVG references for `image` elements. However, when used in combination with Dompdf, php-svg-lib will process SVG images referenced by an `image` element. Dompdf currently includes validation to prevent self-referential `image` references, but a chained reference is not checked. A malicious actor may thus trigger infinite recursion by chaining references between two or more SVG images.\n\nWhen Dompdf parses a malicious payload, it will crash due after exceeding the allowed execution time or memory usage. An attacker sending multiple request to a system can potentially cause resource exhaustion to the point that the system is unable to handle incoming request.\n\nVersion 2.0.4 contains a fix for this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50262 was patched at 2024-05-15

5404. Unknown Vulnerability Type - RPC (CVE-2003-0773) - Medium [228]

Description: {'vulners_cve_data_all': 'saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0773 was patched at 2024-05-15

5405. Unknown Vulnerability Type - RPC (CVE-2003-0776) - Medium [228]

Description: {'vulners_cve_data_all': 'saned in sane-backends 1.0.7 and earlier does not properly "check the validity of the RPC numbers it gets before getting the parameters," with unknown consequences.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0776 was patched at 2024-05-15

5406. Unknown Vulnerability Type - RPC (CVE-2005-2108) - Medium [228]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2108 was patched at 2024-05-15

5407. Unknown Vulnerability Type - RPC (CVE-2007-4894) - Medium [228]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4894 was patched at 2024-05-15

5408. Unknown Vulnerability Type - RPC (CVE-2010-1277) - Medium [228]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1277 was patched at 2024-05-15

5409. Unknown Vulnerability Type - RPC (CVE-2010-2061) - Medium [228]

Description: {'vulners_cve_data_all': 'rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2061 was patched at 2024-05-15

5410. Unknown Vulnerability Type - RPC (CVE-2011-3600) - Medium [228]

Description: {'vulners_cve_data_all': 'The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figure out from returned error messages whether a file exists or not. This affects OFBiz 16.11.01 to 16.11.04.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3600 was patched at 2024-05-15

5411. Unknown Vulnerability Type - RPC (CVE-2023-33953) - Medium [228]

Description: {'vulners_cve_data_all': 'gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/\xa0Three vectors were found that allow the following DOS attacks:\n\n- Unbounded memory buffering in the HPACK parser\n- Unbounded CPU consumption in the HPACK parser\n\nThe unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client.\n\nThe unbounded memory buffering bugs:\n\n- The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb.\n- HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse.\n- gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-33953 was patched at 2024-05-15

5412. Unknown Vulnerability Type - Samba (CVE-2004-0082) - Medium [228]

Description: {'vulners_cve_data_all': 'The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0082 was patched at 2024-05-15

5413. Unknown Vulnerability Type - Samba (CVE-2004-0815) - Medium [228]

Description: {'vulners_cve_data_all': 'The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0815 was patched at 2024-05-15

5414. Unknown Vulnerability Type - libwebp (CVE-2016-9969) - Medium [228]

Description: {'vulners_cve_data_all': 'In libwebp 0.5.1, there is a double free bug in libwebpmux.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814libwebp is a code library used to render and display images in the WebP format
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9969 was patched at 2024-05-15

5415. Incorrect Calculation - GPAC (CVE-2021-30014) - Medium [227]

Description: There is a integer overflow in media_tools/av_parsers.c in the hevc_parse_slice_segment function in GPAC 1.0.1 which results in a crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30014 was patched at 2024-05-15

5416. Incorrect Calculation - GPAC (CVE-2021-30022) - Medium [227]

Description: There is a integer overflow in media_tools/av_parsers.c in the gf_avc_read_pps_bs_internal in GPAC 1.0.1. pps_id may be a negative number, so it will not return. However, avc->pps only has 255 unit, so there is an overflow, which results a crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30022 was patched at 2024-05-15

5417. Memory Corruption - GPAC (CVE-2022-24576) - Medium [227]

Description: GPAC 1.0.1 is affected by Use After Free through MP4Box.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24576 was patched at 2024-05-15

5418. Memory Corruption - GPAC (CVE-2022-43254) - Medium [227]

Description: GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-43254 was patched at 2024-05-15

5419. Memory Corruption - GPAC (CVE-2022-46489) - Medium [227]

Description: GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-46489 was patched at 2024-05-15

5420. Memory Corruption - GPAC (CVE-2023-4755) - Medium [227]

Description: Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-4755 was patched at 2024-05-15

5421. Memory Corruption - Git (CVE-2017-11353) - Medium [227]

Description: yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11353 was patched at 2024-05-15

5422. Memory Corruption - Git (CVE-2023-23586) - Medium [227]

Description: Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process' memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit  788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-23586 was patched at 2024-05-15

5423. Memory Corruption - Git (CVE-2023-39130) - Medium [227]

Description: GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39130 was patched at 2024-05-15

5424. Cross Site Scripting - Unknown Product (CVE-2002-0840) - Medium [226]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0840 was patched at 2024-05-15

5425. Cross Site Scripting - Unknown Product (CVE-2002-1307) - Medium [226]

Description: {'vulners_cve_data_all': 'Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1307 was patched at 2024-05-15

5426. Cross Site Scripting - Unknown Product (CVE-2003-0965) - Medium [226]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0965 was patched at 2024-05-15

5427. Cross Site Scripting - Unknown Product (CVE-2004-0591) - Medium [226]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0591 was patched at 2024-05-15

5428. Cross Site Scripting - Unknown Product (CVE-2006-5442) - Medium [226]

Description: {'vulners_cve_data_all': 'ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5442 was patched at 2024-05-15

5429. Cross Site Scripting - Unknown Product (CVE-2007-2740) - Medium [226]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in xajax before 0.2.5 has unknown impact and attack vectors, not related to XSS.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2740 was patched at 2024-05-15

5430. Cross Site Scripting - Unknown Product (CVE-2023-38000) - Medium [226]

Description: {'vulners_cve_data_all': 'Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core\xa06.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38000 was patched at 2024-05-15

5431. Cross Site Scripting - Unknown Product (CVE-2023-49090) - Medium [226]

Description: {'vulners_cve_data_all': 'CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in `allowlisted_content_type?` determines Content-Type permissions by performing a partial match. If the `content_type` argument of `allowlisted_content_type?` is passed a value crafted by the attacker, Content-Types not included in the `content_type_allowlist` will be allowed. This issue has been patched in versions 2.2.5 and 3.0.5.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49090 was patched at 2024-05-15

5432. Denial of Service - Unknown Product (CVE-2024-33655) - Medium [226]

Description: {'vulners_cve_data_all': 'The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the "DNSBomb" issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-33655 was patched at 2024-05-15

ubuntu: CVE-2024-33655 was patched at 2024-05-28

5433. Remote Code Execution - Unknown Product (CVE-2006-2458) - Medium [226]

Description: {'vulners_cve_data_all': 'Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2458 was patched at 2024-05-15

5434. Remote Code Execution - Unknown Product (CVE-2007-4730) - Medium [226]

Description: {'vulners_cve_data_all': 'Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4730 was patched at 2024-05-15

5435. Remote Code Execution - Unknown Product (CVE-2008-0629) - Medium [226]

Description: {'vulners_cve_data_all': 'Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before r25824 allows remote user-assisted attackers to execute arbitrary code via a CDDB database entry containing a long album title.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0629 was patched at 2024-05-15

5436. Remote Code Execution - Unknown Product (CVE-2008-1628) - Medium [226]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1628 was patched at 2024-05-15

5437. Remote Code Execution - Unknown Product (CVE-2009-0415) - Medium [226]

Description: {'vulners_cve_data_all': 'Untrusted search path vulnerability in trickle 1.07 allows local users to execute arbitrary code via a Trojan horse trickle-overload.so in the current working directory, which is referenced in the LD_PRELOAD path.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0415 was patched at 2024-05-15

5438. Remote Code Execution - Unknown Product (CVE-2009-2175) - Medium [226]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the flattenIncrementally function in flatten.c in xcftools 1.0.4, as reachable from the (1) xcf2pnm and (2) xcf2png utilities, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image that causes a conversion to a location "above or to the left of the canvas." NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2175 was patched at 2024-05-15

5439. Remote Code Execution - Unknown Product (CVE-2011-2776) - Medium [226]

Description: {'vulners_cve_data_all': 'Buffer overflow in the Error function in super.c in Super 3.30.0 might allow local users to execute arbitrary code via vectors related to syslog logging. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2776 was patched at 2024-05-15

5440. Remote Code Execution - Unknown Product (CVE-2012-4436) - Medium [226]

Description: {'vulners_cve_data_all': 'Buffer overflow in the run_last_args function in client/fwknop.c in fwknop before 2.0.3, when processing --last, might allow local users to cause a denial of service (client crash) and possibly execute arbitrary code via many .fwknop.run arguments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4436 was patched at 2024-05-15

5441. Remote Code Execution - Unknown Product (CVE-2012-6034) - Medium [226]

Description: {'vulners_cve_data_all': 'The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv functions and the (3) TMEMC_SAVE_GET_POOL_UUID sub-operation in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 "do not check incoming guest output buffer pointers," which allows local guest OS users to cause a denial of service (memory corruption and host crash) or execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6034 was patched at 2024-05-15

5442. Remote Code Execution - Unknown Product (CVE-2012-6036) - Medium [226]

Description: {'vulners_cve_data_all': 'The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or possibly execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6036 was patched at 2024-05-15

5443. Remote Code Execution - Unknown Product (CVE-2013-1874) - Medium [226]

Description: {'vulners_cve_data_all': 'Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1874 was patched at 2024-05-15

5444. Remote Code Execution - Unknown Product (CVE-2013-2038) - Medium [226]

Description: {'vulners_cve_data_all': 'The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpreted sentence that lacks certain fields and a terminator. NOTE: a separate issue in the AIS driver was also reported, but it might not be a vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2038 was patched at 2024-05-15

5445. Remote Code Execution - Unknown Product (CVE-2013-4371) - Medium [226]

Description: {'vulners_cve_data_all': 'Use-after-free vulnerability in the libxl_list_cpupool function in the libxl toolstack library in Xen 4.2.x and 4.3.x, when running "under memory pressure," returns the original pointer when the realloc function fails, which allows local users to cause a denial of service (heap corruption and crash) and possibly execute arbitrary code via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4371 was patched at 2024-05-15

5446. Remote Code Execution - Unknown Product (CVE-2014-1642) - Medium [226]

Description: {'vulners_cve_data_all': 'The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough and configured to support a large number of CPUs, frees certain memory that may still be intended for use, which allows local guest administrators to cause a denial of service (memory corruption and hypervisor crash) and possibly execute arbitrary code via vectors related to an out-of-memory error that triggers a (1) use-after-free or (2) double free.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1642 was patched at 2024-05-15

5447. Remote Code Execution - Unknown Product (CVE-2019-11360) - Medium [226]

Description: {'vulners_cve_data_all': 'A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11360 was patched at 2024-05-15

5448. Unknown Vulnerability Type - Unknown Product (CVE-2009-0489) - Medium [226]

Description: {'vulners_cve_data_all': 'The DBus configuration file for Wicd before 1.5.9 allows arbitrary users to own org.wicd.daemon, which allows local users to receive messages that were intended for the Wicd daemon, possibly including credentials.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Wicd wicd.conf默认配置本地信息泄露漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0489 was patched at 2024-05-15

5449. Unknown Vulnerability Type - Unknown Product (CVE-2012-2760) - Medium [226]

Description: {'vulners_cve_data_all': 'mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([exploitpack] Apache Mod_Auth_OpenID - Session Stealing, [packetstorm] Mod_Auth_OpenID Session Stealing, [seebug] Mod_Auth_OpenID Session Stealing Vulnerability, [exploitdb] Apache Mod_Auth_OpenID - Session Stealing)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2760 was patched at 2024-05-15

5450. Unknown Vulnerability Type - Unknown Product (CVE-2012-6140) - Medium [226]

Description: {'vulners_cve_data_all': 'pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than CVE-2013-0258.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([seebug] Google Authenticator CVE-2012-6140本地信息泄露漏洞)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6140 was patched at 2024-05-15

5451. Denial of Service - Perl (CVE-2021-47208) - Medium [224]

Description: The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47208 was patched at 2024-05-15

redos: CVE-2021-47208 was patched at 2024-06-03

5452. Denial of Service - Python (CVE-2024-33664) - Medium [224]

Description: python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-33664 was patched at 2024-05-15

5453. Denial of Service - ReadyMedia (CVE-2023-47430) - Medium [224]

Description: Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attackers to cause a denial of service via via the SendContainer() function at tivo_commands.c.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.614ReadyMedia (formerly known as MiniDLNA) is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-47430 was patched at 2024-05-15

5454. Elevation of Privilege - Unknown Product (CVE-2020-0066) - Medium [223]

Description: {'vulners_cve_data_all': 'In the netlink driver, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-65025077', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-0066 was patched at 2024-05-15

5455. Elevation of Privilege - Unknown Product (CVE-2020-27067) - Medium [223]

Description: {'vulners_cve_data_all': 'In the l2tp subsystem, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-152409173', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27067 was patched at 2024-05-15

5456. Elevation of Privilege - Unknown Product (CVE-2021-27851) - Medium [223]

Description: {'vulners_cve_data_all': 'A security vulnerability that can lead to local privilege escalation has been found in ’guix-daemon’. It affects multi-user setups in which ’guix-daemon’ runs locally. The attack consists in having an unprivileged user spawn a build process, for instance with `guix build`, that makes its build directory world-writable. The user then creates a hardlink to a root-owned file such as /etc/shadow in that build directory. If the user passed the --keep-failed option and the build eventually fails, the daemon changes ownership of the whole build tree, including the hardlink, to the user. At that point, the user has write access to the target file. Versions after and including v0.11.0-3298-g2608e40988, and versions prior to v1.2.0-75109-g94f0312546 are vulnerable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-27851 was patched at 2024-05-15

5457. Elevation of Privilege - Unknown Product (CVE-2022-0563) - Medium [223]

Description: {'vulners_cve_data_all': 'A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-0563 was patched at 2024-05-15

5458. Elevation of Privilege - Unknown Product (CVE-2022-20148) - Medium [223]

Description: {'vulners_cve_data_all': 'In TBD of TBD, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219513976References: Upstream kernel', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-20148 was patched at 2024-05-15

5459. Elevation of Privilege - Unknown Product (CVE-2022-20154) - Medium [223]

Description: {'vulners_cve_data_all': 'In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-20154 was patched at 2024-05-15

5460. Elevation of Privilege - Unknown Product (CVE-2023-37360) - Medium [223]

Description: {'vulners_cve_data_all': 'pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-37360 was patched at 2024-05-15

5461. Unknown Vulnerability Type - BIND (CVE-2018-14505) - Medium [223]

Description: {'vulners_cve_data_all': 'mitmweb in mitmproxy v4.0.3 allows DNS Rebinding attacks, related to tools/web/app.py.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14505 was patched at 2024-05-15

5462. Unknown Vulnerability Type - BIND (CVE-2021-43816) - Medium [223]

Description: {'vulners_cve_data_all': 'containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43816 was patched at 2024-05-15

5463. Unknown Vulnerability Type - BIND (CVE-2023-31038) - Medium [223]

Description: {'vulners_cve_data_all': 'SQL injection in Log4cxx when using the ODBC appender to send log messages to a database.\xa0 No fields sent to the database were properly escaped for SQL injection.\xa0 This has been the case since at least version 0.9.0(released 2003-08-06)\n\n\n\n\nNote that Log4cxx is a C++ framework, so only C++ applications are affected.\n\nBefore version 1.1.0, the ODBC appender was automatically part of Log4cxx if the library was found when compiling the library.\xa0 As of version 1.1.0, this must be both explicitly enabled in order to be compiled in.\n\n\n\n\nThree preconditions must be met for this vulnerability to be possible:\n\n1. Log4cxx compiled with ODBC support(before version 1.1.0, this was auto-detected at compile time)\n\n2. ODBCAppender enabled for logging messages to, generally done via a config file\n\n3. User input is logged at some point. If your application does not have user input, it is unlikely to be affected.\n\n\n\n\n\nUsers are recommended to upgrade to version 1.1.0 which properly binds the parameters to the SQL statement, or migrate to the new DBAppender class which supports an ODBC connection in addition to other databases. \nNote that this fix does require a configuration file update, as the old configuration files will not configure properly.\xa0 An example is shown below, and more information may be found in the Log4cxx documentation on the ODBCAppender.\n\n\n\n\n\nExample of old configuration snippet:\n\n<appender name="SqlODBCAppender" class="ODBCAppender">\n\n\xa0\xa0\xa0 <param name="sql" value="INSERT INTO logs (message) VALUES ('%m')" />\n\n\xa0\xa0\xa0 ... other params here ...\n\n</appender>\n\n\n\n\nThe migrated configuration snippet with new ColumnMapping parameters:\n\n\n<appender name="SqlODBCAppender" class="ODBCAppender">\n\n\n\n\n\xa0 \xa0 <param name="sql" value="INSERT INTO logs (message) VALUES (?)" />\n\n\xa0\xa0\xa0 <param name="ColumnMapping" value="message"/>\n\xa0\xa0\xa0 ... other params here ...\n\n\n</appender>\n\n\n\n\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31038 was patched at 2024-05-15

5464. Unknown Vulnerability Type - FFmpeg (CVE-2013-0856) - Medium [223]

Description: {'vulners_cve_data_all': 'The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0856 was patched at 2024-05-15

5465. Unknown Vulnerability Type - FFmpeg (CVE-2013-0867) - Medium [223]

Description: {'vulners_cve_data_all': 'The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafted H.264 video data, related to an out-of-bounds array access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0867 was patched at 2024-05-15

5466. Unknown Vulnerability Type - MediaWiki (CVE-2015-8623) - Medium [223]

Description: {'vulners_cve_data_all': 'The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8623 was patched at 2024-05-15

5467. Unknown Vulnerability Type - MediaWiki (CVE-2015-8624) - Medium [223]

Description: {'vulners_cve_data_all': 'The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8624 was patched at 2024-05-15

5468. Unknown Vulnerability Type - MediaWiki (CVE-2017-0362) - Medium [223]

Description: {'vulners_cve_data_all': 'Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0362 was patched at 2024-05-15

5469. Unknown Vulnerability Type - MediaWiki (CVE-2017-0367) - Medium [223]

Description: {'vulners_cve_data_all': 'Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0367 was patched at 2024-05-15

5470. Unknown Vulnerability Type - iOS (CVE-2008-5008) - Medium [223]

Description: {'vulners_cve_data_all': 'Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or libsamplerate) before 0.1.4, when "extreme low conversion ratios" are used, allows user-assisted attackers to have an unknown impact via a crafted audio file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5008 was patched at 2024-05-15

5471. Unknown Vulnerability Type - iOS (CVE-2020-35269) - Medium [223]

Description: {'vulners_cve_data_all': 'Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35269 was patched at 2024-05-15

5472. Unknown Vulnerability Type - iOS (CVE-2022-22936) - Medium [223]

Description: {'vulners_cve_data_all': 'An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-22936 was patched at 2024-05-15

5473. Unknown Vulnerability Type - vim (CVE-2005-2368) - Medium [223]

Description: {'vulners_cve_data_all': 'vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Vim is a free and open-source, screen-based text editor program
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2368 was patched at 2024-05-15

5474. Authentication Bypass - Unknown Product (CVE-2007-1540) - Medium [222]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1540 was patched at 2024-05-15

5475. Authentication Bypass - Unknown Product (CVE-2007-6430) - Medium [222]

Description: {'vulners_cve_data_all': 'Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6430 was patched at 2024-05-15

5476. Authentication Bypass - Unknown Product (CVE-2023-49080) - Medium [222]

Description: {'vulners_cve_data_all': 'The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. Unhandled errors in API requests coming from an authenticated user include traceback information, which can include path information. There is no known mechanism by which to trigger these errors without authentication, so the paths revealed are not considered particularly sensitive, given that the requesting user has arbitrary execution permissions already in the same environment. A fix has been introduced in commit `0056c3aa52` which no longer includes traceback information in JSON error responses. For compatibility, the traceback field is present, but always empty. This commit has been included in version 2.11.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49080 was patched at 2024-05-15

5477. Memory Corruption - Chromium (CVE-2024-3914) - Medium [222]

Description: Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3914 was patched at 2024-04-20, 2024-05-15

redos: CVE-2024-3914 was patched at 2024-05-07

5478. Memory Corruption - Chromium (CVE-2024-4058) - Medium [222]

Description: Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-4058 was patched at 2024-04-26, 2024-05-15

redos: CVE-2024-4058 was patched at 2024-05-07

5479. Memory Corruption - Chromium (CVE-2024-4059) - Medium [222]

Description: Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-4059 was patched at 2024-04-26, 2024-05-15

redos: CVE-2024-4059 was patched at 2024-05-07

5480. Memory Corruption - Chromium (CVE-2024-4060) - Medium [222]

Description: Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-4060 was patched at 2024-04-26, 2024-05-15

redos: CVE-2024-4060 was patched at 2024-05-07

5481. Memory Corruption - Chromium (CVE-2024-4558) - Medium [222]

Description: Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-4558 was patched at 2024-05-08, 2024-05-15

5482. Memory Corruption - Chromium (CVE-2024-4559) - Medium [222]

Description: Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Chromium is a free and open-source web browser project, mainly developed and maintained by Google
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-4559 was patched at 2024-05-08, 2024-05-15

5483. Memory Corruption - GNU C Library (CVE-2024-33599) - Medium [222]

Description: nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-33599 was patched at 2024-05-23

debian: CVE-2024-33599 was patched at 2024-05-03, 2024-05-15

oraclelinux: CVE-2024-33599 was patched at 2024-05-29, 2024-06-05

redhat: CVE-2024-33599 was patched at 2024-05-09, 2024-05-23, 2024-05-28, 2024-05-29, 2024-06-04

ubuntu: CVE-2024-33599 was patched at 2024-05-31

5484. Memory Corruption - GNU C Library (CVE-2024-33600) - Medium [222]

Description: {'vulners_cve_data_all': 'nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon's (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-33600 was patched at 2024-05-23

debian: CVE-2024-33600 was patched at 2024-05-03, 2024-05-15

oraclelinux: CVE-2024-33600 was patched at 2024-05-29, 2024-06-05

redhat: CVE-2024-33600 was patched at 2024-05-09, 2024-05-23, 2024-05-28, 2024-05-29, 2024-06-04

ubuntu: CVE-2024-33600 was patched at 2024-05-31

5485. Memory Corruption - GNU C Library (CVE-2024-33602) - Medium [222]

Description: {'vulners_cve_data_all': 'nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-33602 was patched at 2024-05-23

debian: CVE-2024-33602 was patched at 2024-05-03, 2024-05-15

oraclelinux: CVE-2024-33602 was patched at 2024-05-29, 2024-06-05

redhat: CVE-2024-33602 was patched at 2024-05-09, 2024-05-23, 2024-05-28, 2024-05-29, 2024-06-04

ubuntu: CVE-2024-33602 was patched at 2024-05-31

5486. Memory Corruption - Mozilla Firefox (CVE-2024-3853) - Medium [222]

Description: A use-after-free could result if a JavaScript realm was in the process of being initialized when a garbage collection started. This vulnerability affects Firefox < 125.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

ubuntu: CVE-2024-3853 was patched at 2024-04-24

5487. Memory Corruption - Mozilla Firefox (CVE-2024-3858) - Medium [222]

Description: {'vulners_cve_data_all': 'It was possible to mutate a JavaScript object so that the JIT could crash while tracing it. This vulnerability affects Firefox < 125.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

ubuntu: CVE-2024-3858 was patched at 2024-04-24

5488. Memory Corruption - Mozilla Firefox (CVE-2024-3862) - Medium [222]

Description: {'vulners_cve_data_all': 'The MarkStack assignment operator, part of the JavaScript engine, could access uninitialized memory if it were used in a self-assignment. This vulnerability affects Firefox < 125.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

ubuntu: CVE-2024-3862 was patched at 2024-04-24

5489. Memory Corruption - Mozilla Firefox (CVE-2024-3865) - Medium [222]

Description: Memory safety bugs present in Firefox 124. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

ubuntu: CVE-2024-3865 was patched at 2024-04-24

5490. Memory Corruption - Mozilla Firefox (CVE-2024-4770) - Medium [222]

Description: When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-4770 was patched at 2024-05-16

debian: CVE-2024-4770 was patched at 2024-05-15, 2024-05-17

oraclelinux: CVE-2024-4770 was patched at 2024-05-16, 2024-05-20, 2024-06-11

redhat: CVE-2024-4770 was patched at 2024-05-16, 2024-05-20, 2024-05-23

ubuntu: CVE-2024-4770 was patched at 2024-05-21, 2024-05-22

5491. Memory Corruption - Mozilla Firefox (CVE-2024-4777) - Medium [222]

Description: Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-4777 was patched at 2024-05-16

debian: CVE-2024-4777 was patched at 2024-05-15, 2024-05-17

oraclelinux: CVE-2024-4777 was patched at 2024-05-16, 2024-05-20, 2024-06-11

redhat: CVE-2024-4777 was patched at 2024-05-16, 2024-05-20, 2024-05-23

ubuntu: CVE-2024-4777 was patched at 2024-05-21, 2024-05-22

5492. Unknown Vulnerability Type - AMD Processor (CVE-2023-34327) - Medium [221]

Description: {'vulners_cve_data_all': '\n[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nAMD CPUs since ~2014 have extensions to normal x86 debugging functionality.\nXen supports guests using these extensions.\n\nUnfortunately there are errors in Xen's handling of the guest state, leading\nto denials of service.\n\n 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of\n a previous vCPUs debug mask state.\n\n 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.\n This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock\n up the CPU entirely.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Processor
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34327 was patched at 2024-05-15

5493. Unknown Vulnerability Type - AMD Processor (CVE-2023-34328) - Medium [221]

Description: {'vulners_cve_data_all': '\n[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nAMD CPUs since ~2014 have extensions to normal x86 debugging functionality.\nXen supports guests using these extensions.\n\nUnfortunately there are errors in Xen's handling of the guest state, leading\nto denials of service.\n\n 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of\n a previous vCPUs debug mask state.\n\n 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.\n This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock\n up the CPU entirely.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Processor
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34328 was patched at 2024-05-15

5494. Unknown Vulnerability Type - GitLab (CVE-2023-31485) - Medium [221]

Description: {'vulners_cve_data_all': 'GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914GitLab is a DevOps software package that combines the ability to develop, secure, and operate software in a single application
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31485 was patched at 2024-05-15

5495. Unknown Vulnerability Type - Linux Kernel (CVE-2011-4915) - Medium [221]

Description: {'vulners_cve_data_all': 'fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4915 was patched at 2024-05-15

5496. Unknown Vulnerability Type - Linux Kernel (CVE-2014-9717) - Medium [221]

Description: {'vulners_cve_data_all': 'fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9717 was patched at 2024-05-15

5497. Unknown Vulnerability Type - Linux Kernel (CVE-2016-10723) - Medium [221]

Description: {'vulners_cve_data_all': 'An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurrent page fault events) when the global OOM killer is invoked. NOTE: the software maintainer has not accepted certain proposed patches, in part because of a viewpoint that "the underlying problem is non-trivial to handle.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10723 was patched at 2024-05-15

5498. Unknown Vulnerability Type - Linux Kernel (CVE-2017-16539) - Medium [221]

Description: {'vulners_cve_data_all': 'The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a "scsi remove-single-device" line to /proc/scsi/scsi, aka SCSI MICDROP.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16539 was patched at 2024-05-15

5499. Unknown Vulnerability Type - Linux Kernel (CVE-2017-18549) - Medium [221]

Description: {'vulners_cve_data_all': 'An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-18549 was patched at 2024-05-15

5500. Unknown Vulnerability Type - Linux Kernel (CVE-2017-18550) - Medium [221]

Description: {'vulners_cve_data_all': 'An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-18550 was patched at 2024-05-15

5501. Unknown Vulnerability Type - Linux Kernel (CVE-2018-12928) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12928 was patched at 2024-05-15

5502. Unknown Vulnerability Type - Linux Kernel (CVE-2018-20449) - Medium [221]

Description: {'vulners_cve_data_all': 'The hidma_chan_stats function in drivers/dma/qcom/hidma_dbg.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "callback=" lines in a debugfs file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20449 was patched at 2024-05-15

5503. Unknown Vulnerability Type - Linux Kernel (CVE-2018-20509) - Medium [221]

Description: {'vulners_cve_data_all': 'The print_binder_ref_olocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading " ref *desc *node" lines in a debugfs file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20509 was patched at 2024-05-15

5504. Unknown Vulnerability Type - Linux Kernel (CVE-2018-20510) - Medium [221]

Description: {'vulners_cve_data_all': 'The print_binder_transaction_ilocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading "*from *code *flags" lines in a debugfs file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20510 was patched at 2024-05-15

5505. Unknown Vulnerability Type - Linux Kernel (CVE-2018-7754) - Medium [221]

Description: {'vulners_cve_data_all': 'The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading "ffree: " lines in a debugfs file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7754 was patched at 2024-05-15

5506. Unknown Vulnerability Type - Linux Kernel (CVE-2020-36775) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid potential deadlock\n\nUsing f2fs_trylock_op() in f2fs_write_compressed_pages() to avoid potential\ndeadlock like we did in f2fs_write_single_data_page().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36775 was patched at 2024-05-15

5507. Unknown Vulnerability Type - Linux Kernel (CVE-2020-36776) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/cpufreq_cooling: Fix slab OOB issue\n\nSlab OOB issue is scanned by KASAN in cpu_power_to_freq().\nIf power is limited below the power of OPP0 in EM table,\nit will cause slab out-of-bound issue with negative array\nindex.\n\nReturn the lowest frequency if limited power cannot found\na suitable OPP in EM table to fix this issue.\n\nBacktrace:\n[<ffffffd02d2a37f0>] die+0x104/0x5ac\n[<ffffffd02d2a5630>] bug_handler+0x64/0xd0\n[<ffffffd02d288ce4>] brk_handler+0x160/0x258\n[<ffffffd02d281e5c>] do_debug_exception+0x248/0x3f0\n[<ffffffd02d284488>] el1_dbg+0x14/0xbc\n[<ffffffd02d75d1d4>] __kasan_report+0x1dc/0x1e0\n[<ffffffd02d75c2e0>] kasan_report+0x10/0x20\n[<ffffffd02d75def8>] __asan_report_load8_noabort+0x18/0x28\n[<ffffffd02e6fce5c>] cpufreq_power2state+0x180/0x43c\n[<ffffffd02e6ead80>] power_actor_set_power+0x114/0x1d4\n[<ffffffd02e6fac24>] allocate_power+0xaec/0xde0\n[<ffffffd02e6f9f80>] power_allocator_throttle+0x3ec/0x5a4\n[<ffffffd02e6ea888>] handle_thermal_trip+0x160/0x294\n[<ffffffd02e6edd08>] thermal_zone_device_check+0xe4/0x154\n[<ffffffd02d351cb4>] process_one_work+0x5e4/0xe28\n[<ffffffd02d352f44>] worker_thread+0xa4c/0xfac\n[<ffffffd02d360124>] kthread+0x33c/0x358\n[<ffffffd02d289940>] ret_from_fork+0xc/0x18', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36776 was patched at 2024-05-15

5508. Unknown Vulnerability Type - Linux Kernel (CVE-2021-3714) - Medium [221]

Description: {'vulners_cve_data_all': 'A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3714 was patched at 2024-05-15

debian: CVE-2021-37146 was patched at 2024-05-15

5509. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46908) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Use correct permission flag for mixed signed bounds arithmetic\n\nWe forbid adding unknown scalars with mixed signed bounds due to the\nspectre v1 masking mitigation. Hence this also needs bypass_spec_v1\nflag instead of allow_ptr_leaks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46908 was patched at 2024-05-15

5510. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46909) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nARM: footbridge: fix PCI interrupt mapping\n\nSince commit 30fdfb929e82 ("PCI: Add a call to pci_assign_irq() in\npci_device_probe()"), the PCI code will call the IRQ mapping function\nwhenever a PCI driver is probed. If these are marked as __init, this\ncauses an oops if a PCI driver is loaded or bound after the kernel has\ninitialised.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46909 was patched at 2024-05-15

5511. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46914) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nixgbe: fix unbalanced device enable/disable in suspend/resume\n\npci_disable_device() called in __ixgbe_shutdown() decreases\ndev->enable_cnt by 1. pci_enable_device_mem() which increases\ndev->enable_cnt by 1, was removed from ixgbe_resume() in commit\n6f82b2558735 ("ixgbe: use generic power management"). This caused\nunbalanced increase/decrease. So add pci_enable_device_mem() back.\n\nFix the following call trace.\n\n ixgbe 0000:17:00.1: disabling already-disabled device\n Call Trace:\n __ixgbe_shutdown+0x10a/0x1e0 [ixgbe]\n ixgbe_suspend+0x32/0x70 [ixgbe]\n pci_pm_suspend+0x87/0x160\n ? pci_pm_freeze+0xd0/0xd0\n dpm_run_callback+0x42/0x170\n __device_suspend+0x114/0x460\n async_suspend+0x1f/0xa0\n async_run_entry_fn+0x3c/0xf0\n process_one_work+0x1dd/0x410\n worker_thread+0x34/0x3f0\n ? cancel_delayed_work+0x90/0x90\n kthread+0x14c/0x170\n ? kthread_park+0x90/0x90\n ret_from_fork+0x1f/0x30', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46914 was patched at 2024-05-15

redos: CVE-2021-46914 was patched at 2024-04-18

5512. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46918) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: clear MSIX permission entry on shutdown\n\nAdd disabling/clearing of MSIX permission entries on device shutdown to\nmirror the enabling of the MSIX entries on probe. Current code left the\nMSIX enabled and the pasid entries still programmed at device shutdown.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46918 was patched at 2024-05-15

redos: CVE-2021-46918 was patched at 2024-04-18

5513. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46921) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlocking/qrwlock: Fix ordering in queued_write_lock_slowpath()\n\nWhile this code is executed with the wait_lock held, a reader can\nacquire the lock without holding wait_lock. The writer side loops\nchecking the value with the atomic_cond_read_acquire(), but only truly\nacquires the lock when the compare-and-exchange is completed\nsuccessfully which isn’t ordered. This exposes the window between the\nacquire and the cmpxchg to an A-B-A problem which allows reads\nfollowing the lock acquisition to observe values speculatively before\nthe write lock is truly acquired.\n\nWe've seen a problem in epoll where the reader does a xchg while\nholding the read lock, but the writer can see a value change out from\nunder it.\n\n Writer | Reader\n --------------------------------------------------------------------------------\n ep_scan_ready_list() |\n |- write_lock_irq() |\n |- queued_write_lock_slowpath() |\n\t|- atomic_cond_read_acquire() |\n\t\t\t\t | read_lock_irqsave(&ep->lock, flags);\n --> (observes value before unlock) | chain_epi_lockless()\n | | epi->next = xchg(&ep->ovflist, epi);\n | | read_unlock_irqrestore(&ep->lock, flags);\n | |\n | atomic_cmpxchg_relaxed() |\n |-- READ_ONCE(ep->ovflist); |\n\nA core can order the read of the ovflist ahead of the\natomic_cmpxchg_relaxed(). Switching the cmpxchg to use acquire\nsemantics addresses this issue at which point the atomic_cond_read can\nbe switched to use relaxed semantics.\n\n[peterz: use try_cmpxchg()]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46921 was patched at 2024-05-15

5514. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46922) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: trusted: Fix TPM reservation for seal/unseal\n\nThe original patch 8c657a0590de ("KEYS: trusted: Reserve TPM for seal\nand unseal operations") was correct on the mailing list:\n\nhttps://lore.kernel.org/linux-integrity/20210128235621.127925-4-jarkko@kernel.org/\n\nBut somehow got rebased so that the tpm_try_get_ops() in\ntpm2_seal_trusted() got lost. This causes an imbalanced put of the\nTPM ops and causes oopses on TIS based hardware.\n\nThis fix puts back the lost tpm_try_get_ops()', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46922 was patched at 2024-05-15

5515. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46923) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/mount_setattr: always cleanup mount_kattr\n\nMake sure that finish_mount_kattr() is called after mount_kattr was\nsuccesfully built in both the success and failure case to prevent\nleaking any references we took when we built it. We returned early if\npath lookup failed thereby risking to leak an additional reference we\ntook when building mount_kattr when an idmapped mount was requested.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46923 was patched at 2024-05-15

5516. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46926) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: intel-sdw-acpi: harden detection of controller\n\nThe existing code currently sets a pointer to an ACPI handle before\nchecking that it's actually a SoundWire controller. This can lead to\nissues where the graph walk continues and eventually fails, but the\npointer was set already.\n\nThis patch changes the logic so that the information provided to\nthe caller is set when a controller is found.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46926 was patched at 2024-05-15

5517. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46927) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnitro_enclaves: Use get_user_pages_unlocked() call to handle mmap assert\n\nAfter commit 5b78ed24e8ec ("mm/pagemap: add mmap_assert_locked()\nannotations to find_vma*()"), the call to get_user_pages() will trigger\nthe mmap assert.\n\nstatic inline void mmap_assert_locked(struct mm_struct *mm)\n{\n\tlockdep_assert_held(&mm->mmap_lock);\n\tVM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm);\n}\n\n[ 62.521410] kernel BUG at include/linux/mmap_lock.h:156!\n...........................................................\n[ 62.538938] RIP: 0010:find_vma+0x32/0x80\n...........................................................\n[ 62.605889] Call Trace:\n[ 62.608502] <TASK>\n[ 62.610956] ? lock_timer_base+0x61/0x80\n[ 62.614106] find_extend_vma+0x19/0x80\n[ 62.617195] __get_user_pages+0x9b/0x6a0\n[ 62.620356] __gup_longterm_locked+0x42d/0x450\n[ 62.623721] ? finish_wait+0x41/0x80\n[ 62.626748] ? __kmalloc+0x178/0x2f0\n[ 62.629768] ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves]\n[ 62.635776] ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves]\n[ 62.639541] __x64_sys_ioctl+0x82/0xb0\n[ 62.642620] do_syscall_64+0x3b/0x90\n[ 62.645642] entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nUse get_user_pages_unlocked() when setting the enclave memory regions.\nThat's a similar pattern as mmap_read_lock() used together with\nget_user_pages().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46927 was patched at 2024-05-15

5518. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46928) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Clear stale IIR value on instruction access rights trap\n\nWhen a trap 7 (Instruction access rights) occurs, this means the CPU\ncouldn't execute an instruction due to missing execute permissions on\nthe memory region. In this case it seems the CPU didn't even fetched\nthe instruction from memory and thus did not store it in the cr19 (IIR)\nregister before calling the trap handler. So, the trap handler will find\nsome random old stale value in cr19.\n\nThis patch simply overwrites the stale IIR value with a constant magic\n"bad food" value (0xbaadf00d), in the hope people don't start to try to\nunderstand the various random IIR values in trap 7 dumps.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46928 was patched at 2024-05-15

5519. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46931) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Wrap the tx reporter dump callback to extract the sq\n\nFunction mlx5e_tx_reporter_dump_sq() casts its void * argument to struct\nmlx5e_txqsq *, but in TX-timeout-recovery flow the argument is actually\nof type struct mlx5e_tx_timeout_ctx *.\n\n mlx5_core 0000:08:00.1 enp8s0f1: TX timeout detected\n mlx5_core 0000:08:00.1 enp8s0f1: TX timeout on queue: 1, SQ: 0x11ec, CQ: 0x146d, SQ Cons: 0x0 SQ Prod: 0x1, usecs since last trans: 21565000\n BUG: stack guard page was hit at 0000000093f1a2de (stack is 00000000b66ea0dc..000000004d932dae)\n kernel stack overflow (page fault): 0000 [#1] SMP NOPTI\n CPU: 5 PID: 95 Comm: kworker/u20:1 Tainted: G W OE 5.13.0_mlnx #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Workqueue: mlx5e mlx5e_tx_timeout_work [mlx5_core]\n RIP: 0010:mlx5e_tx_reporter_dump_sq+0xd3/0x180\n [mlx5_core]\n Call Trace:\n mlx5e_tx_reporter_dump+0x43/0x1c0 [mlx5_core]\n devlink_health_do_dump.part.91+0x71/0xd0\n devlink_health_report+0x157/0x1b0\n mlx5e_reporter_tx_timeout+0xb9/0xf0 [mlx5_core]\n ? mlx5e_tx_reporter_err_cqe_recover+0x1d0/0x1d0\n [mlx5_core]\n ? mlx5e_health_queue_dump+0xd0/0xd0 [mlx5_core]\n ? update_load_avg+0x19b/0x550\n ? set_next_entity+0x72/0x80\n ? pick_next_task_fair+0x227/0x340\n ? finish_task_switch+0xa2/0x280\n mlx5e_tx_timeout_work+0x83/0xb0 [mlx5_core]\n process_one_work+0x1de/0x3a0\n worker_thread+0x2d/0x3c0\n ? process_one_work+0x3a0/0x3a0\n kthread+0x115/0x130\n ? kthread_park+0x90/0x90\n ret_from_fork+0x1f/0x30\n --[ end trace 51ccabea504edaff ]---\n RIP: 0010:mlx5e_tx_reporter_dump_sq+0xd3/0x180\n PKRU: 55555554\n Kernel panic - not syncing: Fatal exception\n Kernel Offset: disabled\n end Kernel panic - not syncing: Fatal exception\n\nTo fix this bug add a wrapper for mlx5e_tx_reporter_dump_sq() which\nextracts the sq from struct mlx5e_tx_timeout_ctx and set it as the\nTX-timeout-recovery flow dump callback.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46931 was patched at 2024-05-15

5520. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46932) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: appletouch - initialize work before device registration\n\nSyzbot has reported warning in __flush_work(). This warning is caused by\nwork->func == NULL, which means missing work initialization.\n\nThis may happen, since input_dev->close() calls\ncancel_work_sync(&dev->work), but dev->work initalization happens _after_\ninput_register_device() call.\n\nSo this patch moves dev->work initialization before registering input\ndevice', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46932 was patched at 2024-05-15

5521. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46935) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix async_free_space accounting for empty parcels\n\nIn 4.13, commit 74310e06be4d ("android: binder: Move buffer out of area shared with user space")\nfixed a kernel structure visibility issue. As part of that patch,\nsizeof(void *) was used as the buffer size for 0-length data payloads so\nthe driver could detect abusive clients sending 0-length asynchronous\ntransactions to a server by enforcing limits on async_free_size.\n\nUnfortunately, on the "free" side, the accounting of async_free_space\ndid not add the sizeof(void *) back. The result was that up to 8-bytes of\nasync_free_space were leaked on every async transaction of 8-bytes or\nless. These small transactions are uncommon, so this accounting issue\nhas gone undetected for several years.\n\nThe fix is to use "buffer_size" (the allocated buffer size) instead of\n"size" (the logical buffer size) when updating the async_free_space\nduring the free operation. These are the same except for this\ncorner case of asynchronous transactions with payloads < 8 bytes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46935 was patched at 2024-05-15

5522. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46937) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()'\n\nDAMON debugfs interface increases the reference counts of 'struct pid's\nfor targets from the 'target_ids' file write callback\n('dbgfs_target_ids_write()'), but decreases the counts only in DAMON\nmonitoring termination callback ('dbgfs_before_terminate()').\n\nTherefore, when 'target_ids' file is repeatedly written without DAMON\nmonitoring start/termination, the reference count is not decreased and\ntherefore memory for the 'struct pid' cannot be freed. This commit\nfixes this issue by decreasing the reference counts when 'target_ids' is\nwritten.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46937 was patched at 2024-05-15

5523. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46939) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Restructure trace_clock_global() to never block\n\nIt was reported that a fix to the ring buffer recursion detection would\ncause a hung machine when performing suspend / resume testing. The\nfollowing backtrace was extracted from debugging that case:\n\nCall Trace:\n trace_clock_global+0x91/0xa0\n __rb_reserve_next+0x237/0x460\n ring_buffer_lock_reserve+0x12a/0x3f0\n trace_buffer_lock_reserve+0x10/0x50\n __trace_graph_return+0x1f/0x80\n trace_graph_return+0xb7/0xf0\n ? trace_clock_global+0x91/0xa0\n ftrace_return_to_handler+0x8b/0xf0\n ? pv_hash+0xa0/0xa0\n return_to_handler+0x15/0x30\n ? ftrace_graph_caller+0xa0/0xa0\n ? trace_clock_global+0x91/0xa0\n ? __rb_reserve_next+0x237/0x460\n ? ring_buffer_lock_reserve+0x12a/0x3f0\n ? trace_event_buffer_lock_reserve+0x3c/0x120\n ? trace_event_buffer_reserve+0x6b/0xc0\n ? trace_event_raw_event_device_pm_callback_start+0x125/0x2d0\n ? dpm_run_callback+0x3b/0xc0\n ? pm_ops_is_empty+0x50/0x50\n ? platform_get_irq_byname_optional+0x90/0x90\n ? trace_device_pm_callback_start+0x82/0xd0\n ? dpm_run_callback+0x49/0xc0\n\nWith the following RIP:\n\nRIP: 0010:native_queued_spin_lock_slowpath+0x69/0x200\n\nSince the fix to the recursion detection would allow a single recursion to\nhappen while tracing, this lead to the trace_clock_global() taking a spin\nlock and then trying to take it again:\n\nring_buffer_lock_reserve() {\n trace_clock_global() {\n arch_spin_lock() {\n queued_spin_lock_slowpath() {\n /* lock taken */\n (something else gets traced by function graph tracer)\n ring_buffer_lock_reserve() {\n trace_clock_global() {\n arch_spin_lock() {\n queued_spin_lock_slowpath() {\n /* DEAD LOCK! */\n\nTracing should *never* block, as it can lead to strange lockups like the\nabove.\n\nRestructure the trace_clock_global() code to instead of simply taking a\nlock to update the recorded "prev_time" simply use it, as two events\nhappening on two different CPUs that calls this at the same time, really\ndoesn't matter which one goes first. Use a trylock to grab the lock for\nupdating the prev_time, and if it fails, simply try again the next time.\nIf it failed to be taken, that means something else is already updating\nit.\n\n\nBugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=212761', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46939 was patched at 2024-05-15

ubuntu: CVE-2021-46939 was patched at 2024-05-16

5524. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46940) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntools/power turbostat: Fix offset overflow issue in index converting\n\nThe idx_to_offset() function returns type int (32-bit signed), but\nMSR_PKG_ENERGY_STAT is u32 and would be interpreted as a negative number.\nThe end result is that it hits the if (offset < 0) check in update_msr_sum()\nwhich prevents the timer callback from updating the stat in the background when\nlong durations are used. The similar issue exists in offset_to_idx() and\nupdate_msr_sum(). Fix this issue by converting the 'int' to 'off_t' accordingly.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46940 was patched at 2024-05-15

5525. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46941) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: core: Do core softreset when switch mode\n\n\nAccording to the programming guide, to switch mode for DRD controller,\nthe driver needs to do the following.\n\nTo switch from device to host:\n1. Reset controller with GCTL.CoreSoftReset\n2. Set GCTL.PrtCapDir(host mode)\n3. Reset the host with USBCMD.HCRESET\n4. Then follow up with the initializing host registers sequence\n\nTo switch from host to device:\n1. Reset controller with GCTL.CoreSoftReset\n2. Set GCTL.PrtCapDir(device mode)\n3. Reset the device with DCTL.CSftRst\n4. Then follow up with the initializing registers sequence\n\nCurrently we're missing step 1) to do GCTL.CoreSoftReset and step 3) of\nswitching from host to device. John Stult reported a lockup issue seen\nwith HiKey960 platform without these steps[1]. Similar issue is observed\nwith Ferry's testing platform[2].\n\nSo, apply the required steps along with some fixes to Yu Chen's and John\nStultz's version. The main fixes to their versions are the missing wait\nfor clocks synchronization before clearing GCTL.CoreSoftReset and only\napply DCTL.CSftRst when switching from host to device.\n\n[1] https://lore.kernel.org/linux-usb/20210108015115.27920-1-john.stultz@linaro.org/\n[2] https://lore.kernel.org/linux-usb/0ba7a6ba-e6a7-9cd4-0695-64fc927e01f1@gmail.com/', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46941 was patched at 2024-05-15

5526. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46948) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: farch: fix TX queue lookup in TX event handling\n\nWe're starting from a TXQ label, not a TXQ type, so\n efx_channel_get_tx_queue() is inappropriate (and could return NULL,\n leading to panics).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46948 was patched at 2024-05-15

5527. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46949) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: farch: fix TX queue lookup in TX flush done handling\n\nWe're starting from a TXQ instance number ('qid'), not a TXQ type, so\n efx_get_tx_queue() is inappropriate (and could return NULL, leading\n to panics).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46949 was patched at 2024-05-15

5528. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46951) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntpm: efi: Use local variable for calculating final log size\n\nWhen tpm_read_log_efi is called multiple times, which happens when\none loads and unloads a TPM2 driver multiple times, then the global\nvariable efi_tpm_final_log_size will at some point become a negative\nnumber due to the subtraction of final_events_preboot_size occurring\neach time. Use a local variable to avoid this integer underflow.\n\nThe following issue is now resolved:\n\nMar 8 15:35:12 hibinst kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\nMar 8 15:35:12 hibinst kernel: Workqueue: tpm-vtpm vtpm_proxy_work [tpm_vtpm_proxy]\nMar 8 15:35:12 hibinst kernel: RIP: 0010:__memcpy+0x12/0x20\nMar 8 15:35:12 hibinst kernel: Code: 00 b8 01 00 00 00 85 d2 74 0a c7 05 44 7b ef 00 0f 00 00 00 c3 cc cc cc 66 66 90 66 90 48 89 f8 48 89 d1 48 c1 e9 03 83 e2 07 <f3> 48 a5 89 d1 f3 a4 c3 66 0f 1f 44 00 00 48 89 f8 48 89 d1 f3 a4\nMar 8 15:35:12 hibinst kernel: RSP: 0018:ffff9ac4c0fcfde0 EFLAGS: 00010206\nMar 8 15:35:12 hibinst kernel: RAX: ffff88f878cefed5 RBX: ffff88f878ce9000 RCX: 1ffffffffffffe0f\nMar 8 15:35:12 hibinst kernel: RDX: 0000000000000003 RSI: ffff9ac4c003bff9 RDI: ffff88f878cf0e4d\nMar 8 15:35:12 hibinst kernel: RBP: ffff9ac4c003b000 R08: 0000000000001000 R09: 000000007e9d6073\nMar 8 15:35:12 hibinst kernel: R10: ffff9ac4c003b000 R11: ffff88f879ad3500 R12: 0000000000000ed5\nMar 8 15:35:12 hibinst kernel: R13: ffff88f878ce9760 R14: 0000000000000002 R15: ffff88f77de7f018\nMar 8 15:35:12 hibinst kernel: FS: 0000000000000000(0000) GS:ffff88f87bd00000(0000) knlGS:0000000000000000\nMar 8 15:35:12 hibinst kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nMar 8 15:35:12 hibinst kernel: CR2: ffff9ac4c003c000 CR3: 00000001785a6004 CR4: 0000000000060ee0\nMar 8 15:35:12 hibinst kernel: Call Trace:\nMar 8 15:35:12 hibinst kernel: tpm_read_log_efi+0x152/0x1a7\nMar 8 15:35:12 hibinst kernel: tpm_bios_log_setup+0xc8/0x1c0\nMar 8 15:35:12 hibinst kernel: tpm_chip_register+0x8f/0x260\nMar 8 15:35:12 hibinst kernel: vtpm_proxy_work+0x16/0x60 [tpm_vtpm_proxy]\nMar 8 15:35:12 hibinst kernel: process_one_work+0x1b4/0x370\nMar 8 15:35:12 hibinst kernel: worker_thread+0x53/0x3e0\nMar 8 15:35:12 hibinst kernel: ? process_one_work+0x370/0x370', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46951 was patched at 2024-05-15

5529. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47164) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix null deref accessing lag dev\n\nIt could be the lag dev is null so stop processing the event.\nIn bond_enslave() the active/backup slave being set before setting the\nupper dev so first event is without an upper dev.\nAfter setting the upper dev with bond_master_upper_dev_link() there is\na second event and in that event we have an upper dev.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47164 was patched at 2024-05-15

5530. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47179) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()\n\nCommit de144ff4234f changes _pnfs_return_layout() to call\npnfs_mark_matching_lsegs_return() passing NULL as the struct\npnfs_layout_range argument. Unfortunately,\npnfs_mark_matching_lsegs_return() doesn't check if we have a value here\nbefore dereferencing it, causing an oops.\n\nI'm able to hit this crash consistently when running connectathon basic\ntests on NFS v4.1/v4.2 against Ontap.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47179 was patched at 2024-05-15

5531. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48654) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()\n\nnf_osf_find() incorrectly returns true on mismatch, this leads to\ncopying uninitialized memory area in nft_osf which can be used to leak\nstale kernel stack data to userspace.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48654 was patched at 2024-05-15

5532. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48656) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get()\n\nWe should call of_node_put() for the reference returned by\nof_parse_phandle() in fail path or when it is not used anymore.\nHere we only need to move the of_node_put() before the check.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48656 was patched at 2024-05-15

5533. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48659) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: fix to return errno if kmalloc() fails\n\nIn create_unique_id(), kmalloc(, GFP_KERNEL) can fail due to\nout-of-memory, if it fails, return errno correctly rather than\ntriggering panic via BUG_ON();\n\nkernel BUG at mm/slub.c:5893!\nInternal error: Oops - BUG: 0 [#1] PREEMPT SMP\n\nCall trace:\n sysfs_slab_add+0x258/0x260 mm/slub.c:5973\n __kmem_cache_create+0x60/0x118 mm/slub.c:4899\n create_cache mm/slab_common.c:229 [inline]\n kmem_cache_create_usercopy+0x19c/0x31c mm/slab_common.c:335\n kmem_cache_create+0x1c/0x28 mm/slab_common.c:390\n f2fs_kmem_cache_create fs/f2fs/f2fs.h:2766 [inline]\n f2fs_init_xattr_caches+0x78/0xb4 fs/f2fs/xattr.c:808\n f2fs_fill_super+0x1050/0x1e0c fs/f2fs/super.c:4149\n mount_bdev+0x1b8/0x210 fs/super.c:1400\n f2fs_mount+0x44/0x58 fs/f2fs/super.c:4512\n legacy_get_tree+0x30/0x74 fs/fs_context.c:610\n vfs_get_tree+0x40/0x140 fs/super.c:1530\n do_new_mount+0x1dc/0x4e4 fs/namespace.c:3040\n path_mount+0x358/0x914 fs/namespace.c:3370\n do_mount fs/namespace.c:3383 [inline]\n __do_sys_mount fs/namespace.c:3591 [inline]\n __se_sys_mount fs/namespace.c:3568 [inline]\n __arm64_sys_mount+0x2f8/0x408 fs/namespace.c:3568', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48659 was patched at 2024-05-15

5534. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48660) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: cdev: Set lineevent_state::irq after IRQ register successfully\n\nWhen running gpio test on nxp-ls1028 platform with below command\ngpiomon --num-events=3 --rising-edge gpiochip1 25\nThere will be a warning trace as below:\nCall trace:\nfree_irq+0x204/0x360\nlineevent_free+0x64/0x70\ngpio_ioctl+0x598/0x6a0\n__arm64_sys_ioctl+0xb4/0x100\ninvoke_syscall+0x5c/0x130\n......\nel0t_64_sync+0x1a0/0x1a4\nThe reason of this issue is that calling request_threaded_irq()\nfunction failed, and then lineevent_free() is invoked to release\nthe resource. Since the lineevent_state::irq was already set, so\nthe subsequent invocation of free_irq() would trigger the above\nwarning call trace. To fix this issue, set the lineevent_state::irq\nafter the IRQ register successfully.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48660 was patched at 2024-05-15

5535. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48661) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: mockup: Fix potential resource leakage when register a chip\n\nIf creation of software node fails, the locally allocated string\narray is left unfreed. Free it on error path.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48661 was patched at 2024-05-15

5536. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48671) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup: Add missing cpus_read_lock() to cgroup_attach_task_all()\n\nsyzbot is hitting percpu_rwsem_assert_held(&cpu_hotplug_lock) warning at\ncpuset_attach() [1], for commit 4f7e7236435ca0ab ("cgroup: Fix\nthreadgroup_rwsem <-> cpus_read_lock() deadlock") missed that\ncpuset_attach() is also called from cgroup_attach_task_all().\nAdd cpus_read_lock() like what cgroup_procs_write_start() does.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48671 was patched at 2024-05-15

5537. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48673) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: Fix possible access to freed memory in link clear\n\nAfter modifying the QP to the Error state, all RX WR would be completed\nwith WC in IB_WC_WR_FLUSH_ERR status. Current implementation does not\nwait for it is done, but destroy the QP and free the link group directly.\nSo there is a risk that accessing the freed memory in tasklet context.\n\nHere is a crash example:\n\n BUG: unable to handle page fault for address: ffffffff8f220860\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD f7300e067 P4D f7300e067 PUD f7300f063 PMD 8c4e45063 PTE 800ffff08c9df060\n Oops: 0002 [#1] SMP PTI\n CPU: 1 PID: 0 Comm: swapper/1 Kdump: loaded Tainted: G S OE 5.10.0-0607+ #23\n Hardware name: Inspur NF5280M4/YZMB-00689-101, BIOS 4.1.20 07/09/2018\n RIP: 0010:native_queued_spin_lock_slowpath+0x176/0x1b0\n Code: f3 90 48 8b 32 48 85 f6 74 f6 eb d5 c1 ee 12 83 e0 03 83 ee 01 48 c1 e0 05 48 63 f6 48 05 00 c8 02 00 48 03 04 f5 00 09 98 8e <48> 89 10 8b 42 08 85 c0 75 09 f3 90 8b 42 08 85 c0 74 f7 48 8b 32\n RSP: 0018:ffffb3b6c001ebd8 EFLAGS: 00010086\n RAX: ffffffff8f220860 RBX: 0000000000000246 RCX: 0000000000080000\n RDX: ffff91db1f86c800 RSI: 000000000000173c RDI: ffff91db62bace00\n RBP: ffff91db62bacc00 R08: 0000000000000000 R09: c00000010000028b\n R10: 0000000000055198 R11: ffffb3b6c001ea58 R12: ffff91db80e05010\n R13: 000000000000000a R14: 0000000000000006 R15: 0000000000000040\n FS: 0000000000000000(0000) GS:ffff91db1f840000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffffffff8f220860 CR3: 00000001f9580004 CR4: 00000000003706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n <IRQ>\n _raw_spin_lock_irqsave+0x30/0x40\n mlx5_ib_poll_cq+0x4c/0xc50 [mlx5_ib]\n smc_wr_rx_tasklet_fn+0x56/0xa0 [smc]\n tasklet_action_common.isra.21+0x66/0x100\n __do_softirq+0xd5/0x29c\n asm_call_irq_on_stack+0x12/0x20\n </IRQ>\n do_softirq_own_stack+0x37/0x40\n irq_exit_rcu+0x9d/0xa0\n sysvec_call_function_single+0x34/0x80\n asm_sysvec_call_function_single+0x12/0x20', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48673 was patched at 2024-05-15

5538. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48675) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nIB/core: Fix a nested dead lock as part of ODP flow\n\nFix a nested dead lock as part of ODP flow by using mmput_async().\n\nFrom the below call trace [1] can see that calling mmput() once we have\nthe umem_odp->umem_mutex locked as required by\nib_umem_odp_map_dma_and_lock() might trigger in the same task the\nexit_mmap()->__mmu_notifier_release()->mlx5_ib_invalidate_range() which\nmay dead lock when trying to lock the same mutex.\n\nMoving to use mmput_async() will solve the problem as the above\nexit_mmap() flow will be called in other task and will be executed once\nthe lock will be available.\n\n[1]\n[64843.077665] task:kworker/u133:2 state:D stack: 0 pid:80906 ppid:\n2 flags:0x00004000\n[64843.077672] Workqueue: mlx5_ib_page_fault mlx5_ib_eqe_pf_action [mlx5_ib]\n[64843.077719] Call Trace:\n[64843.077722] <TASK>\n[64843.077724] __schedule+0x23d/0x590\n[64843.077729] schedule+0x4e/0xb0\n[64843.077735] schedule_preempt_disabled+0xe/0x10\n[64843.077740] __mutex_lock.constprop.0+0x263/0x490\n[64843.077747] __mutex_lock_slowpath+0x13/0x20\n[64843.077752] mutex_lock+0x34/0x40\n[64843.077758] mlx5_ib_invalidate_range+0x48/0x270 [mlx5_ib]\n[64843.077808] __mmu_notifier_release+0x1a4/0x200\n[64843.077816] exit_mmap+0x1bc/0x200\n[64843.077822] ? walk_page_range+0x9c/0x120\n[64843.077828] ? __cond_resched+0x1a/0x50\n[64843.077833] ? mutex_lock+0x13/0x40\n[64843.077839] ? uprobe_clear_state+0xac/0x120\n[64843.077860] mmput+0x5f/0x140\n[64843.077867] ib_umem_odp_map_dma_and_lock+0x21b/0x580 [ib_core]\n[64843.077931] pagefault_real_mr+0x9a/0x140 [mlx5_ib]\n[64843.077962] pagefault_mr+0xb4/0x550 [mlx5_ib]\n[64843.077992] pagefault_single_data_segment.constprop.0+0x2ac/0x560\n[mlx5_ib]\n[64843.078022] mlx5_ib_eqe_pf_action+0x528/0x780 [mlx5_ib]\n[64843.078051] process_one_work+0x22b/0x3d0\n[64843.078059] worker_thread+0x53/0x410\n[64843.078065] ? process_one_work+0x3d0/0x3d0\n[64843.078073] kthread+0x12a/0x150\n[64843.078079] ? set_kthread_struct+0x50/0x50\n[64843.078085] ret_from_fork+0x22/0x30\n[64843.078093] </TASK>', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48675 was patched at 2024-05-15

5539. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48688) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix kernel crash during module removal\n\nThe driver incorrectly frees client instance and subsequent\ni40e module removal leads to kernel crash.\n\nReproducer:\n1. Do ethtool offline test followed immediately by another one\nhost# ethtool -t eth0 offline; ethtool -t eth0 offline\n2. Remove recursively irdma module that also removes i40e module\nhost# modprobe -r irdma\n\nResult:\n[ 8675.035651] i40e 0000:3d:00.0 eno1: offline testing starting\n[ 8675.193774] i40e 0000:3d:00.0 eno1: testing finished\n[ 8675.201316] i40e 0000:3d:00.0 eno1: offline testing starting\n[ 8675.358921] i40e 0000:3d:00.0 eno1: testing finished\n[ 8675.496921] i40e 0000:3d:00.0: IRDMA hardware initialization FAILED init_state=2 status=-110\n[ 8686.188955] i40e 0000:3d:00.1: i40e_ptp_stop: removed PHC on eno2\n[ 8686.943890] i40e 0000:3d:00.1: Deleted LAN device PF1 bus=0x3d dev=0x00 func=0x01\n[ 8686.952669] i40e 0000:3d:00.0: i40e_ptp_stop: removed PHC on eno1\n[ 8687.761787] BUG: kernel NULL pointer dereference, address: 0000000000000030\n[ 8687.768755] #PF: supervisor read access in kernel mode\n[ 8687.773895] #PF: error_code(0x0000) - not-present page\n[ 8687.779034] PGD 0 P4D 0\n[ 8687.781575] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ 8687.785935] CPU: 51 PID: 172891 Comm: rmmod Kdump: loaded Tainted: G W I 5.19.0+ #2\n[ 8687.794800] Hardware name: Intel Corporation S2600WFD/S2600WFD, BIOS SE5C620.86B.0X.02.0001.051420190324 05/14/2019\n[ 8687.805222] RIP: 0010:i40e_lan_del_device+0x13/0xb0 [i40e]\n[ 8687.810719] Code: d4 84 c0 0f 84 b8 25 01 00 e9 9c 25 01 00 41 bc f4 ff ff ff eb 91 90 0f 1f 44 00 00 41 54 55 53 48 8b 87 58 08 00 00 48 89 fb <48> 8b 68 30 48 89 ef e8 21 8a 0f d5 48 89 ef e8 a9 78 0f d5 48 8b\n[ 8687.829462] RSP: 0018:ffffa604072efce0 EFLAGS: 00010202\n[ 8687.834689] RAX: 0000000000000000 RBX: ffff8f43833b2000 RCX: 0000000000000000\n[ 8687.841821] RDX: 0000000000000000 RSI: ffff8f4b0545b298 RDI: ffff8f43833b2000\n[ 8687.848955] RBP: ffff8f43833b2000 R08: 0000000000000001 R09: 0000000000000000\n[ 8687.856086] R10: 0000000000000000 R11: 000ffffffffff000 R12: ffff8f43833b2ef0\n[ 8687.863218] R13: ffff8f43833b2ef0 R14: ffff915103966000 R15: ffff8f43833b2008\n[ 8687.870342] FS: 00007f79501c3740(0000) GS:ffff8f4adffc0000(0000) knlGS:0000000000000000\n[ 8687.878427] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 8687.884174] CR2: 0000000000000030 CR3: 000000014276e004 CR4: 00000000007706e0\n[ 8687.891306] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 8687.898441] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 8687.905572] PKRU: 55555554\n[ 8687.908286] Call Trace:\n[ 8687.910737] <TASK>\n[ 8687.912843] i40e_remove+0x2c0/0x330 [i40e]\n[ 8687.917040] pci_device_remove+0x33/0xa0\n[ 8687.920962] device_release_driver_internal+0x1aa/0x230\n[ 8687.926188] driver_detach+0x44/0x90\n[ 8687.929770] bus_remove_driver+0x55/0xe0\n[ 8687.933693] pci_unregister_driver+0x2a/0xb0\n[ 8687.937967] i40e_exit_module+0xc/0xf48 [i40e]\n\nTwo offline tests cause IRDMA driver failure (ETIMEDOUT) and this\nfailure is indicated back to i40e_client_subtask() that calls\ni40e_client_del_instance() to free client instance referenced\nby pf->cinst and sets this pointer to NULL. During the module\nremoval i40e_remove() calls i40e_lan_del_device() that dereferences\npf->cinst that is NULL -> crash.\nDo not remove client instance when client open callbacks fails and\njust clear __I40E_CLIENT_INSTANCE_OPENED bit. The driver also needs\nto take care about this situation (when netdev is up and client\nis NOT opened) in i40e_notify_client_of_netdev_close() and\ncalls client close callback only when __I40E_CLIENT_INSTANCE_OPENED\nis set.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48688 was patched at 2024-05-15

5540. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48692) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srp: Set scmnd->result only when scmnd is not NULL\n\nThis change fixes the following kernel NULL pointer dereference\nwhich is reproduced by blktests srp/007 occasionally.\n\nBUG: kernel NULL pointer dereference, address: 0000000000000170\nPGD 0 P4D 0\nOops: 0002 [#1] PREEMPT SMP NOPTI\nCPU: 0 PID: 9 Comm: kworker/0:1H Kdump: loaded Not tainted 6.0.0-rc1+ #37\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.15.0-29-g6a62e0cb0dfe-prebuilt.qemu.org 04/01/2014\nWorkqueue: 0x0 (kblockd)\nRIP: 0010:srp_recv_done+0x176/0x500 [ib_srp]\nCode: 00 4d 85 ff 0f 84 52 02 00 00 48 c7 82 80 02 00 00 00 00 00 00 4c 89 df 4c 89 14 24 e8 53 d3 4a f6 4c 8b 14 24 41 0f b6 42 13 <41> 89 87 70 01 00 00 41 0f b6 52 12 f6 c2 02 74 44 41 8b 42 1c b9\nRSP: 0018:ffffaef7c0003e28 EFLAGS: 00000282\nRAX: 0000000000000000 RBX: ffff9bc9486dea60 RCX: 0000000000000000\nRDX: 0000000000000102 RSI: ffffffffb76bbd0e RDI: 00000000ffffffff\nRBP: ffff9bc980099a00 R08: 0000000000000001 R09: 0000000000000001\nR10: ffff9bca53ef0000 R11: ffff9bc980099a10 R12: ffff9bc956e14000\nR13: ffff9bc9836b9cb0 R14: ffff9bc9557b4480 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff9bc97ec00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000170 CR3: 0000000007e04000 CR4: 00000000000006f0\nCall Trace:\n <IRQ>\n __ib_process_cq+0xb7/0x280 [ib_core]\n ib_poll_handler+0x2b/0x130 [ib_core]\n irq_poll_softirq+0x93/0x150\n __do_softirq+0xee/0x4b8\n irq_exit_rcu+0xf7/0x130\n sysvec_apic_timer_interrupt+0x8e/0xc0\n </IRQ>', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48692 was patched at 2024-05-15

5541. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48693) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsoc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs\n\nIn brcmstb_pm_probe(), there are two kinds of leak bugs:\n\n(1) we need to add of_node_put() when for_each__matching_node() breaks\n(2) we need to add iounmap() for each iomap in fail path', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48693 was patched at 2024-05-15

5542. Unknown Vulnerability Type - Linux Kernel (CVE-2023-22996) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22996 was patched at 2024-05-15

5543. Unknown Vulnerability Type - Linux Kernel (CVE-2023-23006) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-23006 was patched at 2024-05-15

5544. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26605) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI/ASPM: Fix deadlock when enabling ASPM\n\nA last minute revert in 6.7-final introduced a potential deadlock when\nenabling ASPM during probe of Qualcomm PCIe controllers as reported by\nlockdep:\n\n ============================================\n WARNING: possible recursive locking detected\n 6.7.0 #40 Not tainted\n --------------------------------------------\n kworker/u16:5/90 is trying to acquire lock:\n ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc\n\n but task is already holding lock:\n ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc\n\n other info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(pci_bus_sem);\n lock(pci_bus_sem);\n\n *** DEADLOCK ***\n\n Call trace:\n print_deadlock_bug+0x25c/0x348\n __lock_acquire+0x10a4/0x2064\n lock_acquire+0x1e8/0x318\n down_read+0x60/0x184\n pcie_aspm_pm_state_change+0x58/0xdc\n pci_set_full_power_state+0xa8/0x114\n pci_set_power_state+0xc4/0x120\n qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom]\n pci_walk_bus+0x64/0xbc\n qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom]\n\nThe deadlock can easily be reproduced on machines like the Lenovo ThinkPad\nX13s by adding a delay to increase the race window during asynchronous\nprobe where another thread can take a write lock.\n\nAdd a new pci_set_power_state_locked() and associated helper functions that\ncan be called with the PCI bus semaphore held to avoid taking the read lock\ntwice.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26605 was patched at 2024-05-06, 2024-05-15

5545. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26881) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when 1588 is received on HIP08 devices\n\nThe HIP08 devices does not register the ptp devices, so the\nhdev->ptp is NULL, but the hardware can receive 1588 messages,\nand set the HNS3_RXD_TS_VLD_B bit, so, if match this case, the\naccess of hdev->ptp->flags will cause a kernel crash:\n\n[ 5888.946472] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018\n[ 5888.946475] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018\n...\n[ 5889.266118] pc : hclge_ptp_get_rx_hwts+0x40/0x170 [hclge]\n[ 5889.272612] lr : hclge_ptp_get_rx_hwts+0x34/0x170 [hclge]\n[ 5889.279101] sp : ffff800012c3bc50\n[ 5889.283516] x29: ffff800012c3bc50 x28: ffff2040002be040\n[ 5889.289927] x27: ffff800009116484 x26: 0000000080007500\n[ 5889.296333] x25: 0000000000000000 x24: ffff204001c6f000\n[ 5889.302738] x23: ffff204144f53c00 x22: 0000000000000000\n[ 5889.309134] x21: 0000000000000000 x20: ffff204004220080\n[ 5889.315520] x19: ffff204144f53c00 x18: 0000000000000000\n[ 5889.321897] x17: 0000000000000000 x16: 0000000000000000\n[ 5889.328263] x15: 0000004000140ec8 x14: 0000000000000000\n[ 5889.334617] x13: 0000000000000000 x12: 00000000010011df\n[ 5889.340965] x11: bbfeff4d22000000 x10: 0000000000000000\n[ 5889.347303] x9 : ffff800009402124 x8 : 0200f78811dfbb4d\n[ 5889.353637] x7 : 2200000000191b01 x6 : ffff208002a7d480\n[ 5889.359959] x5 : 0000000000000000 x4 : 0000000000000000\n[ 5889.366271] x3 : 0000000000000000 x2 : 0000000000000000\n[ 5889.372567] x1 : 0000000000000000 x0 : ffff20400095c080\n[ 5889.378857] Call trace:\n[ 5889.382285] hclge_ptp_get_rx_hwts+0x40/0x170 [hclge]\n[ 5889.388304] hns3_handle_bdinfo+0x324/0x410 [hns3]\n[ 5889.394055] hns3_handle_rx_bd+0x60/0x150 [hns3]\n[ 5889.399624] hns3_clean_rx_ring+0x84/0x170 [hns3]\n[ 5889.405270] hns3_nic_common_poll+0xa8/0x220 [hns3]\n[ 5889.411084] napi_poll+0xcc/0x264\n[ 5889.415329] net_rx_action+0xd4/0x21c\n[ 5889.419911] __do_softirq+0x130/0x358\n[ 5889.424484] irq_exit+0x134/0x154\n[ 5889.428700] __handle_domain_irq+0x88/0xf0\n[ 5889.433684] gic_handle_irq+0x78/0x2c0\n[ 5889.438319] el1_irq+0xb8/0x140\n[ 5889.442354] arch_cpu_idle+0x18/0x40\n[ 5889.446816] default_idle_call+0x5c/0x1c0\n[ 5889.451714] cpuidle_idle_call+0x174/0x1b0\n[ 5889.456692] do_idle+0xc8/0x160\n[ 5889.460717] cpu_startup_entry+0x30/0xfc\n[ 5889.465523] secondary_start_kernel+0x158/0x1ec\n[ 5889.470936] Code: 97ffab78 f9411c14 91408294 f9457284 (f9400c80)\n[ 5889.477950] SMP: stopping secondary CPUs\n[ 5890.514626] SMP: failed to stop secondary CPUs 0-69,71-95\n[ 5890.522951] Starting crashdump kernel...', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26881 was patched at 2024-05-15

ubuntu: CVE-2024-26881 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5546. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26900) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix kmemleak of rdev->serial\n\nIf kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be\nalloc not be freed, and kmemleak occurs.\n\nunreferenced object 0xffff88815a350000 (size 49152):\n comm "mdadm", pid 789, jiffies 4294716910\n hex dump (first 32 bytes):\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc f773277a):\n [<0000000058b0a453>] kmemleak_alloc+0x61/0xe0\n [<00000000366adf14>] __kmalloc_large_node+0x15e/0x270\n [<000000002e82961b>] __kmalloc_node.cold+0x11/0x7f\n [<00000000f206d60a>] kvmalloc_node+0x74/0x150\n [<0000000034bf3363>] rdev_init_serial+0x67/0x170\n [<0000000010e08fe9>] mddev_create_serial_pool+0x62/0x220\n [<00000000c3837bf0>] bind_rdev_to_array+0x2af/0x630\n [<0000000073c28560>] md_add_new_disk+0x400/0x9f0\n [<00000000770e30ff>] md_ioctl+0x15bf/0x1c10\n [<000000006cfab718>] blkdev_ioctl+0x191/0x3f0\n [<0000000085086a11>] vfs_ioctl+0x22/0x60\n [<0000000018b656fe>] __x64_sys_ioctl+0xba/0xe0\n [<00000000e54e675e>] do_syscall_64+0x71/0x150\n [<000000008b0ad622>] entry_SYSCALL_64_after_hwframe+0x6c/0x74', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26900 was patched at 2024-05-15, 2024-06-02

ubuntu: CVE-2024-26900 was patched at 2024-06-07, 2024-06-11, 2024-06-14

5547. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26902) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nperf: RISCV: Fix panic on pmu overflow handler\n\n(1 << idx) of int is not desired when setting bits in unsigned long\noverflowed_ctrs, use BIT() instead. This panic happens when running\n'perf record -e branches' on sophgo sg2042.\n\n[ 273.311852] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000098\n[ 273.320851] Oops [#1]\n[ 273.323179] Modules linked in:\n[ 273.326303] CPU: 0 PID: 1475 Comm: perf Not tainted 6.6.0-rc3+ #9\n[ 273.332521] Hardware name: Sophgo Mango (DT)\n[ 273.336878] epc : riscv_pmu_ctr_get_width_mask+0x8/0x62\n[ 273.342291] ra : pmu_sbi_ovf_handler+0x2e0/0x34e\n[ 273.347091] epc : ffffffff80aecd98 ra : ffffffff80aee056 sp : fffffff6e36928b0\n[ 273.354454] gp : ffffffff821f82d0 tp : ffffffd90c353200 t0 : 0000002ade4f9978\n[ 273.361815] t1 : 0000000000504d55 t2 : ffffffff8016cd8c s0 : fffffff6e3692a70\n[ 273.369180] s1 : 0000000000000020 a0 : 0000000000000000 a1 : 00001a8e81800000\n[ 273.376540] a2 : 0000003c00070198 a3 : 0000003c00db75a4 a4 : 0000000000000015\n[ 273.383901] a5 : ffffffd7ff8804b0 a6 : 0000000000000015 a7 : 000000000000002a\n[ 273.391327] s2 : 000000000000ffff s3 : 0000000000000000 s4 : ffffffd7ff8803b0\n[ 273.398773] s5 : 0000000000504d55 s6 : ffffffd905069800 s7 : ffffffff821fe210\n[ 273.406139] s8 : 000000007fffffff s9 : ffffffd7ff8803b0 s10: ffffffd903f29098\n[ 273.413660] s11: 0000000080000000 t3 : 0000000000000003 t4 : ffffffff8017a0ca\n[ 273.421022] t5 : ffffffff8023cfc2 t6 : ffffffd9040780e8\n[ 273.426437] status: 0000000200000100 badaddr: 0000000000000098 cause: 000000000000000d\n[ 273.434512] [<ffffffff80aecd98>] riscv_pmu_ctr_get_width_mask+0x8/0x62\n[ 273.441169] [<ffffffff80076bd8>] handle_percpu_devid_irq+0x98/0x1ee\n[ 273.447562] [<ffffffff80071158>] generic_handle_domain_irq+0x28/0x36\n[ 273.454151] [<ffffffff8047a99a>] riscv_intc_irq+0x36/0x4e\n[ 273.459659] [<ffffffff80c944de>] handle_riscv_irq+0x4a/0x74\n[ 273.465442] [<ffffffff80c94c48>] do_irq+0x62/0x92\n[ 273.470360] Code: 0420 60a2 6402 5529 0141 8082 0013 0000 0013 0000 (6d5c) b783\n[ 273.477921] ---[ end trace 0000000000000000 ]---\n[ 273.482630] Kernel panic - not syncing: Fatal exception in interrupt', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26902 was patched at 2024-05-15

5548. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26903) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security\n\nDuring our fuzz testing of the connection and disconnection process at the\nRFCOMM layer, we discovered this bug. By comparing the packets from a\nnormal connection and disconnection process with the testcase that\ntriggered a KASAN report. We analyzed the cause of this bug as follows:\n\n1. In the packets captured during a normal connection, the host sends a\n`Read Encryption Key Size` type of `HCI_CMD` packet\n(Command Opcode: 0x1408) to the controller to inquire the length of\nencryption key.After receiving this packet, the controller immediately\nreplies with a Command Completepacket (Event Code: 0x0e) to return the\nEncryption Key Size.\n\n2. In our fuzz test case, the timing of the controller's response to this\npacket was delayed to an unexpected point: after the RFCOMM and L2CAP\nlayers had disconnected but before the HCI layer had disconnected.\n\n3. After receiving the Encryption Key Size Response at the time described\nin point 2, the host still called the rfcomm_check_security function.\nHowever, by this time `struct l2cap_conn *conn = l2cap_pi(sk)->chan->conn;`\nhad already been released, and when the function executed\n`return hci_conn_security(conn->hcon, d->sec_level, auth_type, d->out);`,\nspecifically when accessing `conn->hcon`, a null-ptr-deref error occurred.\n\nTo fix this bug, check if `sk->sk_state` is BT_CLOSED before calling\nrfcomm_recv_frame in rfcomm_process_rx.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26903 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26903 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

5549. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27012) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: restore set elements when delete set fails\n\nFrom abort path, nft_mapelem_activate() needs to restore refcounters to\nthe original state. Currently, it uses the set->ops->walk() to iterate\nover these set elements. The existing set iterator skips inactive\nelements in the next generation, this does not work from the abort path\nto restore the original state since it has to skip active elements\ninstead (not inactive ones).\n\nThis patch moves the check for inactive elements to the set iterator\ncallback, then it reverses the logic for the .activate case which\nneeds to skip active elements.\n\nToggle next generation bit for elements when delete set command is\ninvoked and call nft_clear() from .activate (abort) path to restore the\nnext generation bit.\n\nThe splat below shows an object in mappings memleak:\n\n[43929.457523] ------------[ cut here ]------------\n[43929.457532] WARNING: CPU: 0 PID: 1139 at include/net/netfilter/nf_tables.h:1237 nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[...]\n[43929.458014] RIP: 0010:nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[43929.458076] Code: 83 f8 01 77 ab 49 8d 7c 24 08 e8 37 5e d0 de 49 8b 6c 24 08 48 8d 7d 50 e8 e9 5c d0 de 8b 45 50 8d 50 ff 89 55 50 85 c0 75 86 <0f> 0b eb 82 0f 0b eb b3 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90\n[43929.458081] RSP: 0018:ffff888140f9f4b0 EFLAGS: 00010246\n[43929.458086] RAX: 0000000000000000 RBX: ffff8881434f5288 RCX: dffffc0000000000\n[43929.458090] RDX: 00000000ffffffff RSI: ffffffffa26d28a7 RDI: ffff88810ecc9550\n[43929.458093] RBP: ffff88810ecc9500 R08: 0000000000000001 R09: ffffed10281f3e8f\n[43929.458096] R10: 0000000000000003 R11: ffff0000ffff0000 R12: ffff8881434f52a0\n[43929.458100] R13: ffff888140f9f5f4 R14: ffff888151c7a800 R15: 0000000000000002\n[43929.458103] FS: 00007f0c687c4740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[43929.458107] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[43929.458111] CR2: 00007f58dbe5b008 CR3: 0000000123602005 CR4: 00000000001706f0\n[43929.458114] Call Trace:\n[43929.458118] <TASK>\n[43929.458121] ? __warn+0x9f/0x1a0\n[43929.458127] ? nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[43929.458188] ? report_bug+0x1b1/0x1e0\n[43929.458196] ? handle_bug+0x3c/0x70\n[43929.458200] ? exc_invalid_op+0x17/0x40\n[43929.458211] ? nft_setelem_data_deactivate+0xd7/0xf0 [nf_tables]\n[43929.458271] ? nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[43929.458332] nft_mapelem_deactivate+0x24/0x30 [nf_tables]\n[43929.458392] nft_rhash_walk+0xdd/0x180 [nf_tables]\n[43929.458453] ? __pfx_nft_rhash_walk+0x10/0x10 [nf_tables]\n[43929.458512] ? rb_insert_color+0x2e/0x280\n[43929.458520] nft_map_deactivate+0xdc/0x1e0 [nf_tables]\n[43929.458582] ? __pfx_nft_map_deactivate+0x10/0x10 [nf_tables]\n[43929.458642] ? __pfx_nft_mapelem_deactivate+0x10/0x10 [nf_tables]\n[43929.458701] ? __rcu_read_unlock+0x46/0x70\n[43929.458709] nft_delset+0xff/0x110 [nf_tables]\n[43929.458769] nft_flush_table+0x16f/0x460 [nf_tables]\n[43929.458830] nf_tables_deltable+0x501/0x580 [nf_tables]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27012 was patched at 2024-05-15

5550. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27017) - Medium [221]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: walk over current view on netlink dump\n\nThe generation mask can be updated while netlink dump is in progress.\nThe pipapo set backend walk iterator cannot rely on it to infer what\nview of the datastructure is to be used. Add notation to specify if user\nwants to read/update the set.\n\nBased on patch from Florian Westphal.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27017 was patched at 2024-05-15

5551. Unknown Vulnerability Type - Windows LDAP (CVE-2013-1425) - Medium [221]

Description: {'vulners_cve_data_all': 'ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1425 was patched at 2024-05-15

5552. Unknown Vulnerability Type - Windows LDAP (CVE-2017-17718) - Medium [221]

Description: {'vulners_cve_data_all': 'The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17718 was patched at 2024-05-15

5553. Unknown Vulnerability Type - Windows LDAP (CVE-2023-1055) - Medium [221]

Description: {'vulners_cve_data_all': 'A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-1055 was patched at 2024-05-15

5554. Command Injection - Unknown Product (CVE-2005-3751) - Medium [220]

Description: {'vulners_cve_data_all': 'HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715Command Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3751 was patched at 2024-05-15

5555. Denial of Service - Unknown Product (CVE-2002-1850) - Medium [220]

Description: {'vulners_cve_data_all': 'mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock between httpd and the CGI script.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1850 was patched at 2024-05-15

5556. Denial of Service - Unknown Product (CVE-2003-0031) - Medium [220]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to cause a denial of service (crash).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0031 was patched at 2024-05-15

5557. Denial of Service - Unknown Product (CVE-2003-0774) - Medium [220]

Description: {'vulners_cve_data_all': 'saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0774 was patched at 2024-05-15

5558. Denial of Service - Unknown Product (CVE-2003-0855) - Medium [220]

Description: {'vulners_cve_data_all': 'Pan 0.13.3 and earlier allows remote attackers to cause a denial of service (crash) via a news post with a long author email address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0855 was patched at 2024-05-15

5559. Denial of Service - Unknown Product (CVE-2003-0989) - Medium [220]

Description: {'vulners_cve_data_all': 'tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0989 was patched at 2024-05-15

5560. Denial of Service - Unknown Product (CVE-2003-1000) - Medium [220]

Description: {'vulners_cve_data_all': 'xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-1000 was patched at 2024-05-15

5561. Denial of Service - Unknown Product (CVE-2004-0458) - Medium [220]

Description: {'vulners_cve_data_all': 'mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0458 was patched at 2024-05-15

5562. Denial of Service - Unknown Product (CVE-2004-1002) - Medium [220]

Description: {'vulners_cve_data_all': 'Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1002 was patched at 2024-05-15

5563. Denial of Service - Unknown Product (CVE-2004-2652) - Medium [220]

Description: {'vulners_cve_data_all': 'The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2652 was patched at 2024-05-15

5564. Denial of Service - Unknown Product (CVE-2004-2779) - Medium [220]

Description: {'vulners_cve_data_all': 'id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2779 was patched at 2024-05-15

5565. Denial of Service - Unknown Product (CVE-2005-0891) - Medium [220]

Description: {'vulners_cve_data_all': 'Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0891 was patched at 2024-05-15

5566. Denial of Service - Unknown Product (CVE-2005-1455) - Medium [220]

Description: {'vulners_cve_data_all': 'Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1455 was patched at 2024-05-15

5567. Denial of Service - Unknown Product (CVE-2005-2975) - Medium [220]

Description: {'vulners_cve_data_all': 'io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2975 was patched at 2024-05-15

5568. Denial of Service - Unknown Product (CVE-2005-3239) - Medium [220]

Description: {'vulners_cve_data_all': 'The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3239 was patched at 2024-05-15

5569. Denial of Service - Unknown Product (CVE-2005-3488) - Medium [220]

Description: {'vulners_cve_data_all': 'Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a denial of service (long loop and server hang) via a negative numplayers value that bypasses a signed check in ServerConnectHandler.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3488 was patched at 2024-05-15

5570. Denial of Service - Unknown Product (CVE-2005-4153) - Medium [220]

Description: {'vulners_cve_data_all': 'Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4153 was patched at 2024-05-15

5571. Denial of Service - Unknown Product (CVE-2005-4348) - Medium [220]

Description: {'vulners_cve_data_all': 'fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4348 was patched at 2024-05-15

5572. Denial of Service - Unknown Product (CVE-2005-4746) - Medium [220]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t".', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4746 was patched at 2024-05-15

5573. Denial of Service - Unknown Product (CVE-2006-0677) - Medium [220]

Description: {'vulners_cve_data_all': 'telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0677 was patched at 2024-05-15

5574. Denial of Service - Unknown Product (CVE-2006-1150) - Medium [220]

Description: {'vulners_cve_data_all': 'Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, automatically appends an _ (underscore) to the end of duplicate nicknames, which allows remote attackers to cause a denial of service (application crash) by creating multiple users with long, identical nicknames, which triggers an off-by-one error.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1150 was patched at 2024-05-15

5575. Denial of Service - Unknown Product (CVE-2006-4434) - Medium [220]

Description: {'vulners_cve_data_all': 'Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4434 was patched at 2024-05-15

5576. Denial of Service - Unknown Product (CVE-2006-5445) - Medium [220]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5445 was patched at 2024-05-15

5577. Denial of Service - Unknown Product (CVE-2006-5974) - Medium [220]

Description: {'vulners_cve_data_all': 'fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5974 was patched at 2024-05-15

5578. Denial of Service - Unknown Product (CVE-2007-0256) - Medium [220]

Description: {'vulners_cve_data_all': 'VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0256 was patched at 2024-05-15

5579. Denial of Service - Unknown Product (CVE-2007-0539) - Medium [220]

Description: {'vulners_cve_data_all': 'The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0539 was patched at 2024-05-15

5580. Denial of Service - Unknown Product (CVE-2007-0897) - Medium [220]

Description: {'vulners_cve_data_all': 'Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0897 was patched at 2024-05-15

5581. Denial of Service - Unknown Product (CVE-2007-1306) - Medium [220]

Description: {'vulners_cve_data_all': 'Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1306 was patched at 2024-05-15

5582. Denial of Service - Unknown Product (CVE-2007-1385) - Medium [220]

Description: {'vulners_cve_data_all': 'chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1385 was patched at 2024-05-15

5583. Denial of Service - Unknown Product (CVE-2007-1547) - Medium [220]

Description: {'vulners_cve_data_all': 'The ReadRequestFromClient function in server/os/io.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1547 was patched at 2024-05-15

5584. Denial of Service - Unknown Product (CVE-2007-1561) - Medium [220]

Description: {'vulners_cve_data_all': 'The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP INVITE message with an SDP containing one valid and one invalid IP address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1561 was patched at 2024-05-15

5585. Denial of Service - Unknown Product (CVE-2007-1804) - Medium [220]

Description: {'vulners_cve_data_all': 'PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1804 was patched at 2024-05-15

5586. Denial of Service - Unknown Product (CVE-2007-1870) - Medium [220]

Description: {'vulners_cve_data_all': 'lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1870 was patched at 2024-05-15

5587. Denial of Service - Unknown Product (CVE-2007-2029) - Medium [220]

Description: {'vulners_cve_data_all': 'File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2029 was patched at 2024-05-15

5588. Denial of Service - Unknown Product (CVE-2007-2294) - Medium [220]

Description: {'vulners_cve_data_all': 'The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (crash) by using MD5 authentication to authenticate a user that does not have a password defined in manager.conf, resulting in a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2294 was patched at 2024-05-15

5589. Denial of Service - Unknown Product (CVE-2007-3115) - Medium [220]

Description: {'vulners_cve_data_all': 'Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, and 1.3.x before 1.3.05, allow remote attackers to cause a denial of service (memory consumption) via (1) reverse lookups or (2) requests for records in a class other than Internet (IN), a different set of affected versions than CVE-2007-3114 and CVE-2007-3116.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3115 was patched at 2024-05-15

5590. Denial of Service - Unknown Product (CVE-2007-3467) - Medium [220]

Description: {'vulners_cve_data_all': 'Integer overflow in the __status_Update function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a WAV file with a large sample rate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3467 was patched at 2024-05-15

5591. Denial of Service - Unknown Product (CVE-2007-3468) - Medium [220]

Description: {'vulners_cve_data_all': 'input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service (crash) via a crafted WAV file that causes an uninitialized i_nb_resamplers variable to be used.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3468 was patched at 2024-05-15

5592. Denial of Service - Unknown Product (CVE-2007-4103) - Medium [220]

Description: {'vulners_cve_data_all': 'The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4103 was patched at 2024-05-15

5593. Denial of Service - Unknown Product (CVE-2007-4754) - Medium [220]

Description: {'vulners_cve_data_all': 'Format string vulnerability in the safe_bprintf function in acesrc/acebot_cmds.c in Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in a nickname.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4754 was patched at 2024-05-15

5594. Denial of Service - Unknown Product (CVE-2007-5933) - Medium [220]

Description: {'vulners_cve_data_all': 'Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to cause a denial of service (crash) by triggering a delete operation while the Session object is still being used, as demonstrated by causing a "Broken pipe" error.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5933 was patched at 2024-05-15

5595. Denial of Service - Unknown Product (CVE-2007-6010) - Medium [220]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors that trigger an assert error. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-5933.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6010 was patched at 2024-05-15

5596. Denial of Service - Unknown Product (CVE-2008-3214) - Medium [220]

Description: {'vulners_cve_data_all': 'dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a DHCPREQUEST for an IP address that is not in the same network, related to the DHCP NAK response from the daemon.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3214 was patched at 2024-05-15

5597. Denial of Service - Unknown Product (CVE-2008-3263) - Medium [220]

Description: {'vulners_cve_data_all': 'The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; Appliance Developer Kit 0.x.x; and s800i 1.0.x before 1.2.0.1 allows remote attackers to cause a denial of service (call-number exhaustion and CPU consumption) by quickly sending a large number of IAX2 (IAX) POKE requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3263 was patched at 2024-05-15

5598. Denial of Service - Unknown Product (CVE-2008-4077) - Medium [220]

Description: {'vulners_cve_data_all': 'The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4077 was patched at 2024-05-15

5599. Denial of Service - Unknown Product (CVE-2008-5646) - Medium [220]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Trac before 0.11.2 allows attackers to cause a denial of service via unknown attack vectors related to "certain wiki markup."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5646 was patched at 2024-05-15

5600. Denial of Service - Unknown Product (CVE-2008-6621) - Medium [220]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors in DPX images. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6621 was patched at 2024-05-15

5601. Denial of Service - Unknown Product (CVE-2009-0749) - Medium [220]

Description: {'vulners_cve_data_all': 'Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0749 was patched at 2024-05-15

5602. Denial of Service - Unknown Product (CVE-2009-1270) - Medium [220]

Description: {'vulners_cve_data_all': 'libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1270 was patched at 2024-05-15

5603. Denial of Service - Unknown Product (CVE-2009-2346) - Medium [220]

Description: {'vulners_cve_data_all': 'The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2346 was patched at 2024-05-15

5604. Denial of Service - Unknown Product (CVE-2009-2726) - Medium [220]

Description: {'vulners_cve_data_all': 'The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2726 was patched at 2024-05-15

5605. Denial of Service - Unknown Product (CVE-2009-5050) - Medium [220]

Description: {'vulners_cve_data_all': 'konversation before 1.2.3 allows attackers to cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5050 was patched at 2024-05-15

5606. Denial of Service - Unknown Product (CVE-2010-3872) - Medium [220]

Description: {'vulners_cve_data_all': 'A flaw was found in the mod_fcgid module of httpd. A malformed FastCGI response may result in a stack-based buffer overflow in the modules/fcgid/fcgid_bucket.c file in the fcgid_header_bucket_read() function, resulting in an application crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3872 was patched at 2024-05-15

5607. Denial of Service - Unknown Product (CVE-2010-4168) - Medium [220]

Description: {'vulners_cve_data_all': 'Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4168 was patched at 2024-05-15

5608. Denial of Service - Unknown Product (CVE-2010-5077) - Medium [220]

Description: {'vulners_cve_data_all': 'server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstatus or (2) rcon request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-5077 was patched at 2024-05-15

5609. Denial of Service - Unknown Product (CVE-2011-0529) - Medium [220]

Description: {'vulners_cve_data_all': 'Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0529 was patched at 2024-05-15

5610. Denial of Service - Unknown Product (CVE-2011-2393) - Medium [220]

Description: {'vulners_cve_data_all': 'The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU consumption and device hang) by sending many Router Advertisement (RA) messages with different source addresses, a similar vulnerability to CVE-2010-4670.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2393 was patched at 2024-05-15

5611. Denial of Service - Unknown Product (CVE-2011-3604) - Medium [220]

Description: {'vulners_cve_data_all': 'The process_ra function in the router advertisement daemon (radvd) before 1.8.2 allows remote attackers to cause a denial of service (stack-based buffer over-read and crash) via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3604 was patched at 2024-05-15

5612. Denial of Service - Unknown Product (CVE-2012-0024) - Medium [220]

Description: {'vulners_cve_data_all': 'MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0024 was patched at 2024-05-15

5613. Denial of Service - Unknown Product (CVE-2012-0880) - Medium [220]

Description: {'vulners_cve_data_all': 'Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0880 was patched at 2024-05-15

5614. Denial of Service - Unknown Product (CVE-2012-0881) - Medium [220]

Description: {'vulners_cve_data_all': 'Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0881 was patched at 2024-05-15

5615. Denial of Service - Unknown Product (CVE-2012-2320) - Medium [220]

Description: {'vulners_cve_data_all': 'ConnMan before 0.85 does not ensure that netlink messages originate from the kernel, which allows remote attackers to bypass intended access restrictions and cause a denial of service via a crafted netlink message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2320 was patched at 2024-05-15

5616. Denial of Service - Unknown Product (CVE-2012-2805) - Medium [220]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2805 was patched at 2024-05-15

5617. Denial of Service - Unknown Product (CVE-2012-3291) - Medium [220]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in OpenConnect 3.18 allows remote servers to cause a denial of service via a crafted greeting banner.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3291 was patched at 2024-05-15

5618. Denial of Service - Unknown Product (CVE-2012-3549) - Medium [220]

Description: {'vulners_cve_data_all': 'The SCTP implementation in FreeBSD 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted ASCONF chunk.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3549 was patched at 2024-05-15

5619. Denial of Service - Unknown Product (CVE-2012-5645) - Medium [220]

Description: {'vulners_cve_data_all': 'A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5645 was patched at 2024-05-15

5620. Denial of Service - Unknown Product (CVE-2012-6083) - Medium [220]

Description: {'vulners_cve_data_all': 'Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6083 was patched at 2024-05-15

5621. Denial of Service - Unknown Product (CVE-2012-6122) - Medium [220]

Description: {'vulners_cve_data_all': 'Buffer overflow in the thread scheduler in Chicken before 4.8.0.1 allows attackers to cause a denial of service (crash) by opening a file descriptor with a large integer value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6122 was patched at 2024-05-15

5622. Denial of Service - Unknown Product (CVE-2014-0486) - Medium [220]

Description: {'vulners_cve_data_all': 'Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0486 was patched at 2024-05-15

5623. Denial of Service - Unknown Product (CVE-2014-10064) - Medium [220]

Description: {'vulners_cve_data_all': 'The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of time. An attacker could leverage this to cause a temporary denial-of-service condition, for example, in a web application, other requests would not be processed while this blocking is occurring.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-10064 was patched at 2024-05-15

5624. Denial of Service - Unknown Product (CVE-2014-8323) - Medium [220]

Description: {'vulners_cve_data_all': 'buddy-ng.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8323 was patched at 2024-05-15

5625. Denial of Service - Unknown Product (CVE-2014-8324) - Medium [220]

Description: {'vulners_cve_data_all': 'network.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8324 was patched at 2024-05-15

5626. Denial of Service - Unknown Product (CVE-2014-8613) - Medium [220]

Description: {'vulners_cve_data_all': 'The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted RE_CONFIG chunk.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8613 was patched at 2024-05-15

5627. Denial of Service - Unknown Product (CVE-2014-9316) - Medium [220]

Description: {'vulners_cve_data_all': 'The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9316 was patched at 2024-05-15

5628. Denial of Service - Unknown Product (CVE-2014-9318) - Medium [220]

Description: {'vulners_cve_data_all': 'The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9318 was patched at 2024-05-15

5629. Denial of Service - Unknown Product (CVE-2015-0361) - Medium [220]

Description: {'vulners_cve_data_all': 'Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0361 was patched at 2024-05-15

5630. Denial of Service - Unknown Product (CVE-2015-0841) - Medium [220]

Description: {'vulners_cve_data_all': 'Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0841 was patched at 2024-05-15

5631. Denial of Service - Unknown Product (CVE-2015-0928) - Medium [220]

Description: {'vulners_cve_data_all': 'libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0928 was patched at 2024-05-15

5632. Denial of Service - Unknown Product (CVE-2015-1379) - Medium [220]

Description: {'vulners_cve_data_all': 'The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1379 was patched at 2024-05-15

5633. Denial of Service - Unknown Product (CVE-2015-1417) - Medium [220]

Description: {'vulners_cve_data_all': 'The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET instances allows remote attackers to cause a denial of service (mbuf consumption) via multiple concurrent TCP connections.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1417 was patched at 2024-05-15

5634. Denial of Service - Unknown Product (CVE-2015-1522) - Medium [220]

Description: {'vulners_cve_data_all': 'analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject certain non-zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read) via a crafted DNP3 packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1522 was patched at 2024-05-15

5635. Denial of Service - Unknown Product (CVE-2015-1554) - Medium [220]

Description: {'vulners_cve_data_all': 'kgb-bot 1.33-2 allows remote attackers to cause a denial of service (crash).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1554 was patched at 2024-05-15

5636. Denial of Service - Unknown Product (CVE-2015-1783) - Medium [220]

Description: {'vulners_cve_data_all': 'The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1783 was patched at 2024-05-15

5637. Denial of Service - Unknown Product (CVE-2015-1868) - Medium [220]

Description: {'vulners_cve_data_all': 'The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1868 was patched at 2024-05-15

5638. Denial of Service - Unknown Product (CVE-2015-2312) - Medium [220]

Description: {'vulners_cve_data_all': 'Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service (CPU and possibly general resource consumption) via a list with a large number of elements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2312 was patched at 2024-05-15

5639. Denial of Service - Unknown Product (CVE-2015-2313) - Medium [220]

Description: {'vulners_cve_data_all': 'Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loop. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-2312.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2313 was patched at 2024-05-15

5640. Denial of Service - Unknown Product (CVE-2015-4054) - Medium [220]

Description: {'vulners_cve_data_all': 'PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-4054 was patched at 2024-05-15

5641. Denial of Service - Unknown Product (CVE-2015-4556) - Medium [220]

Description: {'vulners_cve_data_all': 'The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-4556 was patched at 2024-05-15

5642. Denial of Service - Unknown Product (CVE-2015-4646) - Medium [220]

Description: {'vulners_cve_data_all': '(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-4646 was patched at 2024-05-15

5643. Denial of Service - Unknown Product (CVE-2015-5290) - Medium [220]

Description: {'vulners_cve_data_all': 'A Denial of Service vulnerability exists in ircd-ratbox 3.0.9 in the MONITOR Command Handler.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5290 was patched at 2024-05-15

5644. Denial of Service - Unknown Product (CVE-2015-5675) - Medium [220]

Description: {'vulners_cve_data_all': 'The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5675 was patched at 2024-05-15

5645. Denial of Service - Unknown Product (CVE-2015-8547) - Medium [220]

Description: {'vulners_cve_data_all': 'The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8547 was patched at 2024-05-15

5646. Denial of Service - Unknown Product (CVE-2016-10091) - Medium [220]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10091 was patched at 2024-05-15

5647. Denial of Service - Unknown Product (CVE-2016-10210) - Medium [220]

Description: {'vulners_cve_data_all': 'libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted rule that is mishandled in the yy_get_next_buffer function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10210 was patched at 2024-05-15

5648. Denial of Service - Unknown Product (CVE-2016-10211) - Medium [220]

Description: {'vulners_cve_data_all': 'libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_parser_lookup_loop_variable function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10211 was patched at 2024-05-15

5649. Denial of Service - Unknown Product (CVE-2016-1504) - Medium [220]

Description: {'vulners_cve_data_all': 'dhcpcd before 6.10.0 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to the option length.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1504 was patched at 2024-05-15

5650. Denial of Service - Unknown Product (CVE-2016-1881) - Medium [220]

Description: {'vulners_cve_data_all': 'The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1881 was patched at 2024-05-15

5651. Denial of Service - Unknown Product (CVE-2016-1882) - Medium [220]

Description: {'vulners_cve_data_all': 'FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1882 was patched at 2024-05-15

5652. Denial of Service - Unknown Product (CVE-2016-2145) - Medium [220]

Description: {'vulners_cve_data_all': 'The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2145 was patched at 2024-05-15

5653. Denial of Service - Unknown Product (CVE-2016-2146) - Medium [220]

Description: {'vulners_cve_data_all': 'The am_read_post_data function in mod_auth_mellon before 0.11.1 does not limit the amount of data read, which allows remote attackers to cause a denial of service (worker process crash, web server deadlock, or memory consumption) via a large amount of POST data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2146 was patched at 2024-05-15

5654. Denial of Service - Unknown Product (CVE-2016-4414) - Medium [220]

Description: {'vulners_cve_data_all': 'The onReadyRead function in core/coreauthhandler.cpp in Quassel before 0.12.4 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via invalid handshake data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4414 was patched at 2024-05-15

5655. Denial of Service - Unknown Product (CVE-2016-4953) - Medium [220]

Description: {'vulners_cve_data_all': 'ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (ephemeral-association demobilization) by sending a spoofed crypto-NAK packet with incorrect authentication data at a certain time.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4953 was patched at 2024-05-15

5656. Denial of Service - Unknown Product (CVE-2016-5040) - Medium [220]

Description: {'vulners_cve_data_all': 'libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a large length value in a compilation unit header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5040 was patched at 2024-05-15

5657. Denial of Service - Unknown Product (CVE-2016-5041) - Medium [220]

Description: {'vulners_cve_data_all': 'dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a debugging information entry using DWARF5 and without a DW_AT_name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5041 was patched at 2024-05-15

5658. Denial of Service - Unknown Product (CVE-2016-5043) - Medium [220]

Description: {'vulners_cve_data_all': 'The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted DWARF section.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5043 was patched at 2024-05-15

5659. Denial of Service - Unknown Product (CVE-2016-5044) - Medium [220]

Description: {'vulners_cve_data_all': 'The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted DWARF section.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5044 was patched at 2024-05-15

5660. Denial of Service - Unknown Product (CVE-2016-6173) - Medium [220]

Description: {'vulners_cve_data_all': 'NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6173 was patched at 2024-05-15

5661. Denial of Service - Unknown Product (CVE-2016-7069) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client. On a 32-bit system, the pointer arithmetic used when parsing the received response to remove that record might trigger an undefined behavior leading to a crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7069 was patched at 2024-05-15

5662. Denial of Service - Unknown Product (CVE-2016-7164) - Medium [220]

Description: {'vulners_cve_data_all': 'The construct function in puff.cpp in Libtorrent 1.1.0 allows remote torrent trackers to cause a denial of service (segmentation fault and crash) via a crafted GZIP response.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7164 was patched at 2024-05-15

5663. Denial of Service - Unknown Product (CVE-2016-7550) - Medium [220]

Description: {'vulners_cve_data_all': 'asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7550 was patched at 2024-05-15

5664. Denial of Service - Unknown Product (CVE-2016-9113) - Medium [220]

Description: {'vulners_cve_data_all': 'There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9113 was patched at 2024-05-15

5665. Denial of Service - Unknown Product (CVE-2016-9114) - Medium [220]

Description: {'vulners_cve_data_all': 'There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9114 was patched at 2024-05-15

5666. Denial of Service - Unknown Product (CVE-2016-9275) - Medium [220]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9275 was patched at 2024-05-15

5667. Denial of Service - Unknown Product (CVE-2016-9276) - Medium [220]

Description: {'vulners_cve_data_all': 'The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9276 was patched at 2024-05-15

5668. Denial of Service - Unknown Product (CVE-2016-9296) - Medium [220]

Description: {'vulners_cve_data_all': 'A null pointer dereference bug affects the 16.02 and many old versions of p7zip. A lack of null pointer check for the variable folders.PackPositions in function CInArchive::ReadAndDecodePackedStreams in CPP/7zip/Archive/7z/7zIn.cpp, as used in the 7z.so library and in 7z applications, will cause a crash and a denial of service when decoding malformed 7z files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9296 was patched at 2024-05-15

5669. Denial of Service - Unknown Product (CVE-2016-9954) - Medium [220]

Description: {'vulners_cve_data_all': 'The backtrack compilation code in the Irregex package (aka IrRegular Expressions) before 0.9.6 for Scheme allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression with a repeating pattern.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9954 was patched at 2024-05-15

5670. Denial of Service - Unknown Product (CVE-2017-1000189) - Medium [220]

Description: {'vulners_cve_data_all': 'nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000189 was patched at 2024-05-15

5671. Denial of Service - Unknown Product (CVE-2017-1000418) - Medium [220]

Description: {'vulners_cve_data_all': 'The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000418 was patched at 2024-05-15

5672. Denial of Service - Unknown Product (CVE-2017-10868) - Medium [220]

Description: {'vulners_cve_data_all': 'H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-10868 was patched at 2024-05-15

5673. Denial of Service - Unknown Product (CVE-2017-10869) - Medium [220]

Description: {'vulners_cve_data_all': 'Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-10869 was patched at 2024-05-15

5674. Denial of Service - Unknown Product (CVE-2017-11190) - Medium [220]

Description: {'vulners_cve_data_all': 'unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via an RAR archive containing a long filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11190 was patched at 2024-05-15

5675. Denial of Service - Unknown Product (CVE-2017-11554) - Medium [220]

Description: {'vulners_cve_data_all': 'There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11554 was patched at 2024-05-15

5676. Denial of Service - Unknown Product (CVE-2017-11555) - Medium [220]

Description: {'vulners_cve_data_all': 'There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11555 was patched at 2024-05-15

5677. Denial of Service - Unknown Product (CVE-2017-11556) - Medium [220]

Description: {'vulners_cve_data_all': 'There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11556 was patched at 2024-05-15

5678. Denial of Service - Unknown Product (CVE-2017-11655) - Medium [220]

Description: {'vulners_cve_data_all': 'A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdump network sniffing sessions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11655 was patched at 2024-05-15

5679. Denial of Service - Unknown Product (CVE-2017-11684) - Medium [220]

Description: {'vulners_cve_data_all': 'There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11684 was patched at 2024-05-15

5680. Denial of Service - Unknown Product (CVE-2017-11692) - Medium [220]

Description: {'vulners_cve_data_all': 'The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11692 was patched at 2024-05-15

5681. Denial of Service - Unknown Product (CVE-2017-11697) - Medium [220]

Description: {'vulners_cve_data_all': 'The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11697 was patched at 2024-05-15

5682. Denial of Service - Unknown Product (CVE-2017-12481) - Medium [220]

Description: {'vulners_cve_data_all': 'The find_option function in option.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12481 was patched at 2024-05-15

5683. Denial of Service - Unknown Product (CVE-2017-12482) - Medium [220]

Description: {'vulners_cve_data_all': 'The ledger::parse_date_mask_routine function in times.cc in Ledger 3.1.1 allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12482 was patched at 2024-05-15

5684. Denial of Service - Unknown Product (CVE-2017-12600) - Medium [220]

Description: {'vulners_cve_data_all': 'OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (CPU consumption) issue, as demonstrated by the 11-opencv-dos-cpu-exhaust test case.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12600 was patched at 2024-05-15

5685. Denial of Service - Unknown Product (CVE-2017-12602) - Medium [220]

Description: {'vulners_cve_data_all': 'OpenCV (Open Source Computer Vision Library) through 3.3 has a denial of service (memory consumption) issue, as demonstrated by the 10-opencv-dos-memory-exhaust test case.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12602 was patched at 2024-05-15

5686. Denial of Service - Unknown Product (CVE-2017-12626) - Medium [220]

Description: {'vulners_cve_data_all': 'Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12626 was patched at 2024-05-15

5687. Denial of Service - Unknown Product (CVE-2017-12958) - Medium [220]

Description: {'vulners_cve_data_all': 'There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12958 was patched at 2024-05-15

5688. Denial of Service - Unknown Product (CVE-2017-12959) - Medium [220]

Description: {'vulners_cve_data_all': 'There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12959 was patched at 2024-05-15

5689. Denial of Service - Unknown Product (CVE-2017-12960) - Medium [220]

Description: {'vulners_cve_data_all': 'There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12960 was patched at 2024-05-15

5690. Denial of Service - Unknown Product (CVE-2017-12961) - Medium [220]

Description: {'vulners_cve_data_all': 'There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12961 was patched at 2024-05-15

5691. Denial of Service - Unknown Product (CVE-2017-14098) - Medium [220]

Description: {'vulners_cve_data_all': 'In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 and 14.x before 14.6.1, a carefully crafted tel URI in a From, To, or Contact header could cause Asterisk to crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14098 was patched at 2024-05-15

5692. Denial of Service - Unknown Product (CVE-2017-14158) - Medium [220]

Description: {'vulners_cve_data_all': 'Scrapy 1.4 allows remote attackers to cause a denial of service (memory consumption) via large files because arbitrarily many files are read into memory, which is especially problematic if the files are then individually written in a separate thread to a slow storage resource, as demonstrated by interaction between dataReceived (in core/downloader/handlers/http11.py) and S3FilesStore.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14158 was patched at 2024-05-15

5693. Denial of Service - Unknown Product (CVE-2017-14226) - Medium [220]

Description: {'vulners_cve_data_all': 'WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14226 was patched at 2024-05-15

5694. Denial of Service - Unknown Product (CVE-2017-14412) - Medium [220]

Description: {'vulners_cve_data_all': 'An invalid memory write was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service (segmentation fault and application crash) or possibly unspecified other impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14412 was patched at 2024-05-15

5695. Denial of Service - Unknown Product (CVE-2017-15056) - Medium [220]

Description: {'vulners_cve_data_all': 'p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15056 was patched at 2024-05-15

5696. Denial of Service - Unknown Product (CVE-2017-15133) - Medium [220]

Description: {'vulners_cve_data_all': 'A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15133 was patched at 2024-05-15

5697. Denial of Service - Unknown Product (CVE-2017-16119) - Medium [220]

Description: {'vulners_cve_data_all': 'Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16119 was patched at 2024-05-15

5698. Denial of Service - Unknown Product (CVE-2017-16138) - Medium [220]

Description: {'vulners_cve_data_all': 'The mime module < 1.4.1, 2.0.1, 2.0.2 is vulnerable to regular expression denial of service when a mime lookup is performed on untrusted user input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16138 was patched at 2024-05-15

5699. Denial of Service - Unknown Product (CVE-2017-16232) - Medium [220]

Description: {'vulners_cve_data_all': 'LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16232 was patched at 2024-05-15

5700. Denial of Service - Unknown Product (CVE-2017-16869) - Medium [220]

Description: {'vulners_cve_data_all': 'p_mach.cpp in UPX 3.94 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted Mach-O file, related to canPack and unpack functions. NOTE: the vendor has stated "there is no security implication whatsoever.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16869 was patched at 2024-05-15

5701. Denial of Service - Unknown Product (CVE-2017-17497) - Medium [220]

Description: {'vulners_cve_data_all': 'In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the "children of the head" processing feature is modified in the loop without validating the new value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17497 was patched at 2024-05-15

5702. Denial of Service - Unknown Product (CVE-2017-18594) - Medium [220]

Description: {'vulners_cve_data_all': 'nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \\n character to ssh-brute.nse or ssh-auth-methods.nse.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-18594 was patched at 2024-05-15

5703. Denial of Service - Unknown Product (CVE-2017-2635) - Medium [220]

Description: {'vulners_cve_data_all': 'A NULL pointer deference flaw was found in the way libvirt from 2.5.0 to 3.0.0 handled empty drives. A remote authenticated attacker could use this flaw to crash libvirtd daemon resulting in denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2635 was patched at 2024-05-15

5704. Denial of Service - Unknown Product (CVE-2017-5836) - Medium [220]

Description: {'vulners_cve_data_all': 'The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an invalid free.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5836 was patched at 2024-05-15

5705. Denial of Service - Unknown Product (CVE-2017-5923) - Medium [220]

Description: {'vulners_cve_data_all': 'libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted rule that is mishandled in the yara_yyparse function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5923 was patched at 2024-05-15

5706. Denial of Service - Unknown Product (CVE-2017-5924) - Medium [220]

Description: {'vulners_cve_data_all': 'libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule that is mishandled in the yr_compiler_destroy function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5924 was patched at 2024-05-15

5707. Denial of Service - Unknown Product (CVE-2017-6384) - Medium [220]

Description: {'vulners_cve_data_all': 'Memory leak in the login_user function in saslserv/main.c in saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker to consume memory and cause a denial of service. This is fixed in 7.2.8.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6384 was patched at 2024-05-15

5708. Denial of Service - Unknown Product (CVE-2017-7245) - Medium [220]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7245 was patched at 2024-05-15

5709. Denial of Service - Unknown Product (CVE-2017-7246) - Medium [220]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7246 was patched at 2024-05-15

5710. Denial of Service - Unknown Product (CVE-2017-7263) - Medium [220]

Description: {'vulners_cve_data_all': 'The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8698.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7263 was patched at 2024-05-15

5711. Denial of Service - Unknown Product (CVE-2017-8294) - Medium [220]

Description: {'vulners_cve_data_all': 'libyara/re.c in the regex component in YARA 3.5.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted rule that is mishandled in the yr_re_exec function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8294 was patched at 2024-05-15

5712. Denial of Service - Unknown Product (CVE-2017-8825) - Medium [220]

Description: {'vulners_cve_data_all': 'A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail addresses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8825 was patched at 2024-05-15

5713. Denial of Service - Unknown Product (CVE-2017-8929) - Medium [220]

Description: {'vulners_cve_data_all': 'The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted rule.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8929 was patched at 2024-05-15

5714. Denial of Service - Unknown Product (CVE-2017-9107) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with \\, and adns_qf_quoteok_query was specified, qdparselabel would read additional bytes from the buffer and try to treat them as the escape sequence. It would depart the input buffer and start processing many bytes of arbitrary heap data as if it were the query domain. Eventually it would run out of input or find some other kind of error, and declare the query domain invalid. But before then it might outrun available memory and crash. In principle this could be a denial of service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9107 was patched at 2024-05-15

5715. Denial of Service - Unknown Product (CVE-2017-9217) - Medium [220]

Description: {'vulners_cve_data_all': 'systemd-resolved through 233 allows remote attackers to cause a denial of service (daemon crash) via a crafted DNS response with an empty question section.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9217 was patched at 2024-05-15

5716. Denial of Service - Unknown Product (CVE-2017-9301) - Medium [220]

Description: {'vulners_cve_data_all': 'plugins\\audio_filter\\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9301 was patched at 2024-05-15

5717. Denial of Service - Unknown Product (CVE-2017-9304) - Medium [220]

Description: {'vulners_cve_data_all': 'libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule that is mishandled in the _yr_re_emit function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9304 was patched at 2024-05-15

5718. Denial of Service - Unknown Product (CVE-2017-9334) - Medium [220]

Description: {'vulners_cve_data_all': 'An incorrect "pair?" check in the Scheme "length" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls "length" on it.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9334 was patched at 2024-05-15

5719. Denial of Service - Unknown Product (CVE-2017-9438) - Medium [220]

Description: {'vulners_cve_data_all': 'libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers to cause a denial of service (stack consumption) via a crafted rule (involving hex strings) that is mishandled in the _yr_re_emit function, a different vulnerability than CVE-2017-9304.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9438 was patched at 2024-05-15

5720. Denial of Service - Unknown Product (CVE-2017-9670) - Medium [220]

Description: {'vulners_cve_data_all': 'An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9670 was patched at 2024-05-15

5721. Denial of Service - Unknown Product (CVE-2017-9763) - Medium [220]

Description: {'vulners_cve_data_all': 'The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9763 was patched at 2024-05-15

5722. Denial of Service - Unknown Product (CVE-2017-9871) - Medium [220]

Description: {'vulners_cve_data_all': 'The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted audio file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9871 was patched at 2024-05-15

5723. Denial of Service - Unknown Product (CVE-2018-1000052) - Medium [220]

Description: {'vulners_cve_data_all': 'fmtlib version prior to version 4.1.0 (before commit 0555cea5fc0bf890afe0071a558e44625a34ba85) contains a Memory corruption (SIGSEGV), CWE-134 vulnerability in fmt::print() library function that can result in Denial of Service. This attack appear to be exploitable via Specifying an invalid format specifier in the fmt::print() function results in a SIGSEGV (memory corruption, invalid write). This vulnerability appears to have been fixed in after commit 8cf30aa2be256eba07bb1cefb998c52326e846e7.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000052 was patched at 2024-05-15

5724. Denial of Service - Unknown Product (CVE-2018-1000215) - Medium [220]

Description: {'vulners_cve_data_all': 'Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service (DoS). This attack appear to be exploitable via If the attacker can force the data to be printed and the system is in low memory it can force a leak of memory. This vulnerability appears to have been fixed in 1.7.7.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000215 was patched at 2024-05-15

5725. Denial of Service - Unknown Product (CVE-2018-10111) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10111 was patched at 2024-05-15

5726. Denial of Service - Unknown Product (CVE-2018-10113) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10113 was patched at 2024-05-15

5727. Denial of Service - Unknown Product (CVE-2018-10254) - Medium [220]

Description: {'vulners_cve_data_all': 'Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10254 was patched at 2024-05-15

5728. Denial of Service - Unknown Product (CVE-2018-10776) - Medium [220]

Description: {'vulners_cve_data_all': 'The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (segmentation fault and application crash) or possibly have unspecified other impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10776 was patched at 2024-05-15

5729. Denial of Service - Unknown Product (CVE-2018-10777) - Medium [220]

Description: {'vulners_cve_data_all': 'Buffer overflow in the WriteMP3GainAPETag function in apetag.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10777 was patched at 2024-05-15

5730. Denial of Service - Unknown Product (CVE-2018-10778) - Medium [220]

Description: {'vulners_cve_data_all': 'Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872 and CVE-2017-14409.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10778 was patched at 2024-05-15

5731. Denial of Service - Unknown Product (CVE-2018-10851) - Medium [220]

Description: {'vulners_cve_data_all': 'PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10851 was patched at 2024-05-15

5732. Denial of Service - Unknown Product (CVE-2018-10945) - Medium [220]

Description: {'vulners_cve_data_all': 'The mg_handle_cgi function in mongoose.c in Mongoose 6.11 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash, or NULL pointer dereference) via an HTTP request, related to the mbuf_insert function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10945 was patched at 2024-05-15

5733. Denial of Service - Unknown Product (CVE-2018-11033) - Medium [220]

Description: {'vulners_cve_data_all': 'The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11033 was patched at 2024-05-15

5734. Denial of Service - Unknown Product (CVE-2018-1110) - Medium [220]

Description: {'vulners_cve_data_all': 'A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1110 was patched at 2024-05-15

5735. Denial of Service - Unknown Product (CVE-2018-11243) - Medium [220]

Description: {'vulners_cve_data_all': 'PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11243 was patched at 2024-05-15

5736. Denial of Service - Unknown Product (CVE-2018-11739) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11739 was patched at 2024-05-15

5737. Denial of Service - Unknown Product (CVE-2018-11740) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11740 was patched at 2024-05-15

5738. Denial of Service - Unknown Product (CVE-2018-11761) - Medium [220]

Description: {'vulners_cve_data_all': 'In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11761 was patched at 2024-05-15

5739. Denial of Service - Unknown Product (CVE-2018-12479) - Medium [220]

Description: {'vulners_cve_data_all': 'A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12479 was patched at 2024-05-15

5740. Denial of Service - Unknown Product (CVE-2018-12983) - Medium [220]

Description: {'vulners_cve_data_all': 'A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via a crafted pdf file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12983 was patched at 2024-05-15

5741. Denial of Service - Unknown Product (CVE-2018-13863) - Medium [220]

Description: {'vulners_cve_data_all': 'The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-13863 was patched at 2024-05-15

5742. Denial of Service - Unknown Product (CVE-2018-14044) - Medium [220]

Description: {'vulners_cve_data_all': 'The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14044 was patched at 2024-05-15

5743. Denial of Service - Unknown Product (CVE-2018-14045) - Medium [220]

Description: {'vulners_cve_data_all': 'The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14045 was patched at 2024-05-15

5744. Denial of Service - Unknown Product (CVE-2018-14626) - Medium [220]

Description: {'vulners_cve_data_all': 'PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14626 was patched at 2024-05-15

5745. Denial of Service - Unknown Product (CVE-2018-15173) - Medium [220]

Description: {'vulners_cve_data_all': 'Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-15173 was patched at 2024-05-15

5746. Denial of Service - Unknown Product (CVE-2018-16855) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16855 was patched at 2024-05-15

5747. Denial of Service - Unknown Product (CVE-2018-17019) - Medium [220]

Description: {'vulners_cve_data_all': 'In Bro through 2.5.5, there is a DoS in IRC protocol names command parsing in analyzer/protocol/irc/IRC.cc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17019 was patched at 2024-05-15

5748. Denial of Service - Unknown Product (CVE-2018-17144) - Medium [220]

Description: {'vulners_cve_data_all': 'Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17144 was patched at 2024-05-15

5749. Denial of Service - Unknown Product (CVE-2018-17231) - Medium [220]

Description: {'vulners_cve_data_all': 'Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue is disputed by multiple third parties because the described attack scenario does not cross a privilege boundary', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17231 was patched at 2024-05-15

5750. Denial of Service - Unknown Product (CVE-2018-18385) - Medium [220]

Description: {'vulners_cve_data_all': 'Asciidoctor in versions < 1.5.8 allows remote attackers to cause a denial of service (infinite loop). The loop was caused by the fact that Parser.next_block was not exhausting all the lines in the reader as the while loop expected it would. This was happening because the regular expression that detects any list was not agreeing with the regular expression that detects a specific list type. So the line kept getting pushed back onto the reader, hence causing the loop.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18385 was patched at 2024-05-15

5751. Denial of Service - Unknown Product (CVE-2018-18956) - Medium [220]

Description: {'vulners_cve_data_all': 'The ProcessMimeEntity function in util-decode-mime.c in Suricata 4.x before 4.0.6 allows remote attackers to cause a denial of service (segfault and daemon crash) via crafted input to the SMTP parser, as exploited in the wild in November 2018.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18956 was patched at 2024-05-15

5752. Denial of Service - Unknown Product (CVE-2018-19762) - Medium [220]

Description: {'vulners_cve_data_all': 'There is a heap-based buffer overflow at fromsixel.c (function: image_buffer_resize) in libsixel 1.8.2 that will cause a denial of service or possibly unspecified other impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19762 was patched at 2024-05-15

5753. Denial of Service - Unknown Product (CVE-2018-19963) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because x86 IOREQ server resource accounting (for external emulators) was mishandled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19963 was patched at 2024-05-15

5754. Denial of Service - Unknown Product (CVE-2018-20230) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20230 was patched at 2024-05-15

5755. Denial of Service - Unknown Product (CVE-2018-25021) - Medium [220]

Description: {'vulners_cve_data_all': 'The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-25021 was patched at 2024-05-15

5756. Denial of Service - Unknown Product (CVE-2018-6918) - Medium [220]

Description: {'vulners_cve_data_all': 'In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, the length field of the ipsec option header does not count the size of the option header itself, causing an infinite loop when the length is zero. This issue can allow a remote attacker who is able to send an arbitrary packet to cause the machine to crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6918 was patched at 2024-05-15

5757. Denial of Service - Unknown Product (CVE-2018-6923) - Medium [220]

Description: {'vulners_cve_data_all': 'In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6923 was patched at 2024-05-15

5758. Denial of Service - Unknown Product (CVE-2018-8001) - Medium [220]

Description: {'vulners_cve_data_all': 'In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-8001 was patched at 2024-05-15

5759. Denial of Service - Unknown Product (CVE-2018-8100) - Medium [220]

Description: {'vulners_cve_data_all': 'The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-8100 was patched at 2024-05-15

5760. Denial of Service - Unknown Product (CVE-2019-10055) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in Suricata 4.1.3. The function ftp_pasv_response lacks a check for the length of part1 and part2, leading to a crash within the ftp/mod.rs file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10055 was patched at 2024-05-15

5761. Denial of Service - Unknown Product (CVE-2019-1010017) - Medium [220]

Description: {'vulners_cve_data_all': 'libnmap < v0.6.3 is affected by: XML Injection. The impact is: Denial of service (DoS) by consuming resources. The component is: XML Parsing. The attack vector is: Specially crafted XML payload.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010017 was patched at 2024-05-15

5762. Denial of Service - Unknown Product (CVE-2019-1010142) - Medium [220]

Description: {'vulners_cve_data_all': 'scapy 2.4.0 is affected by: Denial of Service. The impact is: infinite loop, resource consumption and program unresponsive. The component is: _RADIUSAttrPacketListField.getfield(self..). The attack vector is: over the network or in a pcap. both work.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010142 was patched at 2024-05-15

5763. Denial of Service - Unknown Product (CVE-2019-11248) - Medium [220]

Description: {'vulners_cve_data_all': 'The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11248 was patched at 2024-05-15

5764. Denial of Service - Unknown Product (CVE-2019-12212) - Medium [220]

Description: {'vulners_cve_data_all': 'When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12212 was patched at 2024-05-15

5765. Denial of Service - Unknown Product (CVE-2019-12402) - Medium [220]

Description: {'vulners_cve_data_all': 'The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12402 was patched at 2024-05-15

5766. Denial of Service - Unknown Product (CVE-2019-12957) - Medium [220]

Description: {'vulners_cve_data_all': 'In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12957 was patched at 2024-05-15

5767. Denial of Service - Unknown Product (CVE-2019-14296) - Medium [220]

Description: {'vulners_cve_data_all': 'canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14296 was patched at 2024-05-15

5768. Denial of Service - Unknown Product (CVE-2019-17069) - Medium [220]

Description: {'vulners_cve_data_all': 'PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17069 was patched at 2024-05-15

5769. Denial of Service - Unknown Product (CVE-2019-17341) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a page-writability race condition during addition of a passed-through PCI device.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17341 was patched at 2024-05-15

5770. Denial of Service - Unknown Product (CVE-2019-1785) - Medium [220]

Description: {'vulners_cve_data_all': 'A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1785 was patched at 2024-05-15

5771. Denial of Service - Unknown Product (CVE-2019-18936) - Medium [220]

Description: {'vulners_cve_data_all': 'UniValue::read() in UniValue before 1.0.5 allow attackers to cause a denial of service (the class internal data reaches an inconsistent state) via input data that triggers an error.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-18936 was patched at 2024-05-15

5772. Denial of Service - Unknown Product (CVE-2019-19331) - Medium [220]

Description: {'vulners_cve_data_all': 'knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases taking even several CPU seconds for each such uncached message. For example, a few thousand A records can be squashed into one DNS message (limit is 64kB).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19331 was patched at 2024-05-15

5773. Denial of Service - Unknown Product (CVE-2019-19886) - Medium [220]

Description: {'vulners_cve_data_all': 'Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19886 was patched at 2024-05-15

5774. Denial of Service - Unknown Product (CVE-2019-25072) - Medium [220]

Description: {'vulners_cve_data_all': 'Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-25072 was patched at 2024-05-15

5775. Denial of Service - Unknown Product (CVE-2019-5163) - Medium [220]

Description: {'vulners_cve_data_all': 'An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a local_address, arbitrary UDP packets can cause a FATAL error code path and exit. An attacker can send arbitrary UDP packets to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5163 was patched at 2024-05-15

5776. Denial of Service - Unknown Product (CVE-2019-5611) - Medium [220]

Description: {'vulners_cve_data_all': 'In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5611 was patched at 2024-05-15

5777. Denial of Service - Unknown Product (CVE-2019-7732) - Medium [220]

Description: {'vulners_cve_data_all': 'In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7732 was patched at 2024-05-15

5778. Denial of Service - Unknown Product (CVE-2019-8376) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-8376 was patched at 2024-05-15

5779. Denial of Service - Unknown Product (CVE-2019-8377) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-8377 was patched at 2024-05-15

5780. Denial of Service - Unknown Product (CVE-2019-8381) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in Tcpreplay 4.3.1. An invalid memory access occurs in do_checksum in checksum.c. It can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-8381 was patched at 2024-05-15

5781. Denial of Service - Unknown Product (CVE-2020-10593) - Medium [220]

Description: {'vulners_cve_data_all': 'Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10593 was patched at 2024-05-15

5782. Denial of Service - Unknown Product (CVE-2020-10675) - Medium [220]

Description: {'vulners_cve_data_all': 'The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10675 was patched at 2024-05-15

5783. Denial of Service - Unknown Product (CVE-2020-10931) - Medium [220]

Description: {'vulners_cve_data_all': 'Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10931 was patched at 2024-05-15

5784. Denial of Service - Unknown Product (CVE-2020-13250) - Medium [220]

Description: {'vulners_cve_data_all': 'HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13250 was patched at 2024-05-15

5785. Denial of Service - Unknown Product (CVE-2020-15225) - Medium [220]

Description: {'vulners_cve_data_all': 'django-filter is a generic system for filtering Django QuerySets based on user selections. In django-filter before version 2.4.0, automatically generated `NumberFilter` instances, whose value was later converted to an integer, were subject to potential DoS from maliciously input using exponential format with sufficiently large exponents. Version 2.4.0+ applies a `MaxValueValidator` with a a default `limit_value` of 1e50 to the form field used by `NumberFilter` instances. In addition, `NumberFilter` implements the new `get_max_validator()` which should return a configured validator instance to customise the limit, or else `None` to disable the additional validation. Users may manually apply an equivalent validator if they are not able to upgrade.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15225 was patched at 2024-05-15

5786. Denial of Service - Unknown Product (CVE-2020-15572) - Medium [220]

Description: {'vulners_cve_data_all': 'Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15572 was patched at 2024-05-15

5787. Denial of Service - Unknown Product (CVE-2020-22570) - Medium [220]

Description: {'vulners_cve_data_all': 'Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-22570 was patched at 2024-05-15

5788. Denial of Service - Unknown Product (CVE-2020-24697) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24697 was patched at 2024-05-15

5789. Denial of Service - Unknown Product (CVE-2020-25201) - Medium [220]

Description: {'vulners_cve_data_all': 'HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25201 was patched at 2024-05-15

5790. Denial of Service - Unknown Product (CVE-2020-25574) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25574 was patched at 2024-05-15

5791. Denial of Service - Unknown Product (CVE-2020-26148) - Medium [220]

Description: {'vulners_cve_data_all': 'md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-26148 was patched at 2024-05-15

5792. Denial of Service - Unknown Product (CVE-2020-26521) - Medium [220]

Description: {'vulners_cve_data_all': 'The JWT library in NATS nats-server before 2.1.9 allows a denial of service (a nil dereference in Go code).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-26521 was patched at 2024-05-15

5793. Denial of Service - Unknown Product (CVE-2020-26566) - Medium [220]

Description: {'vulners_cve_data_all': 'A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-26566 was patched at 2024-05-15

5794. Denial of Service - Unknown Product (CVE-2020-27511) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27511 was patched at 2024-05-15

5795. Denial of Service - Unknown Product (CVE-2020-28491) - Medium [220]

Description: {'vulners_cve_data_all': 'This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28491 was patched at 2024-05-15

5796. Denial of Service - Unknown Product (CVE-2020-35381) - Medium [220]

Description: {'vulners_cve_data_all': 'jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35381 was patched at 2024-05-15

5797. Denial of Service - Unknown Product (CVE-2020-36049) - Medium [220]

Description: {'vulners_cve_data_all': 'socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36049 was patched at 2024-05-15

5798. Denial of Service - Unknown Product (CVE-2020-36120) - Medium [220]

Description: {'vulners_cve_data_all': 'Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36120 was patched at 2024-05-15

5799. Denial of Service - Unknown Product (CVE-2020-6095) - Medium [220]

Description: {'vulners_cve_data_all': 'An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-6095 was patched at 2024-05-15

5800. Denial of Service - Unknown Product (CVE-2020-6098) - Medium [220]

Description: {'vulners_cve_data_all': 'An exploitable denial of service vulnerability exists in the freeDiameter functionality of freeDiameter 1.3.2. A specially crafted Diameter request can trigger a memory corruption resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-6098 was patched at 2024-05-15

5801. Denial of Service - Unknown Product (CVE-2020-7793) - Medium [220]

Description: {'vulners_cve_data_all': 'The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7793 was patched at 2024-05-15

5802. Denial of Service - Unknown Product (CVE-2021-20718) - Medium [220]

Description: {'vulners_cve_data_all': 'mod_auth_openidc 2.4.0 to 2.4.7 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-20718 was patched at 2024-05-15

5803. Denial of Service - Unknown Product (CVE-2021-21404) - Medium [220]

Description: {'vulners_cve_data_all': 'Syncthing is a continuous file synchronization program. In Syncthing before version 1.15.0, the relay server `strelaysrv` can be caused to crash and exit by sending a relay message with a negative length field. Similarly, Syncthing itself can crash for the same reason if given a malformed message from a malicious relay server when attempting to join the relay. Relay joins are essentially random (from a subset of low latency relays) and Syncthing will by default restart when crashing, at which point it's likely to pick another non-malicious relay. This flaw is fixed in version 1.15.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-21404 was patched at 2024-05-15

5804. Denial of Service - Unknown Product (CVE-2021-23341) - Medium [220]

Description: {'vulners_cve_data_all': 'The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-23341 was patched at 2024-05-15

5805. Denial of Service - Unknown Product (CVE-2021-23382) - Medium [220]

Description: {'vulners_cve_data_all': 'The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service (ReDoS) via getAnnotationURL() and loadAnnotation() in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern \\/\\*\\s* sourceMappingURL=(.*).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-23382 was patched at 2024-05-15

5806. Denial of Service - Unknown Product (CVE-2021-26813) - Medium [220]

Description: {'vulners_cve_data_all': 'markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26813 was patched at 2024-05-15

5807. Denial of Service - Unknown Product (CVE-2021-27292) - Medium [220]

Description: {'vulners_cve_data_all': 'ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-27292 was patched at 2024-05-15

5808. Denial of Service - Unknown Product (CVE-2021-29063) - Medium [220]

Description: {'vulners_cve_data_all': 'A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Mpmath v1.0.0 through v1.2.1 when the mpmathify function is called.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29063 was patched at 2024-05-15

5809. Denial of Service - Unknown Product (CVE-2021-32821) - Medium [220]

Description: {'vulners_cve_data_all': 'MooTools is a collection of JavaScript utilities for JavaScript developers. All known versions include a CSS selector parser that is vulnerable to Regular Expression Denial of Service (ReDoS). An attack requires that an attacker can inject a string into a CSS selector at runtime, which is quite common with e.g. jQuery CSS selectors. No patches are available for this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32821 was patched at 2024-05-15

5810. Denial of Service - Unknown Product (CVE-2021-33194) - Medium [220]

Description: {'vulners_cve_data_all': 'golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33194 was patched at 2024-05-15

5811. Denial of Service - Unknown Product (CVE-2021-36691) - Medium [220]

Description: {'vulners_cve_data_all': 'libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-36691 was patched at 2024-05-15

5812. Denial of Service - Unknown Product (CVE-2021-37311) - Medium [220]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers to cause a denial of service via crafted message to the application's listening port.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37311 was patched at 2024-05-15

5813. Denial of Service - Unknown Product (CVE-2021-37714) - Medium [220]

Description: {'vulners_cve_data_all': 'jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37714 was patched at 2024-05-15

5814. Denial of Service - Unknown Product (CVE-2021-38380) - Medium [220]

Description: {'vulners_cve_data_all': 'Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38380 was patched at 2024-05-15

5815. Denial of Service - Unknown Product (CVE-2021-38576) - Medium [220]

Description: {'vulners_cve_data_all': 'A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38576 was patched at 2024-05-15

5816. Denial of Service - Unknown Product (CVE-2021-40524) - Medium [220]

Description: {'vulners_cve_data_all': 'In Pure-FTPd before 1.0.50, an incorrect max_filesize quota mechanism in the server allows attackers to upload files of unbounded size, which may lead to denial of service or a server hang. This occurs because a certain greater-than-zero test does not anticipate an initial -1 value. (Versions 1.0.23 through 1.0.49 are affected.)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40524 was patched at 2024-05-15

5817. Denial of Service - Unknown Product (CVE-2021-41498) - Medium [220]

Description: {'vulners_cve_data_all': 'Buffer overflow in ajaxsoundstudio.com Pyo &lt and 1.03 in the Server_jack_init function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41498 was patched at 2024-05-15

5818. Denial of Service - Unknown Product (CVE-2021-41499) - Medium [220]

Description: {'vulners_cve_data_all': 'Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41499 was patched at 2024-05-15

5819. Denial of Service - Unknown Product (CVE-2021-41500) - Medium [220]

Description: {'vulners_cve_data_all': 'Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41500 was patched at 2024-05-15

5820. Denial of Service - Unknown Product (CVE-2021-42613) - Medium [220]

Description: {'vulners_cve_data_all': 'A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42613 was patched at 2024-05-15

5821. Denial of Service - Unknown Product (CVE-2021-42836) - Medium [220]

Description: {'vulners_cve_data_all': 'GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42836 was patched at 2024-05-15

5822. Denial of Service - Unknown Product (CVE-2021-44492) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr_port/f_incr.c and cause a crash due to a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44492 was patched at 2024-05-15

5823. Denial of Service - Unknown Product (CVE-2021-44494) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44494 was patched at 2024-05-15

5824. Denial of Service - Unknown Product (CVE-2021-44498) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a type to be incorrectly initialized in the function f_incr in sr_port/f_incr.c and cause a crash due to a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44498 was patched at 2024-05-15

5825. Denial of Service - Unknown Product (CVE-2021-44500) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to eb_div in sr_port/eb_muldiv.c allows attackers to crash the application by performing a divide by zero.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44500 was patched at 2024-05-15

5826. Denial of Service - Unknown Product (CVE-2021-44501) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause calls to ZRead to crash due to a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44501 was patched at 2024-05-15

5827. Denial of Service - Unknown Product (CVE-2021-44508) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of NULL checks in calls to ious_open in sr_unix/ious_open.c allows attackers to crash the application by dereferencing a NULL pointer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44508 was patched at 2024-05-15

5828. Denial of Service - Unknown Product (CVE-2021-44686) - Medium [220]

Description: {'vulners_cve_data_all': 'calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44686 was patched at 2024-05-15

5829. Denial of Service - Unknown Product (CVE-2021-45290) - Medium [220]

Description: {'vulners_cve_data_all': 'A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45290 was patched at 2024-05-15

5830. Denial of Service - Unknown Product (CVE-2021-46020) - Medium [220]

Description: {'vulners_cve_data_all': 'An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can lead to a segmentation fault or application crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46020 was patched at 2024-05-15

5831. Denial of Service - Unknown Product (CVE-2021-46023) - Medium [220]

Description: {'vulners_cve_data_all': 'An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46023 was patched at 2024-05-15

5832. Denial of Service - Unknown Product (CVE-2022-24729) - Medium [220]

Description: {'vulners_cve_data_all': 'CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24729 was patched at 2024-05-15

5833. Denial of Service - Unknown Product (CVE-2022-25304) - Medium [220]

Description: {'vulners_cve_data_all': 'All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25304 was patched at 2024-05-15

5834. Denial of Service - Unknown Product (CVE-2022-25858) - Medium [220]

Description: {'vulners_cve_data_all': 'The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25858 was patched at 2024-05-15

5835. Denial of Service - Unknown Product (CVE-2022-25887) - Medium [220]

Description: {'vulners_cve_data_all': 'The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25887 was patched at 2024-05-15

5836. Denial of Service - Unknown Product (CVE-2022-25927) - Medium [220]

Description: {'vulners_cve_data_all': 'Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.\r\r', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25927 was patched at 2024-05-15

5837. Denial of Service - Unknown Product (CVE-2022-28366) - Medium [220]

Description: {'vulners_cve_data_all': 'Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-28366 was patched at 2024-05-15

5838. Denial of Service - Unknown Product (CVE-2022-28948) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-28948 was patched at 2024-05-15

5839. Denial of Service - Unknown Product (CVE-2022-32096) - Medium [220]

Description: {'vulners_cve_data_all': 'Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-32096 was patched at 2024-05-15

5840. Denial of Service - Unknown Product (CVE-2022-33903) - Medium [220]

Description: {'vulners_cve_data_all': 'Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-33903 was patched at 2024-05-15

5841. Denial of Service - Unknown Product (CVE-2022-34038) - Medium [220]

Description: {'vulners_cve_data_all': 'Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-34038 was patched at 2024-05-15

5842. Denial of Service - Unknown Product (CVE-2022-3509) - Medium [220]

Description: {'vulners_cve_data_all': 'A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3509 was patched at 2024-05-15

5843. Denial of Service - Unknown Product (CVE-2022-3616) - Medium [220]

Description: {'vulners_cve_data_all': 'Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to\xa0Donika Mirdita and\xa0Haya Shulman - Fraunhofer SIT, ATHENE, who discovered and reported this vulnerability.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3616 was patched at 2024-05-15

5844. Denial of Service - Unknown Product (CVE-2022-37599) - Medium [220]

Description: {'vulners_cve_data_all': 'A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-37599 was patched at 2024-05-15

5845. Denial of Service - Unknown Product (CVE-2022-38493) - Medium [220]

Description: {'vulners_cve_data_all': 'Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-38493 was patched at 2024-05-15

5846. Denial of Service - Unknown Product (CVE-2022-39831) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact. This issue is different from CVE-2018-20230.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-39831 was patched at 2024-05-15

5847. Denial of Service - Unknown Product (CVE-2022-39832) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue was discovered in PSPP 1.6.2. There is a heap-based buffer overflow at the function read_string in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-39832 was patched at 2024-05-15

5848. Denial of Service - Unknown Product (CVE-2022-40151) - Medium [220]

Description: {'vulners_cve_data_all': 'Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-40151 was patched at 2024-05-15

5849. Denial of Service - Unknown Product (CVE-2022-42964) - Medium [220]

Description: {'vulners_cve_data_all': 'An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the pymatgen PyPI package, when an attacker is able to supply arbitrary input to the GaussianInput.from_string method', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-42964 was patched at 2024-05-15

5850. Denial of Service - Unknown Product (CVE-2022-43357) - Medium [220]

Description: {'vulners_cve_data_all': 'Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-43357 was patched at 2024-05-15

5851. Denial of Service - Unknown Product (CVE-2022-43358) - Medium [220]

Description: {'vulners_cve_data_all': 'Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-43358 was patched at 2024-05-15

5852. Denial of Service - Unknown Product (CVE-2023-20212) - Medium [220]

Description: {'vulners_cve_data_all': 'A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. \r\n\r This vulnerability is due to a logic error in the memory management of an affected device. An attacker could exploit this vulnerability by submitting a crafted AutoIt file to be scanned by ClamAV on the affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to restart unexpectedly, resulting in a DoS condition.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-20212 was patched at 2024-05-15

5853. Denial of Service - Unknown Product (CVE-2023-22799) - Medium [220]

Description: {'vulners_cve_data_all': 'A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22799 was patched at 2024-05-15

5854. Denial of Service - Unknown Product (CVE-2023-22895) - Medium [220]

Description: {'vulners_cve_data_all': 'The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22895 was patched at 2024-05-15

5855. Denial of Service - Unknown Product (CVE-2023-26141) - Medium [220]

Description: {'vulners_cve_data_all': 'Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26141 was patched at 2024-05-15

5856. Denial of Service - Unknown Product (CVE-2023-26249) - Medium [220]

Description: {'vulners_cve_data_all': 'Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26249 was patched at 2024-05-15

5857. Denial of Service - Unknown Product (CVE-2023-27783) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-27783 was patched at 2024-05-15

5858. Denial of Service - Unknown Product (CVE-2023-27784) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-27784 was patched at 2024-05-15

5859. Denial of Service - Unknown Product (CVE-2023-27785) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-27785 was patched at 2024-05-15

5860. Denial of Service - Unknown Product (CVE-2023-27787) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-27787 was patched at 2024-05-15

5861. Denial of Service - Unknown Product (CVE-2023-27788) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-27788 was patched at 2024-05-15

5862. Denial of Service - Unknown Product (CVE-2023-27789) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-27789 was patched at 2024-05-15

5863. Denial of Service - Unknown Product (CVE-2023-2789) - Medium [220]

Description: {'vulners_cve_data_all': 'A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-2789 was patched at 2024-05-15

5864. Denial of Service - Unknown Product (CVE-2023-2798) - Medium [220]

Description: {'vulners_cve_data_all': 'Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-2798 was patched at 2024-05-15

debian: CVE-2023-27985 was patched at 2024-05-15

debian: CVE-2023-27986 was patched at 2024-05-15

5865. Denial of Service - Unknown Product (CVE-2023-28882) - Medium [220]

Description: {'vulners_cve_data_all': 'Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-28882 was patched at 2024-05-15

5866. Denial of Service - Unknown Product (CVE-2023-31517) - Medium [220]

Description: {'vulners_cve_data_all': 'A memory leak in the component CConsole::Chain of Teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via opening a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31517 was patched at 2024-05-15

5867. Denial of Service - Unknown Product (CVE-2023-31607) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the __libc_malloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31607 was patched at 2024-05-15

ubuntu: CVE-2023-31607 was patched at 2024-06-13

5868. Denial of Service - Unknown Product (CVE-2023-31608) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the artm_div_int component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31608 was patched at 2024-05-15

ubuntu: CVE-2023-31608 was patched at 2024-06-13

5869. Denial of Service - Unknown Product (CVE-2023-31609) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the dfe_unit_col_loci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31609 was patched at 2024-05-15

ubuntu: CVE-2023-31609 was patched at 2024-06-13

5870. Denial of Service - Unknown Product (CVE-2023-31610) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the _IO_default_xsputn component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31610 was patched at 2024-05-15

ubuntu: CVE-2023-31610 was patched at 2024-06-13

5871. Denial of Service - Unknown Product (CVE-2023-31611) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the __libc_longjmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31611 was patched at 2024-05-15

ubuntu: CVE-2023-31611 was patched at 2024-06-13

5872. Denial of Service - Unknown Product (CVE-2023-31612) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the dfe_qexp_list component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31612 was patched at 2024-05-15

ubuntu: CVE-2023-31612 was patched at 2024-06-13

5873. Denial of Service - Unknown Product (CVE-2023-31613) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the __nss_database_lookup component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31613 was patched at 2024-05-15

ubuntu: CVE-2023-31613 was patched at 2024-06-13

5874. Denial of Service - Unknown Product (CVE-2023-31614) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the mp_box_deserialize_string function in openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31614 was patched at 2024-05-15

ubuntu: CVE-2023-31614 was patched at 2024-06-13

5875. Denial of Service - Unknown Product (CVE-2023-31615) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the chash_array component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31615 was patched at 2024-05-15

ubuntu: CVE-2023-31615 was patched at 2024-06-13

5876. Denial of Service - Unknown Product (CVE-2023-31616) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the bif_mod component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31616 was patched at 2024-05-15

ubuntu: CVE-2023-31616 was patched at 2024-06-13

5877. Denial of Service - Unknown Product (CVE-2023-31617) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the dk_set_delete component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31617 was patched at 2024-05-15

ubuntu: CVE-2023-31617 was patched at 2024-06-13

5878. Denial of Service - Unknown Product (CVE-2023-31618) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the sqlc_union_dt_wrap component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31618 was patched at 2024-05-15

ubuntu: CVE-2023-31618 was patched at 2024-06-13

5879. Denial of Service - Unknown Product (CVE-2023-31619) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the sch_name_to_object component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31619 was patched at 2024-05-15

ubuntu: CVE-2023-31619 was patched at 2024-06-13

5880. Denial of Service - Unknown Product (CVE-2023-31620) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the dv_compare component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31620 was patched at 2024-05-15

5881. Denial of Service - Unknown Product (CVE-2023-31621) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the kc_var_col component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31621 was patched at 2024-05-15

5882. Denial of Service - Unknown Product (CVE-2023-31622) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the sqlc_make_policy_trig component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31622 was patched at 2024-05-15

5883. Denial of Service - Unknown Product (CVE-2023-31623) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the mp_box_copy component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31623 was patched at 2024-05-15

ubuntu: CVE-2023-31623 was patched at 2024-06-13

5884. Denial of Service - Unknown Product (CVE-2023-31624) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the sinv_check_exp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31624 was patched at 2024-05-15

5885. Denial of Service - Unknown Product (CVE-2023-31625) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the psiginfo component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31625 was patched at 2024-05-15

ubuntu: CVE-2023-31625 was patched at 2024-06-13

5886. Denial of Service - Unknown Product (CVE-2023-31626) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the gpf_notice component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31626 was patched at 2024-05-15

5887. Denial of Service - Unknown Product (CVE-2023-31627) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the strhash component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31627 was patched at 2024-05-15

5888. Denial of Service - Unknown Product (CVE-2023-31629) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the sqlo_union_scope component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31629 was patched at 2024-05-15

5889. Denial of Service - Unknown Product (CVE-2023-31630) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the sqlo_query_spec component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31630 was patched at 2024-05-15

5890. Denial of Service - Unknown Product (CVE-2023-31631) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the sqlo_preds_contradiction component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31631 was patched at 2024-05-15

5891. Denial of Service - Unknown Product (CVE-2023-31670) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31670 was patched at 2024-05-15

5892. Denial of Service - Unknown Product (CVE-2023-37463) - Medium [220]

Description: {'vulners_cve_data_all': 'cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-37463 was patched at 2024-05-15

5893. Denial of Service - Unknown Product (CVE-2023-39663) - Medium [220]

Description: {'vulners_cve_data_all': 'Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39663 was patched at 2024-05-15

5894. Denial of Service - Unknown Product (CVE-2023-40968) - Medium [220]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in hzeller timg v.1.5.1 and before allows a remote attacker to cause a denial of service via the 0x61200000045c address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-40968 was patched at 2024-05-15

5895. Denial of Service - Unknown Product (CVE-2023-48947) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the cha_cmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-48947 was patched at 2024-05-15

5896. Denial of Service - Unknown Product (CVE-2023-48948) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the box_div function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-48948 was patched at 2024-05-15

5897. Denial of Service - Unknown Product (CVE-2023-48952) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the box_deserialize_reusing function in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-48952 was patched at 2024-05-15

5898. Denial of Service - Unknown Product (CVE-2023-49356) - Medium [220]

Description: {'vulners_cve_data_all': 'A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49356 was patched at 2024-05-15

5899. Denial of Service - Unknown Product (CVE-2023-5072) - Medium [220]

Description: {'vulners_cve_data_all': 'Denial of Service in JSON-Java versions up to and including 20230618. \xa0A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.\xa0\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-5072 was patched at 2024-05-15

redos: CVE-2023-5072 was patched at 2024-04-25

5900. Denial of Service - Unknown Product (CVE-2023-50981) - Medium [220]

Description: {'vulners_cve_data_all': 'ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as the square of 268995137513890432434389773128616504853.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50981 was patched at 2024-05-15

5901. Denial of Service - Unknown Product (CVE-2023-51886) - Medium [220]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using \\convertpath.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51886 was patched at 2024-05-15

5902. Denial of Service - Unknown Product (CVE-2023-51888) - Medium [220]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51888 was patched at 2024-05-15

5903. Denial of Service - Unknown Product (CVE-2024-0901) - Medium [220]

Description: {'vulners_cve_data_all': 'Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-0901 was patched at 2024-05-15

5904. Denial of Service - Unknown Product (CVE-2024-1892) - Medium [220]

Description: {'vulners_cve_data_all': 'A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker can cause a denial-of-service (DoS) condition. This vulnerability allows for the system to hang and consume significant resources, potentially rendering services that utilize Scrapy for XML processing unresponsive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-1892 was patched at 2024-05-15

5905. Denial of Service - Unknown Product (CVE-2024-1931) - Medium [220]

Description: {'vulners_cve_data_all': 'NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client's buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the 'ede: yes' option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

redos: CVE-2024-1931 was patched at 2024-04-18

5906. Denial of Service - Unknown Product (CVE-2024-22189) - Medium [220]

Description: {'vulners_cve_data_all': 'quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a `RETIRE_CONNECTION_ID` frame. The attacker can prevent the receiver from sending out (the vast majority of) these `RETIRE_CONNECTION_ID` frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. Version 0.42.0 contains a patch for the issue. No known workarounds are available.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22189 was patched at 2024-05-15

5907. Denial of Service - Unknown Product (CVE-2024-23325) - Medium [220]

Description: {'vulners_cve_data_all': 'Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

redos: CVE-2024-23325 was patched at 2024-04-23

5908. Denial of Service - Unknown Product (CVE-2024-23836) - Medium [220]

Description: {'vulners_cve_data_all': 'Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23836 was patched at 2024-05-15

5909. Denial of Service - Unknown Product (CVE-2024-23837) - Medium [220]

Description: {'vulners_cve_data_all': 'LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23837 was patched at 2024-05-15

5910. Denial of Service - Unknown Product (CVE-2024-25583) - Medium [220]

Description: {'vulners_cve_data_all': 'A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25583 was patched at 2024-04-25, 2024-05-15

5911. Denial of Service - Unknown Product (CVE-2024-25710) - Medium [220]

Description: {'vulners_cve_data_all': 'Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.\n\nUsers are recommended to upgrade to version 1.26.0 which fixes the issue.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25710 was patched at 2024-05-15

5912. Denial of Service - Unknown Product (CVE-2024-4140) - Medium [220]

Description: {'vulners_cve_data_all': 'An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-4140 was patched at 2024-05-15

5913. Denial of Service - Unknown Product (CVE-2024-4340) - Medium [220]

Description: {'vulners_cve_data_all': 'Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-4340 was patched at 2024-05-15

ubuntu: CVE-2024-4340 was patched at 2024-05-13

5914. Path Traversal - Unknown Product (CVE-2006-4346) - Medium [220]

Description: {'vulners_cve_data_all': 'Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4346 was patched at 2024-05-15

5915. Path Traversal - Unknown Product (CVE-2008-0252) - Medium [220]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0252 was patched at 2024-05-15

5916. Path Traversal - Unknown Product (CVE-2009-4261) - Medium [220]

Description: {'vulners_cve_data_all': 'Multiple directory traversal vulnerabilities in the iallocator framework in Ganeti 1.2.4 through 1.2.8, 2.0.0 through 2.0.4, and 2.1.0 before 2.1.0~rc2 allow (1) remote attackers to execute arbitrary programs via a crafted external script name supplied through the HTTP remote API (RAPI) and allow (2) local users to execute arbitrary programs and gain privileges via a crafted external script name supplied through a gnt-* command, related to "path sanitization errors."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4261 was patched at 2024-05-15

5917. Path Traversal - Unknown Product (CVE-2015-1386) - Medium [220]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in unshield 1.0-1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1386 was patched at 2024-05-15

5918. Path Traversal - Unknown Product (CVE-2015-8235) - Medium [220]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in Spiffy before 5.4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8235 was patched at 2024-05-15

5919. Path Traversal - Unknown Product (CVE-2017-8921) - Medium [220]

Description: {'vulners_cve_data_all': 'In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8921 was patched at 2024-05-15

5920. Path Traversal - Unknown Product (CVE-2020-29529) - Medium [220]

Description: {'vulners_cve_data_all': 'HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-29529 was patched at 2024-05-15

5921. Path Traversal - Unknown Product (CVE-2022-29967) - Medium [220]

Description: {'vulners_cve_data_all': 'static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29967 was patched at 2024-05-15

5922. Path Traversal - Unknown Product (CVE-2022-4244) - Medium [220]

Description: {'vulners_cve_data_all': 'A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-4244 was patched at 2024-05-15

5923. Path Traversal - Unknown Product (CVE-2023-29159) - Medium [220]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29159 was patched at 2024-05-15

5924. Path Traversal - Unknown Product (CVE-2023-35852) - Medium [220]

Description: {'vulners_cve_data_all': 'In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-35852 was patched at 2024-05-15

5925. Path Traversal - Unknown Product (CVE-2023-39810) - Medium [220]

Description: {'vulners_cve_data_all': 'An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39810 was patched at 2024-05-15

5926. Security Feature Bypass - Unknown Product (CVE-2018-1313) - Medium [220]

Description: {'vulners_cve_data_all': 'In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is successful. If the server is using a policy file, the policy file must permit the database location to be read for the attack to work. The default Derby Network Server policy file distributed with the affected releases includes a permissive policy as the default Network Server policy, which allows the attack to work.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1313 was patched at 2024-05-15

5927. XXE Injection - Unknown Product (CVE-2014-3529) - Medium [220]

Description: {'vulners_cve_data_all': 'The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9715XXE Injection
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3529 was patched at 2024-05-15

5928. Information Disclosure - Unknown Product (CVE-2007-4097) - Medium [219]

Description: {'vulners_cve_data_all': 'Tor before 0.1.2.15 sends "destroy cells" containing the reason for tearing down a circuit, which allows remote attackers to obtain sensitive information, contrary to specifications.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4097 was patched at 2024-05-15

5929. Information Disclosure - Unknown Product (CVE-2007-4099) - Medium [219]

Description: {'vulners_cve_data_all': 'Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers with control of certain guard nodes to obtain sensitive information and possibly leverage further attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4099 was patched at 2024-05-15

5930. Information Disclosure - Unknown Product (CVE-2012-3482) - Medium [219]

Description: {'vulners_cve_data_all': 'Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3482 was patched at 2024-05-15

5931. Information Disclosure - Unknown Product (CVE-2012-5644) - Medium [219]

Description: {'vulners_cve_data_all': 'libuser has information disclosure when moving user's home directory', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5644 was patched at 2024-05-15

5932. Information Disclosure - Unknown Product (CVE-2013-0294) - Medium [219]

Description: {'vulners_cve_data_all': 'packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0294 was patched at 2024-05-15

5933. Information Disclosure - Unknown Product (CVE-2013-7038) - Medium [219]

Description: {'vulners_cve_data_all': 'The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7038 was patched at 2024-05-15

5934. Information Disclosure - Unknown Product (CVE-2015-1027) - Medium [219]

Description: {'vulners_cve_data_all': 'The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1027 was patched at 2024-05-15

5935. Information Disclosure - Unknown Product (CVE-2015-1828) - Medium [219]

Description: {'vulners_cve_data_all': 'The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1828 was patched at 2024-05-15

5936. Information Disclosure - Unknown Product (CVE-2015-3171) - Medium [219]

Description: {'vulners_cve_data_all': 'sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with access to /var/tmp/ to obtain sensitive information by reading the contents of the archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-3171 was patched at 2024-05-15

5937. Information Disclosure - Unknown Product (CVE-2015-3243) - Medium [219]

Description: {'vulners_cve_data_all': 'rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive information by reading files in /var/log/cron.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-3243 was patched at 2024-05-15

5938. Information Disclosure - Unknown Product (CVE-2016-7420) - Medium [219]

Description: {'vulners_cve_data_all': 'Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7420 was patched at 2024-05-15

5939. Information Disclosure - Unknown Product (CVE-2017-0647) - Medium [219]

Description: {'vulners_cve_data_all': 'An information disclosure vulnerability in libziparchive could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36392138.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0647 was patched at 2024-05-15

5940. Information Disclosure - Unknown Product (CVE-2017-1000426) - Medium [219]

Description: {'vulners_cve_data_all': 'MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000426 was patched at 2024-05-15

5941. Information Disclosure - Unknown Product (CVE-2019-2180) - Medium [219]

Description: {'vulners_cve_data_all': 'In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the printer service with no additional execution privileges needed. User interaction is not needed for exploitation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-2180 was patched at 2024-05-15

5942. Information Disclosure - Unknown Product (CVE-2019-2212) - Medium [219]

Description: {'vulners_cve_data_all': 'In poisson_distribution of random, there is an out of bounds read. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139690488', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-2212 was patched at 2024-05-15

5943. Information Disclosure - Unknown Product (CVE-2020-26683) - Medium [219]

Description: {'vulners_cve_data_all': 'A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-26683 was patched at 2024-05-15

5944. Information Disclosure - Unknown Product (CVE-2020-6104) - Medium [219]

Description: {'vulners_cve_data_all': 'An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-6104 was patched at 2024-05-15

5945. Information Disclosure - Unknown Product (CVE-2020-6106) - Medium [219]

Description: {'vulners_cve_data_all': 'An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-6106 was patched at 2024-05-15

5946. Information Disclosure - Unknown Product (CVE-2020-6107) - Medium [219]

Description: {'vulners_cve_data_all': 'An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-6107 was patched at 2024-05-15

5947. Information Disclosure - Unknown Product (CVE-2021-0938) - Medium [219]

Description: {'vulners_cve_data_all': 'In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-171418586References: Upstream kernel', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-0938 was patched at 2024-05-15

5948. Information Disclosure - Unknown Product (CVE-2021-28693) - Medium [219]

Description: {'vulners_cve_data_all': 'xen/arm: Boot modules are not scrubbed The bootloader will load boot modules (e.g. kernel, initramfs...) in a temporary area before they are copied by Xen to each domain memory. To ensure sensitive data is not leaked from the modules, Xen must "scrub" them before handing the page over to the allocator. Unfortunately, it was discovered that modules will not be scrubbed on Arm.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28693 was patched at 2024-05-15

5949. Information Disclosure - Unknown Product (CVE-2021-29429) - Medium [219]

Description: {'vulners_cve_data_all': 'In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system's umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29429 was patched at 2024-05-15

5950. Information Disclosure - Unknown Product (CVE-2021-39633) - Medium [219]

Description: {'vulners_cve_data_all': 'In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150694665References: Upstream kernel', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39633 was patched at 2024-05-15

5951. Information Disclosure - Unknown Product (CVE-2021-44962) - Medium [219]

Description: {'vulners_cve_data_all': 'An out-of-bounds read vulnerability exists in the GCode::extrude() functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially crafted stl file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44962 was patched at 2024-05-15

5952. Information Disclosure - Unknown Product (CVE-2022-20011) - Medium [219]

Description: {'vulners_cve_data_all': 'In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-214999128', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-20011 was patched at 2024-05-15

5953. Information Disclosure - Unknown Product (CVE-2022-31108) - Medium [219]

Description: {'vulners_cve_data_all': 'Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary `CSS` into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted `CSS` selectors. The following example shows how an attacker can exfiltrate the contents of an input field by bruteforcing the `value` attribute one character at a time. Whenever there is an actual match, an `http` request will be made by the browser in order to "load" a background image that will let an attacker know what's the value of the character. This issue may lead to `Information Disclosure` via CSS selectors and functions able to generate HTTP requests. This also allows an attacker to change the document in ways which may lead a user to perform unintended actions, such as clicking on a link, etc. This issue has been resolved in version 9.1.3. Users are advised to upgrade. Users unable to upgrade should ensure that user input is adequately escaped before embedding it in CSS blocks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-31108 was patched at 2024-05-15

5954. Information Disclosure - Unknown Product (CVE-2023-30259) - Medium [219]

Description: {'vulners_cve_data_all': 'A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-30259 was patched at 2024-05-15

5955. Information Disclosure - Unknown Product (CVE-2023-6935) - Medium [219]

Description: {'vulners_cve_data_all': 'wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure:\n\n--enable-all CFLAGS="-DWOLFSSL_STATIC_RSA"\n\nThe define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.\xa0 Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. The vulnerability is specific to static RSA cipher suites, and expected to be padding-independent.\n\nThe vulnerability allows an attacker to decrypt ciphertexts and forge signatures after probing with a large number of test observations. However the server’s private key is not exposed.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-6935 was patched at 2024-05-15

5956. Unknown Vulnerability Type - Bouncy Castle (CVE-2007-6721) - Medium [219]

Description: {'vulners_cve_data_all': 'The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Bouncy Castle is a collection of APIs used in cryptography
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6721 was patched at 2024-05-15

5957. Unknown Vulnerability Type - ImageMagick (CVE-2014-9852) - Medium [219]

Description: {'vulners_cve_data_all': 'distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9852 was patched at 2024-05-15

5958. Unknown Vulnerability Type - Perl (CVE-2003-0789) - Medium [219]

Description: {'vulners_cve_data_all': 'mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0789 was patched at 2024-05-15

5959. Unknown Vulnerability Type - Perl (CVE-2005-2023) - Medium [219]

Description: {'vulners_cve_data_all': 'The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent pinentry from being found and causes S/MIME signing to fail.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2023 was patched at 2024-05-15

5960. Unknown Vulnerability Type - Perl (CVE-2005-2541) - Medium [219]

Description: {'vulners_cve_data_all': 'Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2541 was patched at 2024-05-15

5961. Unknown Vulnerability Type - Perl (CVE-2005-2700) - Medium [219]

Description: {'vulners_cve_data_all': 'ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2700 was patched at 2024-05-15

5962. Unknown Vulnerability Type - Perl (CVE-2007-3023) - Medium [219]

Description: {'vulners_cve_data_all': 'unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3023 was patched at 2024-05-15

5963. Unknown Vulnerability Type - Perl (CVE-2010-0098) - Medium [219]

Description: {'vulners_cve_data_all': 'ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0098 was patched at 2024-05-15

5964. Unknown Vulnerability Type - Perl (CVE-2010-2540) - Medium [219]

Description: {'vulners_cve_data_all': 'mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2540 was patched at 2024-05-15

5965. Unknown Vulnerability Type - Perl (CVE-2010-3438) - Medium [219]

Description: {'vulners_cve_data_all': 'libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\\rQUIT" to the 'privmsg' handler, which would cause the client to disconnect from the server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3438 was patched at 2024-05-15

5966. Unknown Vulnerability Type - Perl (CVE-2010-3845) - Medium [219]

Description: {'vulners_cve_data_all': 'libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3845 was patched at 2024-05-15

5967. Unknown Vulnerability Type - Perl (CVE-2010-4725) - Medium [219]

Description: {'vulners_cve_data_all': 'Smarty before 3.0.0 RC3 does not properly handle an on value of the asp_tags option in the php.ini file, which has unspecified impact and remote attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4725 was patched at 2024-05-15

5968. Unknown Vulnerability Type - Perl (CVE-2010-4727) - Medium [219]

Description: {'vulners_cve_data_all': 'Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> tags, which has unspecified impact and remote attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4727 was patched at 2024-05-15

5969. Unknown Vulnerability Type - Perl (CVE-2010-4802) - Medium [219]

Description: {'vulners_cve_data_all': 'Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4802 was patched at 2024-05-15

5970. Unknown Vulnerability Type - Perl (CVE-2010-4803) - Medium [219]

Description: {'vulners_cve_data_all': 'Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4803 was patched at 2024-05-15

5971. Unknown Vulnerability Type - Perl (CVE-2012-2653) - Medium [219]

Description: {'vulners_cve_data_all': 'arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly others, does not properly drop supplementary groups, which might allow attackers to gain root privileges by leveraging other vulnerabilities in the daemon.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2653 was patched at 2024-05-15

5972. Unknown Vulnerability Type - Perl (CVE-2013-1437) - Medium [219]

Description: {'vulners_cve_data_all': 'Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1437 was patched at 2024-05-15

5973. Unknown Vulnerability Type - Perl (CVE-2013-6617) - Medium [219]

Description: {'vulners_cve_data_all': 'The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6617 was patched at 2024-05-15

5974. Unknown Vulnerability Type - Perl (CVE-2015-8954) - Medium [219]

Description: {'vulners_cve_data_all': 'The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8954 was patched at 2024-05-15

5975. Unknown Vulnerability Type - Perl (CVE-2016-1239) - Medium [219]

Description: {'vulners_cve_data_all': 'duck before 0.10 did not properly handle loading of untrusted code from the current directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1239 was patched at 2024-05-15

5976. Unknown Vulnerability Type - Perl (CVE-2017-16042) - Medium [219]

Description: {'vulners_cve_data_all': 'Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16042 was patched at 2024-05-15

5977. Unknown Vulnerability Type - Perl (CVE-2018-13818) - Medium [219]

Description: {'vulners_cve_data_all': 'Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-13818 was patched at 2024-05-15

5978. Unknown Vulnerability Type - Perl (CVE-2018-7753) - Medium [219]

Description: {'vulners_cve_data_all': 'An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allowed that would slide through unsanitized.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7753 was patched at 2024-05-15

5979. Unknown Vulnerability Type - Perl (CVE-2018-9127) - Medium [219]

Description: {'vulners_cve_data_all': 'Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must already have a wildcard certificate matching other hosts in the same domain. For example, b*.example.com would match some hostnames that do not begin with a 'b' character.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-9127 was patched at 2024-05-15

5980. Unknown Vulnerability Type - Perl (CVE-2019-16224) - Medium [219]

Description: {'vulners_cve_data_all': 'An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16224 was patched at 2024-05-15

5981. Unknown Vulnerability Type - Perl (CVE-2019-16225) - Medium [219]

Description: {'vulners_cve_data_all': 'An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16225 was patched at 2024-05-15

5982. Unknown Vulnerability Type - Perl (CVE-2019-3807) - Medium [219]

Description: {'vulners_cve_data_all': 'An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-3807 was patched at 2024-05-15

5983. Unknown Vulnerability Type - Perl (CVE-2021-38443) - Medium [219]

Description: {'vulners_cve_data_all': 'Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38443 was patched at 2024-05-15

5984. Unknown Vulnerability Type - Perl (CVE-2023-26036) - Medium [219]

Description: {'vulners_cve_data_all': 'ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be executed. This is supposed to be mitigated by calling detaintPath, however dentaintPath does not properly sandbox the path. This can be exploited by constructing paths like "..././", which get replaced by "../". This issue is patched in versions 1.36.33 and 1.37.33.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26036 was patched at 2024-05-15

5985. Unknown Vulnerability Type - Python (CVE-2013-2166) - Medium [219]

Description: {'vulners_cve_data_all': 'python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2166 was patched at 2024-05-15

5986. Unknown Vulnerability Type - Python (CVE-2014-3007) - Medium [219]

Description: {'vulners_cve_data_all': 'Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3007 was patched at 2024-05-15

5987. Unknown Vulnerability Type - Python (CVE-2021-42576) - Medium [219]

Description: {'vulners_cve_data_all': 'The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42576 was patched at 2024-05-15

5988. Unknown Vulnerability Type - Redis (CVE-2017-1000248) - Medium [219]

Description: {'vulners_cve_data_all': 'Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000248 was patched at 2024-05-15

5989. Unknown Vulnerability Type - pgAdmin (CVE-2019-10784) - Medium [219]

Description: {'vulners_cve_data_all': 'phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world
CVSS Base Score1.010CVSS Base Score is 9.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10784 was patched at 2024-05-15

5990. Arbitrary File Writing - Unknown Product (CVE-2005-4803) - Medium [217]

Description: {'vulners_cve_data_all': 'graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4803 was patched at 2024-05-15

5991. Arbitrary File Writing - Unknown Product (CVE-2006-1753) - Medium [217]

Description: {'vulners_cve_data_all': 'A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1753 was patched at 2024-05-15

5992. Arbitrary File Writing - Unknown Product (CVE-2007-0007) - Medium [217]

Description: {'vulners_cve_data_all': 'gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0007 was patched at 2024-05-15

5993. Arbitrary File Writing - Unknown Product (CVE-2007-1444) - Medium [217]

Description: {'vulners_cve_data_all': 'netserver in netperf 2.4.3 allows local users to overwrite arbitrary files via a symlink attack on /tmp/netperf.debug.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1444 was patched at 2024-05-15

5994. Arbitrary File Writing - Unknown Product (CVE-2007-2654) - Medium [217]

Description: {'vulners_cve_data_all': 'xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2654 was patched at 2024-05-15

5995. Arbitrary File Writing - Unknown Product (CVE-2007-6208) - Medium [217]

Description: {'vulners_cve_data_all': 'sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6208 was patched at 2024-05-15

5996. Arbitrary File Writing - Unknown Product (CVE-2008-0665) - Medium [217]

Description: {'vulners_cve_data_all': 'wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 allows local users to overwrite arbitrary files via a symlink attack on the ipp.$$.tmp temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0665 was patched at 2024-05-15

5997. Arbitrary File Writing - Unknown Product (CVE-2008-0806) - Medium [217]

Description: {'vulners_cve_data_all': 'wyrd 1.4.3b allows local users to overwrite arbitrary files via a symlink attack on the wyrd-tmp.[USERID] temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0806 was patched at 2024-05-15

5998. Arbitrary File Writing - Unknown Product (CVE-2008-2266) - Medium [217]

Description: {'vulners_cve_data_all': 'uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2266 was patched at 2024-05-15

5999. Arbitrary File Writing - Unknown Product (CVE-2008-2958) - Medium [217]

Description: {'vulners_cve_data_all': 'Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows local users to overwrite arbitrary files and have other impacts via symlink and possibly other attacks on temporary working directories.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2958 was patched at 2024-05-15

6000. Arbitrary File Writing - Unknown Product (CVE-2008-4085) - Medium [217]

Description: {'vulners_cve_data_all': 'plaiter in Plait before 1.6 allows local users to overwrite arbitrary files via a symlink attack on (1) cut.$$, (2) head.$$, (3) awk.$$, and (4) ps.$$ temporary files in /tmp/.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4085 was patched at 2024-05-15

6001. Arbitrary File Writing - Unknown Product (CVE-2008-6397) - Medium [217]

Description: {'vulners_cve_data_all': 'rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6397 was patched at 2024-05-15

6002. Arbitrary File Writing - Unknown Product (CVE-2009-1253) - Medium [217]

Description: {'vulners_cve_data_all': 'James Stone Tunapie 2.1 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1253 was patched at 2024-05-15

6003. Arbitrary File Writing - Unknown Product (CVE-2011-2185) - Medium [217]

Description: {'vulners_cve_data_all': 'Fabric before 1.1.0 allows local users to overwrite arbitrary files via a symlink attack on (1) a /tmp/fab.*.tar file or (2) certain other files in the top level of /tmp/.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2185 was patched at 2024-05-15

6004. Arbitrary File Writing - Unknown Product (CVE-2011-4606) - Medium [217]

Description: {'vulners_cve_data_all': 'Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4606 was patched at 2024-05-15

6005. Arbitrary File Writing - Unknown Product (CVE-2012-1989) - Medium [217]

Description: {'vulners_cve_data_all': 'telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1989 was patched at 2024-05-15

6006. Arbitrary File Writing - Unknown Product (CVE-2012-3449) - Medium [217]

Description: {'vulners_cve_data_all': 'Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3449 was patched at 2024-05-15

6007. Arbitrary File Writing - Unknown Product (CVE-2012-3453) - Medium [217]

Description: {'vulners_cve_data_all': 'logol 1.5.0 uses world writable permissions for the /var/lib/logol/results directory, which allows local users to delete or overwrite arbitrary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3453 was patched at 2024-05-15

6008. Arbitrary File Writing - Unknown Product (CVE-2012-4417) - Medium [217]

Description: {'vulners_cve_data_all': 'GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4417 was patched at 2024-05-15

6009. Arbitrary File Writing - Unknown Product (CVE-2014-1838) - Medium [217]

Description: {'vulners_cve_data_all': 'The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via a symlink attack on /tmp/toto.fdf.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1838 was patched at 2024-05-15

6010. Open Redirect - Unknown Product (CVE-2022-31151) - Medium [217]

Description: {'vulners_cve_data_all': 'Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. This was patched in v5.7.1. By default, this vulnerability is not exploitable. Do not enable redirections, i.e. `maxRedirections: 0` (the default).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.7515Open Redirect
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-31151 was patched at 2024-05-15

6011. Unknown Vulnerability Type - APT (CVE-2003-0489) - Medium [216]

Description: {'vulners_cve_data_all': 'tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0489 was patched at 2024-05-15

6012. Unknown Vulnerability Type - APT (CVE-2010-2532) - Medium [216]

Description: {'vulners_cve_data_all': 'lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2532 was patched at 2024-05-15

6013. Unknown Vulnerability Type - APT (CVE-2023-38314) - Medium [216]

Description: {'vulners_cve_data_all': 'An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38314 was patched at 2024-05-15

6014. Unknown Vulnerability Type - Binutils (CVE-2021-32256) - Medium [216]

Description: {'vulners_cve_data_all': 'An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32256 was patched at 2024-05-15

6015. Unknown Vulnerability Type - GNOME desktop (CVE-2003-0070) - Medium [216]

Description: {'vulners_cve_data_all': 'VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0070 was patched at 2024-05-15

6016. Unknown Vulnerability Type - GNOME desktop (CVE-2006-7240) - Medium [216]

Description: {'vulners_cve_data_all': 'gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-7240 was patched at 2024-05-15

6017. Unknown Vulnerability Type - GNOME desktop (CVE-2008-7320) - Medium [216]

Description: {'vulners_cve_data_all': 'GNOME Seahorse through 3.30 allows physically proximate attackers to read plaintext passwords by using the quickAllow dialog at an unattended workstation, if the keyring is unlocked. NOTE: this is disputed by a software maintainer because the behavior represents a design decision', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7320 was patched at 2024-05-15

6018. Unknown Vulnerability Type - GNOME desktop (CVE-2009-4641) - Medium [216]

Description: {'vulners_cve_data_all': 'gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4641 was patched at 2024-05-15

6019. Unknown Vulnerability Type - GNOME desktop (CVE-2009-4642) - Medium [216]

Description: {'vulners_cve_data_all': 'gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4642 was patched at 2024-05-15

6020. Unknown Vulnerability Type - GNOME desktop (CVE-2009-4997) - Medium [216]

Description: {'vulners_cve_data_all': 'gnome-power-manager 2.27.92 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: this issue exists because of a regression that followed a gnome-power-manager fix a few years earlier.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4997 was patched at 2024-05-15

6021. Unknown Vulnerability Type - GNOME desktop (CVE-2010-0414) - Medium [216]

Description: {'vulners_cve_data_all': 'gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0414 was patched at 2024-05-15

6022. Unknown Vulnerability Type - GNOME desktop (CVE-2010-2713) - Medium [216]

Description: {'vulners_cve_data_all': 'The vte_sequence_handler_window_manipulation function in vteseq.c in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a (1) window title or (2) icon title sequence. NOTE: this issue exists because of a CVE-2003-0070 regression.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2713 was patched at 2024-05-15

6023. Unknown Vulnerability Type - GNOME desktop (CVE-2010-3357) - Medium [216]

Description: {'vulners_cve_data_all': 'gnome-subtitles 1.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3357 was patched at 2024-05-15

6024. Unknown Vulnerability Type - GNOME desktop (CVE-2010-4000) - Medium [216]

Description: {'vulners_cve_data_all': 'gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4000 was patched at 2024-05-15

6025. Unknown Vulnerability Type - GNOME desktop (CVE-2012-4427) - Medium [216]

Description: {'vulners_cve_data_all': 'The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4427 was patched at 2024-05-15

6026. Unknown Vulnerability Type - GNOME desktop (CVE-2013-7449) - Medium [216]

Description: {'vulners_cve_data_all': 'The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7449 was patched at 2024-05-15

6027. Unknown Vulnerability Type - GNOME desktop (CVE-2014-1949) - Medium [216]

Description: {'vulners_cve_data_all': 'GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1949 was patched at 2024-05-15

6028. Unknown Vulnerability Type - GNOME desktop (CVE-2020-11879) - Medium [216]

Description: {'vulners_cve_data_all': 'An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11879 was patched at 2024-05-15

6029. Unknown Vulnerability Type - GNOME desktop (CVE-2020-24904) - Medium [216]

Description: {'vulners_cve_data_all': 'An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24904 was patched at 2024-05-15

6030. Unknown Vulnerability Type - Google Chrome (CVE-2011-3640) - Medium [216]

Description: {'vulners_cve_data_all': 'Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Google Chrome is a popular, free web browser developed by Google. It was first released in 2008 and is available for various operating systems, including Microsoft Windows, Apple macOS, Linux, Android, and iOS.
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3640 was patched at 2024-05-15

6031. Unknown Vulnerability Type - Mozilla Firefox (CVE-2006-6501) - Medium [216]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6501 was patched at 2024-05-15

6032. Unknown Vulnerability Type - Mozilla Firefox (CVE-2007-1084) - Medium [216]

Description: {'vulners_cve_data_all': 'Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1084 was patched at 2024-05-15

6033. Unknown Vulnerability Type - Node.js (CVE-2018-11798) - Medium [216]

Description: {'vulners_cve_data_all': 'The Apache Thrift Node.js static web server in versions 0.9.2 through 0.11.0 have been determined to contain a security vulnerability in which a remote user has the ability to access files outside the set webservers docroot path.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11798 was patched at 2024-05-15

6034. Unknown Vulnerability Type - Node.js (CVE-2022-31150) - Medium [216]

Description: {'vulners_cve_data_all': 'undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate `\\r\\n` is a workaround for this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-31150 was patched at 2024-05-15

6035. Unknown Vulnerability Type - Node.js (CVE-2024-28863) - Medium [216]

Description: {'vulners_cve_data_all': 'node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28863 was patched at 2024-05-15

6036. Unknown Vulnerability Type - OpenSSH (CVE-2008-1657) - Medium [216]

Description: {'vulners_cve_data_all': 'OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1657 was patched at 2024-05-15

6037. Unknown Vulnerability Type - OpenSSH (CVE-2008-3234) - Medium [216]

Description: {'vulners_cve_data_all': 'sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3234 was patched at 2024-05-15

6038. Unknown Vulnerability Type - OpenSSL (CVE-2009-1390) - Medium [216]

Description: {'vulners_cve_data_all': 'Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1390 was patched at 2024-05-15

6039. Unknown Vulnerability Type - PHP (CVE-2005-4349) - Medium [216]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4349 was patched at 2024-05-15

6040. Unknown Vulnerability Type - PHP (CVE-2007-0107) - Medium [216]

Description: {'vulners_cve_data_all': 'WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after escaping the SQL query, which allows remote attackers to bypass SQL injection protection schemes and execute arbitrary SQL commands via multibyte charsets, as demonstrated using UTF-7.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0107 was patched at 2024-05-15

6041. Unknown Vulnerability Type - PHP (CVE-2007-2630) - Medium [216]

Description: {'vulners_cve_data_all': 'Incomplete blacklist vulnerability in filemanager/browser/default/connectors/php/config.php in the FCKeditor module, as used in ActiveCampaign 1-2-All (aka 12All) 4.50 through 4.53.13, and possibly other products, allows remote authenticated administrators to upload and possibly execute .php4 and .php5 files via unspecified vectors. NOTE: this issue is reachable through filemanager/browser/default/browser.html.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2630 was patched at 2024-05-15

6042. Unknown Vulnerability Type - PHP (CVE-2007-3215) - Medium [216]

Description: {'vulners_cve_data_all': 'PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3215 was patched at 2024-05-15

6043. Unknown Vulnerability Type - PHP (CVE-2007-3544) - Medium [216]

Description: {'vulners_cve_data_all': 'Unrestricted file upload vulnerability in (1) wp-app.php and (2) app.php in WordPress 2.2.1 and WordPress MU 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code via unspecified vectors, possibly related to the wp_postmeta table and the use of custom fields in normal (non-attachment) posts. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2007-3543.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3544 was patched at 2024-05-15

6044. Unknown Vulnerability Type - PHP (CVE-2007-4154) - Medium [216]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in options.php in WordPress 2.2.1 allows remote authenticated administrators to execute arbitrary SQL commands via the page_options parameter to (1) options-general.php, (2) options-writing.php, (3) options-reading.php, (4) options-discussion.php, (5) options-privacy.php, (6) options-permalink.php, (7) options-misc.php, and possibly other unspecified components.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4154 was patched at 2024-05-15

6045. Unknown Vulnerability Type - PHP (CVE-2008-5906) - Medium [216]

Description: {'vulners_cve_data_all': 'Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5906 was patched at 2024-05-15

6046. Unknown Vulnerability Type - PHP (CVE-2010-0289) - Medium [216]

Description: {'vulners_cve_data_all': 'Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0289 was patched at 2024-05-15

6047. Unknown Vulnerability Type - PHP (CVE-2010-1733) - Medium [216]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the "Software name" field to the "All softwares" search form, reachable through index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1733 was patched at 2024-05-15

6048. Unknown Vulnerability Type - PHP (CVE-2012-0811) - Medium [216]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0811 was patched at 2024-05-15

6049. Unknown Vulnerability Type - PHP (CVE-2012-4448) - Medium [216]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboard_incoming_links edit action.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4448 was patched at 2024-05-15

6050. Unknown Vulnerability Type - PHP (CVE-2013-7233) - Medium [216]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7233 was patched at 2024-05-15

6051. Unknown Vulnerability Type - PHP (CVE-2014-9235) - Medium [216]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9235 was patched at 2024-05-15

6052. Unknown Vulnerability Type - PHP (CVE-2015-2308) - Medium [216]

Description: {'vulners_cve_data_all': 'Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2308 was patched at 2024-05-15

6053. Unknown Vulnerability Type - PHP (CVE-2017-6819) - Medium [216]

Description: {'vulners_cve_data_all': 'In WordPress before 4.7.3, there is cross-site request forgery (CSRF) in Press This (wp-admin/includes/class-wp-press-this.php), leading to excessive use of server resources. The CSRF can trigger an outbound HTTP request for a large file that is then parsed by Press This.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6819 was patched at 2024-05-15

6054. Unknown Vulnerability Type - PHP (CVE-2018-14028) - Medium [216]

Description: {'vulners_cve_data_all': 'In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14028 was patched at 2024-05-15

6055. Unknown Vulnerability Type - PHP (CVE-2020-18184) - Medium [216]

Description: {'vulners_cve_data_all': 'In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18184 was patched at 2024-05-15

6056. Unknown Vulnerability Type - PHP (CVE-2023-26038) - Medium [216]

Description: {'vulners_cve_data_all': 'ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via web/ajax/modal.php, where an arbitrary php file path can be passed in the request and loaded. This issue is patched in versions 1.36.33 and 1.37.33.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26038 was patched at 2024-05-15

6057. Unknown Vulnerability Type - PHP (CVE-2023-46733) - Medium [216]

Description: {'vulners_cve_data_all': 'Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, `SessionStrategyListener` does not migrate the session after every successful login. It does so only in case the logged in user changes by means of checking the user identifier. In some use cases, the user identifier doesn't change between the verification phase and the successful login, while the token itself changes from one type (partially-authenticated) to another (fully-authenticated). When this happens, the session id should be regenerated to prevent possible session fixations, which is not the case at the moment. As of versions 5.4.31 and 6.3.8, Symfony now checks the type of the token in addition to the user identifier before deciding whether the session id should be regenerated.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46733 was patched at 2024-05-15

6058. Unknown Vulnerability Type - RPC (CVE-2007-1897) - Medium [216]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1897 was patched at 2024-05-15

6059. Unknown Vulnerability Type - RPC (CVE-2007-3140) - Medium [216]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3140 was patched at 2024-05-15

6060. Unknown Vulnerability Type - RPC (CVE-2010-0668) - Medium [216]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0668 was patched at 2024-05-15

6061. Unknown Vulnerability Type - RPC (CVE-2010-2064) - Medium [216]

Description: {'vulners_cve_data_all': 'rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2064 was patched at 2024-05-15

6062. Unknown Vulnerability Type - RPC (CVE-2010-5106) - Medium [216]

Description: {'vulners_cve_data_all': 'The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-5106 was patched at 2024-05-15

6063. Unknown Vulnerability Type - RPC (CVE-2015-2172) - Medium [216]

Description: {'vulners_cve_data_all': 'DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2172 was patched at 2024-05-15

6064. Unknown Vulnerability Type - RPC (CVE-2021-41803) - Medium [216]

Description: {'vulners_cve_data_all': 'HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41803 was patched at 2024-05-15

6065. Unknown Vulnerability Type - RPC (CVE-2022-40716) - Medium [216]

Description: {'vulners_cve_data_all': 'HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-40716 was patched at 2024-05-15

6066. Unknown Vulnerability Type - Safari (CVE-2017-7011) - Medium [216]

Description: {'vulners_cve_data_all': 'An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof the address bar via a crafted web site that uses FRAME elements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Safari is a web browser developed by Apple. It is built into Apple's operating systems, including macOS, iOS, iPadOS and their upcoming VisionOS, and uses Apple's open-source browser engine WebKit, which was derived from KHTML.
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7011 was patched at 2024-05-15

6067. Unknown Vulnerability Type - Samba (CVE-2004-0186) - Medium [216]

Description: {'vulners_cve_data_all': 'smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0186 was patched at 2024-05-15

6068. Unknown Vulnerability Type - Samba (CVE-2007-2444) - Medium [216]

Description: {'vulners_cve_data_all': 'Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2444 was patched at 2024-05-15

6069. Unknown Vulnerability Type - Xlib (CVE-2006-4447) - Medium [216]

Description: {'vulners_cve_data_all': 'X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Xlib (also known as libX11) is an X Window System protocol client library written in the C programming language
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4447 was patched at 2024-05-15

6070. Memory Corruption - Git (CVE-2023-22485) - Medium [215]

Description: cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the `validate_protocol` function. We believe this bug is harmless in practice, because the out-of-bounds read accesses `malloc` metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414Git
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22485 was patched at 2024-05-15

6071. Cross Site Scripting - Unknown Product (CVE-2010-1673) - Medium [214]

Description: {'vulners_cve_data_all': 'A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1673 was patched at 2024-05-15

6072. Cross Site Scripting - Unknown Product (CVE-2011-0428) - Medium [214]

Description: {'vulners_cve_data_all': 'Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0428 was patched at 2024-05-15

6073. Cross Site Scripting - Unknown Product (CVE-2012-0812) - Medium [214]

Description: {'vulners_cve_data_all': 'PostfixAdmin 2.3.4 has multiple XSS vulnerabilities', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0812 was patched at 2024-05-15

6074. Cross Site Scripting - Unknown Product (CVE-2013-3565) - Medium [214]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-3565 was patched at 2024-05-15

6075. Cross Site Scripting - Unknown Product (CVE-2013-7370) - Medium [214]

Description: {'vulners_cve_data_all': 'node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7370 was patched at 2024-05-15

6076. Cross Site Scripting - Unknown Product (CVE-2014-6071) - Medium [214]

Description: {'vulners_cve_data_all': 'jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-6071 was patched at 2024-05-15

6077. Cross Site Scripting - Unknown Product (CVE-2014-9905) - Medium [214]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9905 was patched at 2024-05-15

6078. Cross Site Scripting - Unknown Product (CVE-2015-2793) - Medium [214]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2793 was patched at 2024-05-15

6079. Cross Site Scripting - Unknown Product (CVE-2015-7578) - Medium [214]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7578 was patched at 2024-05-15

6080. Cross Site Scripting - Unknown Product (CVE-2015-7580) - Medium [214]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7580 was patched at 2024-05-15

6081. Cross Site Scripting - Unknown Product (CVE-2015-8010) - Medium [214]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8010 was patched at 2024-05-15

6082. Cross Site Scripting - Unknown Product (CVE-2015-8477) - Medium [214]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8477 was patched at 2024-05-15

6083. Cross Site Scripting - Unknown Product (CVE-2016-10006) - Medium [214]

Description: {'vulners_cve_data_all': 'In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. The impact is XSS.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10006 was patched at 2024-05-15

6084. Cross Site Scripting - Unknown Product (CVE-2016-10203) - Medium [214]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10203 was patched at 2024-05-15

6085. Cross Site Scripting - Unknown Product (CVE-2016-10515) - Medium [214]

Description: {'vulners_cve_data_all': 'In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10515 was patched at 2024-05-15

6086. Cross Site Scripting - Unknown Product (CVE-2016-4566) - Medium [214]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4566 was patched at 2024-05-15

6087. Cross Site Scripting - Unknown Product (CVE-2016-4567) - Medium [214]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4567 was patched at 2024-05-15

6088. Cross Site Scripting - Unknown Product (CVE-2016-5303) - Medium [214]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5303 was patched at 2024-05-15

6089. Cross Site Scripting - Unknown Product (CVE-2016-6191) - Medium [214]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL, or (4) Title field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6191 was patched at 2024-05-15

6090. Cross Site Scripting - Unknown Product (CVE-2016-6347) - Medium [214]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6347 was patched at 2024-05-15

6091. Cross Site Scripting - Unknown Product (CVE-2016-6348) - Medium [214]

Description: {'vulners_cve_data_all': 'JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6348 was patched at 2024-05-15

6092. Cross Site Scripting - Unknown Product (CVE-2016-9909) - Medium [214]

Description: {'vulners_cve_data_all': 'The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9909 was patched at 2024-05-15

6093. Cross Site Scripting - Unknown Product (CVE-2016-9910) - Medium [214]

Description: {'vulners_cve_data_all': 'The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9910 was patched at 2024-05-15

6094. Cross Site Scripting - Unknown Product (CVE-2017-1000035) - Medium [214]

Description: {'vulners_cve_data_all': 'Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000035 was patched at 2024-05-15

6095. Cross Site Scripting - Unknown Product (CVE-2017-1000427) - Medium [214]

Description: {'vulners_cve_data_all': 'marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000427 was patched at 2024-05-15

6096. Cross Site Scripting - Unknown Product (CVE-2017-11737) - Medium [214]

Description: {'vulners_cve_data_all': 'interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS via the Subject and Message-Id headers, which are mishandled in the history page.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11737 was patched at 2024-05-15

6097. Cross Site Scripting - Unknown Product (CVE-2017-14735) - Medium [214]

Description: {'vulners_cve_data_all': 'OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of &colon; to construct a javascript: URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14735 was patched at 2024-05-15

6098. Cross Site Scripting - Unknown Product (CVE-2017-15612) - Medium [214]

Description: {'vulners_cve_data_all': 'mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\\nscript:) or a crafted email address, related to the escape and autolink functions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15612 was patched at 2024-05-15

6099. Cross Site Scripting - Unknown Product (CVE-2017-16876) - Medium [214]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16876 was patched at 2024-05-15

6100. Cross Site Scripting - Unknown Product (CVE-2017-6818) - Medium [214]

Description: {'vulners_cve_data_all': 'In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6818 was patched at 2024-05-15

6101. Cross Site Scripting - Unknown Product (CVE-2018-1000088) - Medium [214]

Description: {'vulners_cve_data_all': 'Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting (XSS) vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be exploitable via The victim must be tricked to click an opaque link to the web view that runs the XSS payload. A malicious version virtually indistinguishable from a normal link.. This vulnerability appears to have been fixed in 4.2.6, 4.3.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000088 was patched at 2024-05-15

6102. Cross Site Scripting - Unknown Product (CVE-2018-1000557) - Medium [214]

Description: {'vulners_cve_data_all': 'OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting (XSS) vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary (javascript) code within a victims' browser. This attack appear to be exploitable via Victim must open a crafted link to the application. This vulnerability appears to have been fixed in ocsreports 2.4.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000557 was patched at 2024-05-15

6103. Cross Site Scripting - Unknown Product (CVE-2018-1000559) - Medium [214]

Description: {'vulners_cve_data_all': 'qutebrowser version introduced in v0.11.0 (1179ee7a937fb31414d77d9970bac21095358449) contains a Cross Site Scripting (XSS) vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be exploitable via the victim must open a page with a specially crafted <title> attribute, and then open the qute://history site via the :history command. This vulnerability appears to have been fixed in fixed in v1.3.3 (4c9360237f186681b1e3f2a0f30c45161cf405c7, to be released today) and v1.4.0 (5a7869f2feaa346853d2a85413d6527c87ef0d9f, released later this week).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000559 was patched at 2024-05-15

6104. Cross Site Scripting - Unknown Product (CVE-2018-1000665) - Medium [214]

Description: {'vulners_cve_data_all': 'Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. This attack appear to be exploitable via Victims are typically lured to a web site under the attacker's control; the XSS vulnerability on the target domain is silently exploited without the victim's knowledge. This vulnerability appears to have been fixed in 1.14.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000665 was patched at 2024-05-15

6105. Cross Site Scripting - Unknown Product (CVE-2018-1000998) - Medium [214]

Description: {'vulners_cve_data_all': 'FreeBSD CVSweb version 2.x contains a Cross Site Scripting (XSS) vulnerability in all pages that can result in limited impact--CVSweb is anonymous & read-only. It might impact other sites on same domain. This attack appears to be exploitable via victim must load specially crafted url. This vulnerability appears to have been fixed in 3.x.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000998 was patched at 2024-05-15

6106. Cross Site Scripting - Unknown Product (CVE-2018-15634) - Medium [214]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-15634 was patched at 2024-05-15

6107. Cross Site Scripting - Unknown Product (CVE-2018-18248) - Medium [214]

Description: {'vulners_cve_data_all': 'Icinga Web 2 has XSS via the /icingaweb2/monitoring/list/services dir parameter, the /icingaweb2/user/list query string, the /icingaweb2/monitoring/timeline query string, or the /icingaweb2/setup query string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18248 was patched at 2024-05-15

6108. Cross Site Scripting - Unknown Product (CVE-2018-18405) - Medium [214]

Description: {'vulners_cve_data_all': 'jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18405 was patched at 2024-05-15

6109. Cross Site Scripting - Unknown Product (CVE-2018-19131) - Medium [214]

Description: {'vulners_cve_data_all': 'Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19131 was patched at 2024-05-15

6110. Cross Site Scripting - Unknown Product (CVE-2018-19352) - Medium [214]

Description: {'vulners_cve_data_all': 'Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19352 was patched at 2024-05-15

6111. Cross Site Scripting - Unknown Product (CVE-2018-25052) - Medium [214]

Description: {'vulners_cve_data_all': 'A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function _load_sessionid of the file lib/Catalyst/Plugin/Session.pm of the component Session ID Handler. The manipulation of the argument sid leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.41 is able to address this issue. The name of the patch is 88d1b599e1163761c9bd53bec53ba078f13e09d4. It is recommended to upgrade the affected component. VDB-216958 is the identifier assigned to this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-25052 was patched at 2024-05-15

6112. Cross Site Scripting - Unknown Product (CVE-2018-3769) - Medium [214]

Description: {'vulners_cve_data_all': 'ruby-grape ruby gem suffers from a cross-site scripting (XSS) vulnerability via "format" parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-3769 was patched at 2024-05-15

6113. Cross Site Scripting - Unknown Product (CVE-2018-5776) - Medium [214]

Description: {'vulners_cve_data_all': 'WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement (under wp-includes/js/mediaelement).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-5776 was patched at 2024-05-15

6114. Cross Site Scripting - Unknown Product (CVE-2019-7335) - Medium [214]

Description: {'vulners_cve_data_all': 'Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'log' as it insecurely prints the 'Log Message' value on the web page without applying any proper filtration. This relates to the view=logs value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7335 was patched at 2024-05-15

6115. Cross Site Scripting - Unknown Product (CVE-2019-7338) - Medium [214]

Description: {'vulners_cve_data_all': 'Self - Stored XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'group' as it insecurely prints the 'Group Name' value on the web page without applying any proper filtration.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7338 was patched at 2024-05-15

6116. Cross Site Scripting - Unknown Product (CVE-2019-7344) - Medium [214]

Description: {'vulners_cve_data_all': 'Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filter[Name]' (aka Filter name) value on the web page without applying any proper filtration.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7344 was patched at 2024-05-15

6117. Cross Site Scripting - Unknown Product (CVE-2020-11030) - Medium [214]

Description: {'vulners_cve_data_all': 'In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor. This requires an authenticated user with the ability to add content. This has been patched in version 5.4.1, along with all the previously affected versions via a minor release (5.3.3, 5.2.6, 5.1.5, 5.0.9, 4.9.14, 4.8.13, 4.7.17, 4.6.18, 4.5.21, 4.4.22, 4.3.23, 4.2.27, 4.1.30, 4.0.30, 3.9.31, 3.8.33, 3.7.33).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11030 was patched at 2024-05-15

6118. Cross Site Scripting - Unknown Product (CVE-2020-12648) - Medium [214]

Description: {'vulners_cve_data_all': 'A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-12648 was patched at 2024-05-15

6119. Cross Site Scripting - Unknown Product (CVE-2020-17480) - Medium [214]

Description: {'vulners_cve_data_all': 'TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the editor.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-17480 was patched at 2024-05-15

6120. Cross Site Scripting - Unknown Product (CVE-2020-22402) - Medium [214]

Description: {'vulners_cve_data_all': 'Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-22402 was patched at 2024-05-15

6121. Cross Site Scripting - Unknown Product (CVE-2020-27741) - Medium [214]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27741 was patched at 2024-05-15

6122. Cross Site Scripting - Unknown Product (CVE-2020-8264) - Medium [214]

Description: {'vulners_cve_data_all': 'In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-8264 was patched at 2024-05-15

6123. Cross Site Scripting - Unknown Product (CVE-2021-35043) - Medium [214]

Description: {'vulners_cve_data_all': 'OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with &#00058 as the replacement for the : character.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-35043 was patched at 2024-05-15

6124. Cross Site Scripting - Unknown Product (CVE-2021-35513) - Medium [214]

Description: {'vulners_cve_data_all': 'Mermaid before 8.11.0 allows XSS when the antiscript feature is used.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-35513 was patched at 2024-05-15

6125. Cross Site Scripting - Unknown Product (CVE-2021-38193) - Medium [214]

Description: {'vulners_cve_data_all': 'An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38193 was patched at 2024-05-15

6126. Cross Site Scripting - Unknown Product (CVE-2021-4124) - Medium [214]

Description: {'vulners_cve_data_all': 'janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4124 was patched at 2024-05-15

debian: CVE-2021-41247 was patched at 2024-05-15

6127. Cross Site Scripting - Unknown Product (CVE-2021-43808) - Medium [214]

Description: {'vulners_cve_data_all': 'Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43808 was patched at 2024-05-15

6128. Cross Site Scripting - Unknown Product (CVE-2021-46872) - Medium [214]

Description: {'vulners_cve_data_all': 'An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus can lead to XSS in some applications. (Nim versions 1.6.2 and later are fixed; there may be backports of the fix to some earlier versions. NimForum 2.2.0 is fixed.)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46872 was patched at 2024-05-15

6129. Cross Site Scripting - Unknown Product (CVE-2022-23133) - Medium [214]

Description: {'vulners_cve_data_all': 'An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and the actor can steal session cookies and perform session hijacking to impersonate users or take over their accounts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-23133 was patched at 2024-05-15

6130. Cross Site Scripting - Unknown Product (CVE-2022-23395) - Medium [214]

Description: {'vulners_cve_data_all': 'jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-23395 was patched at 2024-05-15

6131. Cross Site Scripting - Unknown Product (CVE-2022-23494) - Medium [214]

Description: {'vulners_cve_data_all': 'tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the `image` plugin, which presents these dialogs when certain errors occur. The vulnerability allowed arbitrary JavaScript execution when an alert presented in the TinyMCE UI for the current user. This vulnerability has been patched in TinyMCE 5.10.7 and TinyMCE 6.3.1 by ensuring HTML sanitization was still performed after unwrapping invalid elements. Users are advised to upgrade to either 5.10.7 or 6.3.1. Users unable to upgrade may ensure the the `images_upload_handler` returns a valid value as per the images_upload_handler documentation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-23494 was patched at 2024-05-15

6132. Cross Site Scripting - Unknown Product (CVE-2022-2514) - Medium [214]

Description: {'vulners_cve_data_all': 'The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2514 was patched at 2024-05-15

6133. Cross Site Scripting - Unknown Product (CVE-2022-27920) - Medium [214]

Description: {'vulners_cve_data_all': 'libkiwix 10.0.0 and 10.0.1 allows XSS in the built-in webserver functionality via the search suggestions URL parameter. This is fixed in 10.1.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-27920 was patched at 2024-05-15

6134. Cross Site Scripting - Unknown Product (CVE-2022-28919) - Medium [214]

Description: {'vulners_cve_data_all': 'HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-28919 was patched at 2024-05-15

6135. Cross Site Scripting - Unknown Product (CVE-2022-32308) - Medium [214]

Description: {'vulners_cve_data_all': 'Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed 'MessageSender.url' to the browser renderer process.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-32308 was patched at 2024-05-15

6136. Cross Site Scripting - Unknown Product (CVE-2022-36033) - Medium [214]

Description: {'vulners_cve_data_all': 'jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: - disable `SafeList.preserveRelativeLinks`, which will rewrite input URLs as absolute URLs - ensure an appropriate [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-36033 was patched at 2024-05-15

6137. Cross Site Scripting - Unknown Product (CVE-2022-40626) - Medium [214]

Description: {'vulners_cve_data_all': 'An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-40626 was patched at 2024-05-15

6138. Cross Site Scripting - Unknown Product (CVE-2022-44031) - Medium [214]

Description: {'vulners_cve_data_all': 'Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-44031 was patched at 2024-05-15

6139. Cross Site Scripting - Unknown Product (CVE-2022-44637) - Medium [214]

Description: {'vulners_cve_data_all': 'Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-44637 was patched at 2024-05-15

6140. Cross Site Scripting - Unknown Product (CVE-2022-4556) - Medium [214]

Description: {'vulners_cve_data_all': 'A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the function _migrateMailIdentities of the file SoObjects/SOGo/SOGoUserDefaults.m of the component Identity Handler. The manipulation of the argument fullName leads to cross site scripting. The attack may be launched remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is efac49ae91a4a325df9931e78e543f707a0f8e5e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215960.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-4556 was patched at 2024-05-15

6141. Cross Site Scripting - Unknown Product (CVE-2022-4558) - Medium [214]

Description: {'vulners_cve_data_all': 'A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 5.8.0 is able to address this issue. The name of the patch is 1e0f5f00890f751e84d67be4f139dd7f00faa5f3. It is recommended to upgrade the affected component. The identifier VDB-215961 was assigned to this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-4558 was patched at 2024-05-15

6142. Cross Site Scripting - Unknown Product (CVE-2022-48345) - Medium [214]

Description: {'vulners_cve_data_all': 'sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48345 was patched at 2024-05-15

6143. Cross Site Scripting - Unknown Product (CVE-2023-23627) - Medium [214]

Description: {'vulners_cve_data_all': 'Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows `noscript` elements, attackers are able to include arbitrary HTML, resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. The default configurations do not allow `noscript` elements and are not vulnerable. This issue only affects users who are using a custom config that adds `noscript` to the element allowlist. This issue has been patched in version 6.0.1. Users who are unable to upgrade can prevent this issue by using one of Sanitize's default configs or by ensuring that their custom config does not include `noscript` in the element allowlist.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-23627 was patched at 2024-05-15

ubuntu: CVE-2023-23627 was patched at 2024-04-24

6144. Cross Site Scripting - Unknown Product (CVE-2023-33969) - Medium [214]

Description: {'vulners_cve_data_all': 'Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting (XSS) allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP header configuration blocks this javascript attack. This issue has been addressed in version 1.2.30. Users are advised to upgrade. Users unable to upgrade should ensure that they have a restrictive CSP header config.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-33969 was patched at 2024-05-15

6145. Cross Site Scripting - Unknown Product (CVE-2023-45818) - Medium [214]

Description: {'vulners_cve_data_all': 'TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If the HTML snippet is restored from the undo stack, the combination of the string manipulation and reparative parsing by either the browser's native [DOMParser API](https://developer.mozilla.org/en-US/docs/Web/API/DOMParser) (TinyMCE 6) or the SaxParser API (TinyMCE 5) mutates the HTML maliciously, allowing an XSS payload to be executed. This vulnerability has been patched in TinyMCE 5.10.8 and TinyMCE 6.7.1 by ensuring HTML is trimmed using node-level manipulation instead of string manipulation. Users are advised to upgrade. There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45818 was patched at 2024-05-15

6146. Cross Site Scripting - Unknown Product (CVE-2023-45819) - Medium [214]

Description: {'vulners_cve_data_all': 'TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully crafted malicious content to have been inserted into the editor and a notification to have been triggered. When a notification was opened, the HTML within the text argument was displayed unfiltered in the notification. The vulnerability allowed arbitrary JavaScript execution when an notification presented in the TinyMCE UI for the current user. This issue could also be exploited by any integration which uses a TinyMCE notification to display unfiltered HTML content. This vulnerability has been patched in TinyMCE 5.10.8 and TinyMCE 6.7.1 by ensuring that the HTML displayed in the notification is sanitized, preventing the exploit. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45819 was patched at 2024-05-15

6147. Cross Site Scripting - Unknown Product (CVE-2023-47258) - Medium [214]

Description: {'vulners_cve_data_all': 'Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-47258 was patched at 2024-05-15, 2024-05-24

6148. Cross Site Scripting - Unknown Product (CVE-2023-47259) - Medium [214]

Description: {'vulners_cve_data_all': 'Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-47259 was patched at 2024-05-15, 2024-05-24

6149. Cross Site Scripting - Unknown Product (CVE-2023-47260) - Medium [214]

Description: {'vulners_cve_data_all': 'Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-47260 was patched at 2024-05-15, 2024-05-24

6150. Cross Site Scripting - Unknown Product (CVE-2023-48219) - Medium [214]

Description: {'vulners_cve_data_all': 'TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character reserved as an internal marker, they can be combined with other HTML patterns to form malicious snippets. These snippets pass the initial sanitisation layer when the content is parsed into the editor body, but can trigger XSS when the special internal marker is removed from the content and re-parsed. his vulnerability has been patched in TinyMCE versions 6.7.3 and 5.10.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-48219 was patched at 2024-05-15

6151. Cross Site Scripting - Unknown Product (CVE-2024-22725) - Medium [214]

Description: {'vulners_cve_data_all': 'Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22725 was patched at 2024-05-15

6152. Cross Site Scripting - Unknown Product (CVE-2024-23635) - Medium [214]

Description: {'vulners_cve_data_all': 'AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. Patched in AntiSamy 1.7.5 and later. ', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23635 was patched at 2024-05-15

6153. Cross Site Scripting - Unknown Product (CVE-2024-23659) - Medium [214]

Description: {'vulners_cve_data_all': 'SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23659 was patched at 2024-05-15

6154. Cross Site Scripting - Unknown Product (CVE-2024-24816) - Medium [214]

Description: {'vulners_cve_data_all': 'CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-24816 was patched at 2024-05-15

6155. Remote Code Execution - Unknown Product (CVE-2006-4808) - Medium [214]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4808 was patched at 2024-05-15

6156. Remote Code Execution - Unknown Product (CVE-2023-51594) - Medium [214]

Description: {'vulners_cve_data_all': 'BlueZ OBEX Library Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious Bluetooth device.\n\nThe specific flaw exists within the handling of OBEX protocol parameters. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-20937.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51594 was patched at 2024-05-15

6157. Unknown Vulnerability Type - Kerberos (CVE-2006-7108) - Medium [214]

Description: {'vulners_cve_data_all': 'login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.410CVSS Base Score is 4.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-7108 was patched at 2024-05-15

6158. Elevation of Privilege - Unknown Product (CVE-2017-1001001) - Medium [211]

Description: {'vulners_cve_data_all': 'PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1001001 was patched at 2024-05-15

6159. Elevation of Privilege - Unknown Product (CVE-2019-12522) - Medium [211]

Description: {'vulners_cve_data_all': 'An issue was discovered in Squid through 4.7. When Squid is run as root, it spawns its child processes as a lesser user, by default the user nobody. This is done via the leave_suid call. leave_suid leaves the Saved UID as 0. This makes it trivial for an attacker who has compromised the child process to escalate their privileges back to root.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12522 was patched at 2024-05-15

6160. Elevation of Privilege - Unknown Product (CVE-2022-20423) - Medium [211]

Description: {'vulners_cve_data_all': 'In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239842288References: Upstream kernel', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-20423 was patched at 2024-05-15

6161. Unknown Vulnerability Type - Apache Traffic Server (CVE-2016-5396) - Medium [211]

Description: {'vulners_cve_data_all': 'Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5396 was patched at 2024-05-15

6162. Unknown Vulnerability Type - Apache Traffic Server (CVE-2017-5659) - Medium [211]

Description: {'vulners_cve_data_all': 'Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5659 was patched at 2024-05-15

6163. Unknown Vulnerability Type - Apache Traffic Server (CVE-2018-8022) - Medium [211]

Description: {'vulners_cve_data_all': 'A carefully crafted invalid TLS handshake can cause Apache Traffic Server (ATS) to segfault. This affects version 6.2.2. To resolve this issue users running 6.2.2 should upgrade to 6.2.3 or later versions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-8022 was patched at 2024-05-15

6164. Unknown Vulnerability Type - Apache Traffic Server (CVE-2023-39456) - Medium [211]

Description: {'vulners_cve_data_all': 'Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2.\n\nUsers are recommended to upgrade to version 9.2.3, which fixes the issue.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714The Apache Traffic Server is a modular, high-performance reverse proxy and forward proxy server, generally comparable to Nginx and Squid
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39456 was patched at 2024-05-15

6165. Unknown Vulnerability Type - BIND (CVE-2005-2654) - Medium [211]

Description: {'vulners_cve_data_all': 'phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2654 was patched at 2024-05-15

6166. Unknown Vulnerability Type - BIND (CVE-2009-2942) - Medium [211]

Description: {'vulners_cve_data_all': 'The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2942 was patched at 2024-05-15

6167. Unknown Vulnerability Type - BIND (CVE-2009-2943) - Medium [211]

Description: {'vulners_cve_data_all': 'The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2943 was patched at 2024-05-15

6168. Unknown Vulnerability Type - Curl (CVE-2003-1605) - Medium [211]

Description: {'vulners_cve_data_all': 'curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-1605 was patched at 2024-05-15

6169. Unknown Vulnerability Type - Curl (CVE-2007-3564) - Medium [211]

Description: {'vulners_cve_data_all': 'libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3564 was patched at 2024-05-15

6170. Unknown Vulnerability Type - Curl (CVE-2012-0036) - Medium [211]

Description: {'vulners_cve_data_all': 'curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0036 was patched at 2024-05-15

6171. Unknown Vulnerability Type - Curl (CVE-2017-7468) - Medium [211]

Description: {'vulners_cve_data_all': 'In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn't be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7468 was patched at 2024-05-15

6172. Unknown Vulnerability Type - Curl (CVE-2023-35934) - Medium [211]

Description: {'vulners_cve_data_all': 'yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host. This vulnerable behavior is present in yt-dlp prior to 2023.07.06 and nightly 2023.07.06.185519. All native and external downloaders are affected, except for `curl` and `httpie` (version 3.1.0 or later).\n\nAt the file download stage, all cookies are passed by yt-dlp to the file downloader as a `Cookie` header, thereby losing their scope. This also occurs in yt-dlp's info JSON output, which may be used by external tools. As a result, the downloader or external tool may indiscriminately send cookies with requests to domains or paths for which the cookies are not scoped.\n\nyt-dlp version 2023.07.06 and nightly 2023.07.06.185519 fix this issue by removing the `Cookie` header upon HTTP redirects; having native downloaders calculate the `Cookie` header from the cookiejar, utilizing external downloaders' built-in support for cookies instead of passing them as header arguments, disabling HTTP redirectiong if the external downloader does not have proper cookie support, processing cookies passed as HTTP headers to limit their scope, and having a separate field for cookies in the info dict storing more information about scoping\n\nSome workarounds are available for those who are unable to upgrade. Avoid using cookies and user authentication methods. While extractors may set custom cookies, these usually do not contain sensitive information. Alternatively, avoid using `--load-info-json`. Or, if authentication is a must: verify the integrity of download links from unknown sources in browser (including redirects) before passing them to yt-dlp; use `curl` as external downloader, since it is not impacted; and/or avoid fragmented formats such as HLS/m3u8, DASH/mpd and ISM.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-35934 was patched at 2024-05-15

6173. Unknown Vulnerability Type - FFmpeg (CVE-2016-7450) - Medium [211]

Description: {'vulners_cve_data_all': 'The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7450 was patched at 2024-05-15

6174. Unknown Vulnerability Type - FFmpeg (CVE-2016-7502) - Medium [211]

Description: {'vulners_cve_data_all': 'The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7502 was patched at 2024-05-15

6175. Unknown Vulnerability Type - MediaWiki (CVE-2004-2186) - Medium [211]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2186 was patched at 2024-05-15

6176. Unknown Vulnerability Type - MediaWiki (CVE-2005-0535) - Medium [211]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0535 was patched at 2024-05-15

6177. Unknown Vulnerability Type - MediaWiki (CVE-2012-0046) - Medium [211]

Description: {'vulners_cve_data_all': 'mediawiki allows deleted text to be exposed', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0046 was patched at 2024-05-15

6178. Unknown Vulnerability Type - MediaWiki (CVE-2012-4380) - Medium [211]

Description: {'vulners_cve_data_all': 'MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4380 was patched at 2024-05-15

6179. Unknown Vulnerability Type - MediaWiki (CVE-2012-4381) - Medium [211]

Description: {'vulners_cve_data_all': 'MediaWiki before 1.18.5, and 1.19.x before 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the strict function, could allow remote attackers to use old passwords for non-existing accounts in an external authentication system via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4381 was patched at 2024-05-15

6180. Unknown Vulnerability Type - MediaWiki (CVE-2015-6728) - Medium [211]

Description: {'vulners_cve_data_all': 'The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-6728 was patched at 2024-05-15

6181. Unknown Vulnerability Type - MediaWiki (CVE-2016-6331) - Medium [211]

Description: {'vulners_cve_data_all': 'ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to bypass intended per-title read restrictions via a parse action to api.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6331 was patched at 2024-05-15

6182. Unknown Vulnerability Type - MediaWiki (CVE-2016-6337) - Medium [211]

Description: {'vulners_cve_data_all': 'MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6337 was patched at 2024-05-15

6183. Unknown Vulnerability Type - MediaWiki (CVE-2017-0371) - Medium [211]

Description: {'vulners_cve_data_all': 'MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker-controlled URL in the title attribute.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0371 was patched at 2024-05-15

6184. Unknown Vulnerability Type - QEMU (CVE-2013-2016) - Medium [211]

Description: {'vulners_cve_data_all': 'A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2016 was patched at 2024-05-15

6185. Unknown Vulnerability Type - QEMU (CVE-2023-1386) - Medium [211]

Description: {'vulners_cve_data_all': 'A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-1386 was patched at 2024-05-15

6186. Unknown Vulnerability Type - SQLite (CVE-2017-15286) - Medium [211]

Description: {'vulners_cve_data_all': 'SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714SQLite is a database engine written in the C programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15286 was patched at 2024-05-15

6187. Unknown Vulnerability Type - iOS (CVE-2018-11783) - Medium [211]

Description: {'vulners_cve_data_all': 'sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11783 was patched at 2024-05-15

6188. Unknown Vulnerability Type - iOS (CVE-2020-6582) - Medium [211]

Description: {'vulners_cve_data_all': 'Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-6582 was patched at 2024-05-15

6189. Unknown Vulnerability Type - iOS (CVE-2023-49298) - Medium [211]

Description: {'vulners_cve_data_all': 'OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but can be security related in realistic situations. A possible example is cp, from a recent GNU Core Utilities (coreutils) version, when attempting to preserve a rule set for denying unauthorized access. (One might use cp when configuring access control, such as with the /etc/hosts.deny file specified in the IBM Support reference.) NOTE: this issue occurs less often in version 2.2.1, and in versions before 2.1.4, because of the default configuration in those versions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49298 was patched at 2024-05-15

6190. Unknown Vulnerability Type - Apache HTTP Server (CVE-2012-4528) - Medium [209]

Description: {'vulners_cve_data_all': 'The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4528 was patched at 2024-05-15

6191. Unknown Vulnerability Type - Apache HTTP Server (CVE-2013-1048) - Medium [209]

Description: {'vulners_cve_data_all': 'The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1048 was patched at 2024-05-15

6192. Unknown Vulnerability Type - Linux Kernel (CVE-2010-4563) - Medium [209]

Description: {'vulners_cve_data_all': 'The Linux kernel, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4563 was patched at 2024-05-15

6193. Unknown Vulnerability Type - Linux Kernel (CVE-2013-1957) - Medium [209]

Description: {'vulners_cve_data_all': 'The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNT_READONLY flag, which allows local users to bypass an intended read-only property of a filesystem by leveraging a separate mount namespace.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1957 was patched at 2024-05-15

6194. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46925) - Medium [209]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix kernel panic caused by race of smc_sock\n\nA crash occurs when smc_cdc_tx_handler() tries to access smc_sock\nbut smc_release() has already freed it.\n\n[ 4570.695099] BUG: unable to handle page fault for address: 000000002eae9e88\n[ 4570.696048] #PF: supervisor write access in kernel mode\n[ 4570.696728] #PF: error_code(0x0002) - not-present page\n[ 4570.697401] PGD 0 P4D 0\n[ 4570.697716] Oops: 0002 [#1] PREEMPT SMP NOPTI\n[ 4570.698228] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.16.0-rc4+ #111\n[ 4570.699013] Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 8c24b4c 04/0\n[ 4570.699933] RIP: 0010:_raw_spin_lock+0x1a/0x30\n<...>\n[ 4570.711446] Call Trace:\n[ 4570.711746] <IRQ>\n[ 4570.711992] smc_cdc_tx_handler+0x41/0xc0\n[ 4570.712470] smc_wr_tx_tasklet_fn+0x213/0x560\n[ 4570.712981] ? smc_cdc_tx_dismisser+0x10/0x10\n[ 4570.713489] tasklet_action_common.isra.17+0x66/0x140\n[ 4570.714083] __do_softirq+0x123/0x2f4\n[ 4570.714521] irq_exit_rcu+0xc4/0xf0\n[ 4570.714934] common_interrupt+0xba/0xe0\n\nThough smc_cdc_tx_handler() checked the existence of smc connection,\nsmc_release() may have already dismissed and released the smc socket\nbefore smc_cdc_tx_handler() further visits it.\n\nsmc_cdc_tx_handler() |smc_release()\nif (!conn) |\n |\n |smc_cdc_tx_dismiss_slots()\n | smc_cdc_tx_dismisser()\n |\n |sock_put(&smc->sk) <- last sock_put,\n | smc_sock freed\nbh_lock_sock(&smc->sk) (panic) |\n\nTo make sure we won't receive any CDC messages after we free the\nsmc_sock, add a refcount on the smc_connection for inflight CDC\nmessage(posted to the QP but haven't received related CQE), and\ndon't release the smc_connection until all the inflight CDC messages\nhaven been done, for both success or failed ones.\n\nUsing refcount on CDC messages brings another problem: when the link\nis going to be destroyed, smcr_link_clear() will reset the QP, which\nthen remove all the pending CQEs related to the QP in the CQ. To make\nsure all the CQEs will always come back so the refcount on the\nsmc_connection can always reach 0, smc_ib_modify_qp_reset() was replaced\nby smc_ib_modify_qp_error().\nAnd remove the timeout in smc_wr_tx_wait_no_pending_sends() since we\nneed to wait for all pending WQEs done, or we may encounter use-after-\nfree when handling CQEs.\n\nFor IB device removal routine, we need to wait for all the QPs on that\ndevice been destroyed before we can destroy CQs on the device, or\nthe refcount on smc_connection won't reach 0 and smc_sock cannot be\nreleased.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46925 was patched at 2024-05-15

6195. Unknown Vulnerability Type - Windows Encrypting File System (CVE-2020-25578) - Medium [209]

Description: {'vulners_cve_data_all': 'In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 several file systems were not properly initializing the d_off field of the dirent structures returned by VOP_READDIR. In particular, tmpfs(5), smbfs(5), autofs(5) and mqueuefs(5) were failing to do so. As a result, eight uninitialized kernel stack bytes may be leaked to userspace by these file systems.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25578 was patched at 2024-05-15

6196. Unknown Vulnerability Type - Windows Kernel (CVE-2002-0654) - Medium [209]

Description: {'vulners_cve_data_all': 'Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0654 was patched at 2024-05-15

6197. Unknown Vulnerability Type - Windows Kernel (CVE-2021-27351) - Medium [209]

Description: {'vulners_cve_data_all': 'The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-27351 was patched at 2024-05-15

6198. Unknown Vulnerability Type - Windows Kernel (CVE-2023-22466) - Medium [209]

Description: {'vulners_cve_data_all': 'Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting `pipe_mode` will reset `reject_remote_clients` to `false`. If the application has previously configured `reject_remote_clients` to `true`, this effectively undoes the configuration. Remote clients may only access the named pipe if the named pipe's associated path is accessible via a publicly shared folder (SMB). Versions 1.23.1, 1.20.3, and 1.18.4 have been patched. The fix will also be present in all releases starting from version 1.24.0. Named pipes were introduced to Tokio in version 1.7.0, so releases older than 1.7.0 are not affected. As a workaround, ensure that `pipe_mode` is set first after initializing a `ServerOptions`.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22466 was patched at 2024-05-15

6199. Unknown Vulnerability Type - Windows LDAP (CVE-2005-2069) - Medium [209]

Description: {'vulners_cve_data_all': 'pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2069 was patched at 2024-05-15

6200. Unknown Vulnerability Type - Windows LDAP (CVE-2013-1364) - Medium [209]

Description: {'vulners_cve_data_all': 'The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1364 was patched at 2024-05-15

6201. Unknown Vulnerability Type - Windows LDAP (CVE-2017-14159) - Medium [209]

Description: {'vulners_cve_data_all': 'slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14159 was patched at 2024-05-15

6202. Denial of Service - FRRouting (CVE-2024-31948) - Medium [208]

Description: In FRRouting (FRR) through 9.1, an attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Free Range Routing or FRRouting or FRR is a network routing software suite running on Unix-like platforms, particularly Linux, Solaris, OpenBSD, FreeBSD and NetBSD
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31948 was patched at 2024-05-15

ubuntu: CVE-2024-31948 was patched at 2024-05-28, 2024-06-05

6203. Denial of Service - FRRouting (CVE-2024-34088) - Medium [208]

Description: In FRRouting (FRR) through 9.1, it is possible for the get_edge() function in ospf_te.c in the OSPF daemon to return a NULL pointer. In cases where calling functions do not handle the returned NULL value, the OSPF daemon crashes, leading to denial of service.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514Free Range Routing or FRRouting or FRR is a network routing software suite running on Unix-like platforms, particularly Linux, Solaris, OpenBSD, FreeBSD and NetBSD
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-34088 was patched at 2024-05-15

ubuntu: CVE-2024-34088 was patched at 2024-05-28

6204. Denial of Service - TLS (CVE-2024-28755) - Medium [208]

Description: An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When an SSL context was reset with the mbedtls_ssl_session_reset() API, the maximum TLS version to be negotiated was not restored to the configured one. An attacker was able to prevent an Mbed TLS server from establishing any TLS 1.3 connection, potentially resulting in a Denial of Service or forced version downgrade from TLS 1.3 to TLS 1.2.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common0.514TLS
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28755 was patched at 2024-05-15

6205. Denial of Service - Unknown Product (CVE-2004-2698) - Medium [208]

Description: {'vulners_cve_data_all': 'Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2698 was patched at 2024-05-15

6206. Denial of Service - Unknown Product (CVE-2006-1655) - Medium [208]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1655 was patched at 2024-05-15

6207. Denial of Service - Unknown Product (CVE-2008-1923) - Medium [208]

Description: {'vulners_cve_data_all': 'The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision 72630 and 1.4 before revision 65679, when configured to allow unauthenticated calls, sends "early audio" to an unverified source IP address of a NEW message, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed NEW message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1923 was patched at 2024-05-15

6208. Denial of Service - Unknown Product (CVE-2009-0887) - Medium [208]

Description: {'vulners_cve_data_all': 'Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to obtain login access with a different user's non-ASCII username, via a login attempt.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0887 was patched at 2024-05-15

6209. Denial of Service - Unknown Product (CVE-2009-1629) - Medium [208]

Description: {'vulners_cve_data_all': 'ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with predictable random numbers based on certain JavaScript functions, which makes it easier for remote attackers to (1) hijack a session or (2) cause a denial of service (session ID exhaustion) via a brute-force attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1629 was patched at 2024-05-15

6210. Denial of Service - Unknown Product (CVE-2010-0401) - Medium [208]

Description: {'vulners_cve_data_all': 'OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0401 was patched at 2024-05-15

6211. Denial of Service - Unknown Product (CVE-2010-2490) - Medium [208]

Description: {'vulners_cve_data_all': 'Mumble: murmur-server has DoS due to malformed client query', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2490 was patched at 2024-05-15

6212. Denial of Service - Unknown Product (CVE-2010-3439) - Medium [208]

Description: {'vulners_cve_data_all': 'It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3439 was patched at 2024-05-15

6213. Denial of Service - Unknown Product (CVE-2011-2975) - Medium [208]

Description: {'vulners_cve_data_all': 'Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact via crafted mapfile data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2975 was patched at 2024-05-15

6214. Denial of Service - Unknown Product (CVE-2012-2415) - Medium [208]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in chan_skinny.c in the Skinny channel driver in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 allows remote authenticated users to cause a denial of service or possibly have unspecified other impact via a series of KEYPAD_BUTTON_MESSAGE events.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2415 was patched at 2024-05-15

6215. Denial of Service - Unknown Product (CVE-2012-2416) - Medium [208]

Description: {'vulners_cve_data_all': 'chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.11.1 and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4, when the trustrpid option is enabled, allows remote authenticated users to cause a denial of service (daemon crash) by sending a SIP UPDATE message that triggers a connected-line update attempt without an associated channel.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2416 was patched at 2024-05-15

6216. Denial of Service - Unknown Product (CVE-2012-3497) - Medium [208]

Description: {'vulners_cve_data_all': '(1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) TMEMC_SAVE_GET_CLIENT_FLAGS and (4) TMEMC_SAVE_END in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (NULL pointer dereference or memory corruption and host crash) or possibly have other unspecified impacts via a NULL client id.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3497 was patched at 2024-05-15

6217. Denial of Service - Unknown Product (CVE-2012-5521) - Medium [208]

Description: {'vulners_cve_data_all': 'quagga (ospf6d) 0.99.21 has a DoS flaw in the way the ospf6d daemon performs routes removal', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5521 was patched at 2024-05-15

6218. Denial of Service - Unknown Product (CVE-2012-5639) - Medium [208]

Description: {'vulners_cve_data_all': 'LibreOffice and OpenOffice automatically open embedded content', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5639 was patched at 2024-05-15

6219. Denial of Service - Unknown Product (CVE-2012-6030) - Medium [208]

Description: {'vulners_cve_data_all': 'The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (host crash) and possibly have other unspecified impacts via unspecified vectors related to "broken locking checks" in an "error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6030 was patched at 2024-05-15

6220. Denial of Service - Unknown Product (CVE-2015-2751) - Medium [208]

Description: {'vulners_cve_data_all': 'Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2751 was patched at 2024-05-15

6221. Denial of Service - Unknown Product (CVE-2015-4472) - Medium [208]

Description: {'vulners_cve_data_all': 'Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-4472 was patched at 2024-05-15

6222. Denial of Service - Unknown Product (CVE-2015-5695) - Medium [208]

Description: {'vulners_cve_data_all': 'Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5695 was patched at 2024-05-15

6223. Denial of Service - Unknown Product (CVE-2016-10163) - Medium [208]

Description: {'vulners_cve_data_all': 'Memory leak in the vrend_renderer_context_create_internal function in vrend_decode.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) by repeatedly creating a decode context.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10163 was patched at 2024-05-15

6224. Denial of Service - Unknown Product (CVE-2016-10505) - Medium [208]

Description: {'vulners_cve_data_all': 'NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10505 was patched at 2024-05-15

6225. Denial of Service - Unknown Product (CVE-2016-10507) - Medium [208]

Description: {'vulners_cve_data_all': 'Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10507 was patched at 2024-05-15

6226. Denial of Service - Unknown Product (CVE-2016-1923) - Medium [208]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1923 was patched at 2024-05-15

6227. Denial of Service - Unknown Product (CVE-2016-3625) - Medium [208]

Description: {'vulners_cve_data_all': 'tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3625 was patched at 2024-05-15

6228. Denial of Service - Unknown Product (CVE-2016-5028) - Medium [208]

Description: {'vulners_cve_data_all': 'The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via an object file with empty bss-like sections.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5028 was patched at 2024-05-15

6229. Denial of Service - Unknown Product (CVE-2016-5029) - Medium [208]

Description: {'vulners_cve_data_all': 'The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted dwarf file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5029 was patched at 2024-05-15

6230. Denial of Service - Unknown Product (CVE-2016-5030) - Medium [208]

Description: {'vulners_cve_data_all': 'The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5030 was patched at 2024-05-15

6231. Denial of Service - Unknown Product (CVE-2016-5032) - Medium [208]

Description: {'vulners_cve_data_all': 'The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a denial of service (crash) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5032 was patched at 2024-05-15

6232. Denial of Service - Unknown Product (CVE-2016-5033) - Medium [208]

Description: {'vulners_cve_data_all': 'The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5033 was patched at 2024-05-15

6233. Denial of Service - Unknown Product (CVE-2016-5035) - Medium [208]

Description: {'vulners_cve_data_all': 'The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5035 was patched at 2024-05-15

6234. Denial of Service - Unknown Product (CVE-2016-5037) - Medium [208]

Description: {'vulners_cve_data_all': 'The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5037 was patched at 2024-05-15

6235. Denial of Service - Unknown Product (CVE-2016-6188) - Medium [208]

Description: {'vulners_cve_data_all': 'Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to upload a large attachment, related to temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6188 was patched at 2024-05-15

6236. Denial of Service - Unknown Product (CVE-2016-8611) - Medium [208]

Description: {'vulners_cve_data_all': 'A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-8611 was patched at 2024-05-15

6237. Denial of Service - Unknown Product (CVE-2016-8679) - Medium [208]

Description: {'vulners_cve_data_all': 'The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-8679 was patched at 2024-05-15

6238. Denial of Service - Unknown Product (CVE-2016-8680) - Medium [208]

Description: {'vulners_cve_data_all': 'The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-8680 was patched at 2024-05-15

6239. Denial of Service - Unknown Product (CVE-2016-9115) - Medium [208]

Description: {'vulners_cve_data_all': 'Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9115 was patched at 2024-05-15

6240. Denial of Service - Unknown Product (CVE-2016-9116) - Medium [208]

Description: {'vulners_cve_data_all': 'NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9116 was patched at 2024-05-15

6241. Denial of Service - Unknown Product (CVE-2016-9117) - Medium [208]

Description: {'vulners_cve_data_all': 'NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9117 was patched at 2024-05-15

6242. Denial of Service - Unknown Product (CVE-2016-9815) - Medium [208]

Description: {'vulners_cve_data_all': 'Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host panic) by sending an asynchronous abort.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9815 was patched at 2024-05-15

6243. Denial of Service - Unknown Product (CVE-2016-9816) - Medium [208]

Description: {'vulners_cve_data_all': 'Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at EL2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9816 was patched at 2024-05-15

6244. Denial of Service - Unknown Product (CVE-2016-9817) - Medium [208]

Description: {'vulners_cve_data_all': 'Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9817 was patched at 2024-05-15

6245. Denial of Service - Unknown Product (CVE-2016-9818) - Medium [208]

Description: {'vulners_cve_data_all': 'Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9818 was patched at 2024-05-15

6246. Denial of Service - Unknown Product (CVE-2017-0310) - Medium [208]

Description: {'vulners_cve_data_all': 'All versions of NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper access controls allowing unprivileged user to cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0310 was patched at 2024-05-15

6247. Denial of Service - Unknown Product (CVE-2017-10791) - Medium [208]

Description: {'vulners_cve_data_all': 'There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-10791 was patched at 2024-05-15

6248. Denial of Service - Unknown Product (CVE-2017-10792) - Medium [208]

Description: {'vulners_cve_data_all': 'There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-10792 was patched at 2024-05-15

6249. Denial of Service - Unknown Product (CVE-2017-10872) - Medium [208]

Description: {'vulners_cve_data_all': 'H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-10872 was patched at 2024-05-15

6250. Denial of Service - Unknown Product (CVE-2017-10919) - Medium [208]

Description: {'vulners_cve_data_all': 'Xen through 4.8.x mishandles virtual interrupt injection, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-223.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-10919 was patched at 2024-05-15

6251. Denial of Service - Unknown Product (CVE-2017-10923) - Medium [208]

Description: {'vulners_cve_data_all': 'Xen through 4.8.x does not validate a vCPU array index upon the sending of an SGI, which allows guest OS users to cause a denial of service (hypervisor crash), aka XSA-225.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-10923 was patched at 2024-05-15

6252. Denial of Service - Unknown Product (CVE-2017-11189) - Medium [208]

Description: {'vulners_cve_data_all': 'unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash), which could be relevant if unrarlib is used as library code for a long-running application. NOTE: one of the several test cases in the references may be the same as what was separately reported as CVE-2017-14121.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11189 was patched at 2024-05-15

6253. Denial of Service - Unknown Product (CVE-2017-11608) - Medium [208]

Description: {'vulners_cve_data_all': 'There is a heap-based buffer over-read in the Sass::Prelexer::re_linebreak function in lexer.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11608 was patched at 2024-05-15

6254. Denial of Service - Unknown Product (CVE-2017-12143) - Medium [208]

Description: {'vulners_cve_data_all': 'In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12143 was patched at 2024-05-15

6255. Denial of Service - Unknown Product (CVE-2017-12145) - Medium [208]

Description: {'vulners_cve_data_all': 'In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12145 was patched at 2024-05-15

6256. Denial of Service - Unknown Product (CVE-2017-12441) - Medium [208]

Description: {'vulners_cve_data_all': 'The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12441 was patched at 2024-05-15

6257. Denial of Service - Unknown Product (CVE-2017-12442) - Medium [208]

Description: {'vulners_cve_data_all': 'The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12442 was patched at 2024-05-15

6258. Denial of Service - Unknown Product (CVE-2017-12443) - Medium [208]

Description: {'vulners_cve_data_all': 'The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12443 was patched at 2024-05-15

6259. Denial of Service - Unknown Product (CVE-2017-12444) - Medium [208]

Description: {'vulners_cve_data_all': 'The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12444 was patched at 2024-05-15

6260. Denial of Service - Unknown Product (CVE-2017-12445) - Medium [208]

Description: {'vulners_cve_data_all': 'The JB2BitmapCoder::code_row_by_refinement function in jb2/bmpcoder.cpp in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12445 was patched at 2024-05-15

6261. Denial of Service - Unknown Product (CVE-2017-13736) - Medium [208]

Description: {'vulners_cve_data_all': 'There are lots of memory leaks in the GMCommand function in magick/command.c in GraphicsMagick 1.3.26 that will lead to a remote denial of service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-13736 was patched at 2024-05-15

6262. Denial of Service - Unknown Product (CVE-2017-5580) - Medium [208]

Description: {'vulners_cve_data_all': 'The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and process crash) via a crafted texture instruction.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5580 was patched at 2024-05-15

6263. Denial of Service - Unknown Product (CVE-2017-5937) - Medium [208]

Description: {'vulners_cve_data_all': 'The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d project (aka virglrenderer) 0.6.0 and earlier allows local guest OS users to cause a denial of service (NULL pointer dereference) via a crafted VIRGL_CCMD_CLEAR command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5937 was patched at 2024-05-15

6264. Denial of Service - Unknown Product (CVE-2017-5993) - Medium [208]

Description: {'vulners_cve_data_all': 'Memory leak in the vrend_renderer_init_blit_ctx function in vrend_blitter.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_CCMD_BLIT commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5993 was patched at 2024-05-15

6265. Denial of Service - Unknown Product (CVE-2017-6317) - Medium [208]

Description: {'vulners_cve_data_all': 'Memory leak in the add_shader_program function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (host memory consumption) via vectors involving the sprog variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6317 was patched at 2024-05-15

6266. Denial of Service - Unknown Product (CVE-2017-6386) - Medium [208]

Description: {'vulners_cve_data_all': 'Memory leak in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer allows local guest OS users to cause a denial of service (host memory consumption) via a large number of VIRGL_OBJECT_VERTEX_ELEMENTS commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6386 was patched at 2024-05-15

6267. Denial of Service - Unknown Product (CVE-2017-7522) - Medium [208]

Description: {'vulners_cve_data_all': 'OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to denial-of-service by authenticated remote attacker via sending a certificate with an embedded NULL character.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7522 was patched at 2024-05-15

6268. Denial of Service - Unknown Product (CVE-2017-7994) - Medium [208]

Description: {'vulners_cve_data_all': 'The function TextExtractor::ExtractText in TextExtractor.cpp:77 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7994 was patched at 2024-05-15

6269. Denial of Service - Unknown Product (CVE-2017-9268) - Medium [208]

Description: {'vulners_cve_data_all': 'In the open build service before 201707022 the wipetrigger and rebuild actions checked the wrong project for permissions, allowing authenticated users to cause operations on projects where they did not have permissions leading to denial of service (resource consumption).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9268 was patched at 2024-05-15

6270. Denial of Service - Unknown Product (CVE-2017-9998) - Medium [208]

Description: {'vulners_cve_data_all': 'The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf through 2017-06-28 allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9998 was patched at 2024-05-15

6271. Denial of Service - Unknown Product (CVE-2018-10773) - Medium [208]

Description: {'vulners_cve_data_all': 'NULL pointer deference in the addsn function in serialno.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by copac2xml.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10773 was patched at 2024-05-15

6272. Denial of Service - Unknown Product (CVE-2018-10774) - Medium [208]

Description: {'vulners_cve_data_all': 'Read access violation in the isiin_keyword function in isiin.c in libbibutils.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by isi2xml.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10774 was patched at 2024-05-15

6273. Denial of Service - Unknown Product (CVE-2018-10775) - Medium [208]

Description: {'vulners_cve_data_all': 'NULL pointer dereference in the _fields_add function in fields.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by end2xml.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10775 was patched at 2024-05-15

6274. Denial of Service - Unknown Product (CVE-2018-11202) - Medium [208]

Description: {'vulners_cve_data_all': 'A NULL pointer dereference was discovered in H5S_hyper_make_spans in H5Shyper.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11202 was patched at 2024-05-15

6275. Denial of Service - Unknown Product (CVE-2018-11203) - Medium [208]

Description: {'vulners_cve_data_all': 'A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11203 was patched at 2024-05-15

6276. Denial of Service - Unknown Product (CVE-2018-11204) - Medium [208]

Description: {'vulners_cve_data_all': 'A NULL pointer dereference was discovered in H5O__chunk_deserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11204 was patched at 2024-05-15

6277. Denial of Service - Unknown Product (CVE-2018-11207) - Medium [208]

Description: {'vulners_cve_data_all': 'A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11207 was patched at 2024-05-15

6278. Denial of Service - Unknown Product (CVE-2018-11256) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11256 was patched at 2024-05-15

6279. Denial of Service - Unknown Product (CVE-2018-15671) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-15671 was patched at 2024-05-15

6280. Denial of Service - Unknown Product (CVE-2018-16848) - Medium [208]

Description: {'vulners_cve_data_all': 'A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16848 was patched at 2024-05-15

6281. Denial of Service - Unknown Product (CVE-2018-17432) - Medium [208]

Description: {'vulners_cve_data_all': 'A NULL pointer dereference in H5O_sdspace_encode() in H5Osdspace.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17432 was patched at 2024-05-15

6282. Denial of Service - Unknown Product (CVE-2018-17433) - Medium [208]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflow in ReadGifImageDesc() in gifread.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17433 was patched at 2024-05-15

6283. Denial of Service - Unknown Product (CVE-2018-17435) - Medium [208]

Description: {'vulners_cve_data_all': 'A heap-based buffer over-read in H5O_attr_decode() in H5Oattr.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while converting an HDF file to GIF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17435 was patched at 2024-05-15

6284. Denial of Service - Unknown Product (CVE-2018-17436) - Medium [208]

Description: {'vulners_cve_data_all': 'ReadCode() in decompress.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (invalid write access) via a crafted HDF5 file. This issue was triggered while converting a GIF file to an HDF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17436 was patched at 2024-05-15

6285. Denial of Service - Unknown Product (CVE-2018-19217) - Medium [208]

Description: {'vulners_cve_data_all': 'In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19217 was patched at 2024-05-15

6286. Denial of Service - Unknown Product (CVE-2018-19565) - Medium [208]

Description: {'vulners_cve_data_all': 'A buffer over-read in crop_masked_pixels in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19565 was patched at 2024-05-15

6287. Denial of Service - Unknown Product (CVE-2018-19566) - Medium [208]

Description: {'vulners_cve_data_all': 'A heap buffer over-read in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code or leak private information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19566 was patched at 2024-05-15

6288. Denial of Service - Unknown Product (CVE-2018-19757) - Medium [208]

Description: {'vulners_cve_data_all': 'There is a NULL pointer dereference at function sixel_helper_set_additional_message (status.c) in libsixel 1.8.2 that will cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19757 was patched at 2024-05-15

6289. Denial of Service - Unknown Product (CVE-2018-19837) - Medium [208]

Description: {'vulners_cve_data_all': 'In LibSass prior to 3.5.5, Sass::Eval::operator()(Sass::Binary_Expression*) inside eval.cpp allows attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, because of certain incorrect parsing of '%' as a modulo operator in parser.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19837 was patched at 2024-05-15

6290. Denial of Service - Unknown Product (CVE-2018-19838) - Medium [208]

Description: {'vulners_cve_data_all': 'In LibSass prior to 3.5.5, functions inside ast.cpp for IMPLEMENT_AST_OPERATORS expansion allow attackers to cause a denial-of-service resulting from stack consumption via a crafted sass file, as demonstrated by recursive calls involving clone(), cloneChildren(), and copy().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19838 was patched at 2024-05-15

6291. Denial of Service - Unknown Product (CVE-2018-19876) - Medium [208]

Description: {'vulners_cve_data_all': 'cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, would free memory using a free function incompatible with WebKit's fastMalloc, leading to an application crash with a "free(): invalid pointer" error.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19876 was patched at 2024-05-15

6292. Denial of Service - Unknown Product (CVE-2018-19964) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in Xen 4.11.x allowing x86 guest OS users to cause a denial of service (host OS hang) because the p2m lock remains unavailable indefinitely in certain error conditions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19964 was patched at 2024-05-15

6293. Denial of Service - Unknown Product (CVE-2018-20451) - Medium [208]

Description: {'vulners_cve_data_all': 'The process_file function in reader.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20451 was patched at 2024-05-15

6294. Denial of Service - Unknown Product (CVE-2018-20453) - Medium [208]

Description: {'vulners_cve_data_all': 'The getlong function in numutils.c in libdoc through 2017-10-23 has a heap-based buffer over-read that allows attackers to cause a denial of service (application crash) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20453 was patched at 2024-05-15

6295. Denial of Service - Unknown Product (CVE-2018-20536) - Medium [208]

Description: {'vulners_cve_data_all': 'There is a heap-based buffer over-read at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20536 was patched at 2024-05-15

6296. Denial of Service - Unknown Product (CVE-2018-20537) - Medium [208]

Description: {'vulners_cve_data_all': 'There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20537 was patched at 2024-05-15

6297. Denial of Service - Unknown Product (CVE-2018-20539) - Medium [208]

Description: {'vulners_cve_data_all': 'There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20539 was patched at 2024-05-15

6298. Denial of Service - Unknown Product (CVE-2018-20543) - Medium [208]

Description: {'vulners_cve_data_all': 'There is an attempted excessive memory allocation at libxsmm_sparse_csc_reader in generator_spgemm_csc_reader.c in LIBXSMM 1.10 that will cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20543 was patched at 2024-05-15

6299. Denial of Service - Unknown Product (CVE-2018-20573) - Medium [208]

Description: {'vulners_cve_data_all': 'The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20573 was patched at 2024-05-15

6300. Denial of Service - Unknown Product (CVE-2018-20574) - Medium [208]

Description: {'vulners_cve_data_all': 'The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20574 was patched at 2024-05-15

6301. Denial of Service - Unknown Product (CVE-2018-20821) - Medium [208]

Description: {'vulners_cve_data_all': 'The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20821 was patched at 2024-05-15

6302. Denial of Service - Unknown Product (CVE-2018-20822) - Medium [208]

Description: {'vulners_cve_data_all': 'LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20822 was patched at 2024-05-15

6303. Denial of Service - Unknown Product (CVE-2018-3979) - Medium [208]

Description: {'vulners_cve_data_all': 'A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-3979 was patched at 2024-05-15

6304. Denial of Service - Unknown Product (CVE-2018-6534) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted messages, an attacker can cause a NULL pointer dereference, which can cause the product to crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6534 was patched at 2024-05-15

6305. Denial of Service - Unknown Product (CVE-2018-6942) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6942 was patched at 2024-05-15

6306. Denial of Service - Unknown Product (CVE-2019-1000007) - Medium [208]

Description: {'vulners_cve_data_all': 'aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appears to be exploitable via Remote. A crafted stanza can be sent to an application which uses the vulnerable components to either inject data in a different context or cause the application to reconnect (potentially losing data). This vulnerability appears to have been fixed in 0.10.3.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1000007 was patched at 2024-05-15

6307. Denial of Service - Unknown Product (CVE-2019-10093) - Medium [208]

Description: {'vulners_cve_data_all': 'In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10093 was patched at 2024-05-15

6308. Denial of Service - Unknown Product (CVE-2019-11637) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11637 was patched at 2024-05-15

6309. Denial of Service - Unknown Product (CVE-2019-11638) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11638 was patched at 2024-05-15

6310. Denial of Service - Unknown Product (CVE-2019-12827) - Medium [208]

Description: {'vulners_cve_data_all': 'Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12827 was patched at 2024-05-15

6311. Denial of Service - Unknown Product (CVE-2019-13108) - Medium [208]

Description: {'vulners_cve_data_all': 'An integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (SIGSEGV) via a crafted PNG image file, because PngImage::readMetadata mishandles a zero value for iccOffset.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-13108 was patched at 2024-05-15

6312. Denial of Service - Unknown Product (CVE-2019-14851) - Medium [208]

Description: {'vulners_cve_data_all': 'A denial of service vulnerability was discovered in nbdkit. A client issuing a certain sequence of commands could possibly trigger an assertion failure, causing nbdkit to exit. This issue only affected nbdkit versions 1.12.7, 1.14.1, and 1.15.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14851 was patched at 2024-05-15

6313. Denial of Service - Unknown Product (CVE-2019-15758) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15758 was patched at 2024-05-15

6314. Denial of Service - Unknown Product (CVE-2019-15759) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15759 was patched at 2024-05-15

6315. Denial of Service - Unknown Product (CVE-2019-17342) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging a race condition that arose when XENMEM_exchange was introduced.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17342 was patched at 2024-05-15

6316. Denial of Service - Unknown Product (CVE-2019-20201) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20201 was patched at 2024-05-15

6317. Denial of Service - Unknown Product (CVE-2019-5062) - Medium [208]

Description: {'vulners_cve_data_all': 'An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5062 was patched at 2024-05-15

6318. Denial of Service - Unknown Product (CVE-2019-6285) - Medium [208]

Description: {'vulners_cve_data_all': 'The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6285 was patched at 2024-05-15

6319. Denial of Service - Unknown Product (CVE-2019-6292) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6292 was patched at 2024-05-15

6320. Denial of Service - Unknown Product (CVE-2019-6988) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6988 was patched at 2024-05-15

6321. Denial of Service - Unknown Product (CVE-2019-7151) - Medium [208]

Description: {'vulners_cve_data_all': 'A NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7151 was patched at 2024-05-15

6322. Denial of Service - Unknown Product (CVE-2019-7152) - Medium [208]

Description: {'vulners_cve_data_all': 'A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7152 was patched at 2024-05-15

6323. Denial of Service - Unknown Product (CVE-2019-7153) - Medium [208]

Description: {'vulners_cve_data_all': 'A NULL pointer dereference was discovered in wasm::WasmBinaryBuilder::processFunctions() in wasm/wasm-binary.cpp (when calling wasm::WasmBinaryBuilder::getFunctionIndexName) in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7153 was patched at 2024-05-15

6324. Denial of Service - Unknown Product (CVE-2019-7154) - Medium [208]

Description: {'vulners_cve_data_all': 'The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer/simple_ast.h. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7154 was patched at 2024-05-15

6325. Denial of Service - Unknown Product (CVE-2019-7251) - Medium [208]

Description: {'vulners_cve_data_all': 'An Integer Signedness issue (for a return code) in the res_pjsip_sdp_rtp module in Digium Asterisk versions 15.7.1 and earlier and 16.1.1 and earlier allows remote authenticated users to crash Asterisk via a specially crafted SDP protocol violation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7251 was patched at 2024-05-15

6326. Denial of Service - Unknown Product (CVE-2019-7662) - Medium [208]

Description: {'vulners_cve_data_all': 'An assertion failure was discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp in Binaryen 1.38.22. This allows remote attackers to cause a denial of service (failed assertion and crash) via a crafted wasm file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7662 was patched at 2024-05-15

6327. Denial of Service - Unknown Product (CVE-2019-7700) - Medium [208]

Description: {'vulners_cve_data_all': 'A heap-based buffer over-read was discovered in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-merge.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7700 was patched at 2024-05-15

6328. Denial of Service - Unknown Product (CVE-2019-7701) - Medium [208]

Description: {'vulners_cve_data_all': 'A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm2js.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7701 was patched at 2024-05-15

6329. Denial of Service - Unknown Product (CVE-2019-7702) - Medium [208]

Description: {'vulners_cve_data_all': 'A NULL pointer dereference was discovered in wasm::SExpressionWasmBuilder::parseExpression in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7702 was patched at 2024-05-15

6330. Denial of Service - Unknown Product (CVE-2019-7703) - Medium [208]

Description: {'vulners_cve_data_all': 'In Binaryen 1.38.22, there is a use-after-free problem in wasm::WasmBinaryBuilder::visitCall in wasm-binary.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service via a wasm file, as demonstrated by wasm-merge.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7703 was patched at 2024-05-15

6331. Denial of Service - Unknown Product (CVE-2019-8396) - Medium [208]

Description: {'vulners_cve_data_all': 'A buffer overflow in H5O__layout_encode in H5Olayout.c in the HDF HDF5 through 1.10.4 library allows attackers to cause a denial of service via a crafted HDF5 file. This issue was triggered while repacking an HDF5 file, aka "Invalid write of size 2."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-8396 was patched at 2024-05-15

6332. Denial of Service - Unknown Product (CVE-2019-9211) - Medium [208]

Description: {'vulners_cve_data_all': 'There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9211 was patched at 2024-05-15

6333. Denial of Service - Unknown Product (CVE-2020-11721) - Medium [208]

Description: {'vulners_cve_data_all': 'load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11721 was patched at 2024-05-15

6334. Denial of Service - Unknown Product (CVE-2020-13775) - Medium [208]

Description: {'vulners_cve_data_all': 'ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13775 was patched at 2024-05-15

6335. Denial of Service - Unknown Product (CVE-2020-18378) - Medium [208]

Description: {'vulners_cve_data_all': 'A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18378 was patched at 2024-05-15

6336. Denial of Service - Unknown Product (CVE-2020-18382) - Medium [208]

Description: {'vulners_cve_data_all': 'Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18382 was patched at 2024-05-15

6337. Denial of Service - Unknown Product (CVE-2020-18839) - Medium [208]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18839 was patched at 2024-05-15

6338. Denial of Service - Unknown Product (CVE-2020-19185) - Medium [208]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-19185 was patched at 2024-05-15

6339. Denial of Service - Unknown Product (CVE-2020-19186) - Medium [208]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-19186 was patched at 2024-05-15

6340. Denial of Service - Unknown Product (CVE-2020-19187) - Medium [208]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-19187 was patched at 2024-05-15

6341. Denial of Service - Unknown Product (CVE-2020-19188) - Medium [208]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-19188 was patched at 2024-05-15

6342. Denial of Service - Unknown Product (CVE-2020-19190) - Medium [208]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-19190 was patched at 2024-05-15

6343. Denial of Service - Unknown Product (CVE-2020-24294) - Medium [208]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24294 was patched at 2024-05-15

6344. Denial of Service - Unknown Product (CVE-2020-28163) - Medium [208]

Description: {'vulners_cve_data_all': 'libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28163 was patched at 2024-05-15

6345. Denial of Service - Unknown Product (CVE-2020-35652) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35652 was patched at 2024-05-15

6346. Denial of Service - Unknown Product (CVE-2020-35776) - Medium [208]

Description: {'vulners_cve_data_all': 'A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35776 was patched at 2024-05-15

6347. Denial of Service - Unknown Product (CVE-2020-8689) - Medium [208]

Description: {'vulners_cve_data_all': 'Improper buffer restrictions in the Intel(R) Wireless for Open Source before version 1.5 may allow an unauthenticated user to potentially enable denial of service via adjacent access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-8689 was patched at 2024-05-15

6348. Denial of Service - Unknown Product (CVE-2021-20285) - Medium [208]

Description: {'vulners_cve_data_all': 'A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-20285 was patched at 2024-05-15

6349. Denial of Service - Unknown Product (CVE-2021-26271) - Medium [208]

Description: {'vulners_cve_data_all': 'It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26271 was patched at 2024-05-15

6350. Denial of Service - Unknown Product (CVE-2021-26272) - Medium [208]

Description: {'vulners_cve_data_all': 'It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26272 was patched at 2024-05-15

6351. Denial of Service - Unknown Product (CVE-2021-27836) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-27836 was patched at 2024-05-15

6352. Denial of Service - Unknown Product (CVE-2021-36489) - Medium [208]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-36489 was patched at 2024-05-15

6353. Denial of Service - Unknown Product (CVE-2021-39535) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in libxsmm through v1.16.1-93. A NULL pointer dereference exists in JIT code. It allows an attacker to cause Denial of Service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39535 was patched at 2024-05-15

6354. Denial of Service - Unknown Product (CVE-2021-45340) - Medium [208]

Description: {'vulners_cve_data_all': 'In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45340 was patched at 2024-05-15

6355. Denial of Service - Unknown Product (CVE-2021-46179) - Medium [208]

Description: {'vulners_cve_data_all': 'Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46179 was patched at 2024-05-15

6356. Denial of Service - Unknown Product (CVE-2021-46243) - Medium [208]

Description: {'vulners_cve_data_all': 'An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46243 was patched at 2024-05-15

6357. Denial of Service - Unknown Product (CVE-2021-46244) - Medium [208]

Description: {'vulners_cve_data_all': 'A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46244 was patched at 2024-05-15

6358. Denial of Service - Unknown Product (CVE-2022-0856) - Medium [208]

Description: {'vulners_cve_data_all': 'libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-0856 was patched at 2024-05-15

6359. Denial of Service - Unknown Product (CVE-2022-1210) - Medium [208]

Description: {'vulners_cve_data_all': 'A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the public and may be used.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1210 was patched at 2024-05-15

6360. Denial of Service - Unknown Product (CVE-2022-21708) - Medium [208]

Description: {'vulners_cve_data_all': 'graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows. This in turn could potentially compromise the ability of the server to serve data to its users. The issue has been patched in version `v1.3.0`. The only known workaround for this issue is to disable the `graphql.MaxDepth` option from your schema which is not recommended.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-21708 was patched at 2024-05-15

6361. Denial of Service - Unknown Product (CVE-2022-29788) - Medium [208]

Description: {'vulners_cve_data_all': 'libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29788 was patched at 2024-05-15

6362. Denial of Service - Unknown Product (CVE-2022-29977) - Medium [208]

Description: {'vulners_cve_data_all': 'There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29977 was patched at 2024-05-15

6363. Denial of Service - Unknown Product (CVE-2022-29978) - Medium [208]

Description: {'vulners_cve_data_all': 'There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29978 was patched at 2024-05-15

6364. Denial of Service - Unknown Product (CVE-2022-3433) - Medium [208]

Description: {'vulners_cve_data_all': 'The aeson library is not safe to use to consume untrusted JSON input. A remote user could abuse this flaw to produce a hash collision in the underlying unordered-containers library by sending specially crafted JSON data, resulting in a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3433 was patched at 2024-05-15

6365. Denial of Service - Unknown Product (CVE-2022-3553) - Medium [208]

Description: {'vulners_cve_data_all': 'A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-211053 was assigned to this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3553 was patched at 2024-05-15

6366. Denial of Service - Unknown Product (CVE-2022-37428) - Medium [208]

Description: {'vulners_cve_data_all': 'PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-37428 was patched at 2024-05-15

6367. Denial of Service - Unknown Product (CVE-2023-0183) - Medium [208]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0183 was patched at 2024-05-15

6368. Denial of Service - Unknown Product (CVE-2023-20863) - Medium [208]

Description: {'vulners_cve_data_all': 'In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-20863 was patched at 2024-05-15

6369. Denial of Service - Unknown Product (CVE-2023-24180) - Medium [208]

Description: {'vulners_cve_data_all': 'Libelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmap_loader.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted elf file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-24180 was patched at 2024-05-15

6370. Denial of Service - Unknown Product (CVE-2023-24808) - Medium [208]

Description: {'vulners_cve_data_all': ' PDFio is a C library for reading and writing PDF files. In versions prior to 1.1.0 a denial of service (DOS) vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. The pdf which causes this crash found in testing is about 28kb in size and was discovered via fuzzing. Anyone who uses this library either as a standalone binary or as a library can be DOSed when attempting to parse this type of file. Web servers or other automated processes which rely on this code to turn pdf submissions into plaintext can be DOSed when an attacker uploads the pdf. Please see the linked GHSA for an example pdf. Users are advised to upgrade. There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-24808 was patched at 2024-05-15

6371. Denial of Service - Unknown Product (CVE-2023-29415) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29415 was patched at 2024-05-15

6372. Denial of Service - Unknown Product (CVE-2023-30536) - Medium [208]

Description: {'vulners_cve_data_all': 'slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline (\\n) into both the header names and values. While the specification states that \\r\\n\\r\\n is used to terminate the header list, many servers in the wild will also accept \\n\\n. An attacker that is able to control the header names that are passed to Slilm-Psr7 would be able to intentionally craft invalid messages, possibly causing application errors or invalid HTTP requests being sent out with an PSR-18 HTTP client. The latter might present a denial of service vector if a remote service’s web application firewall bans the application due to the receipt of malformed requests. The issue has been patched in version 1.6.1. There are no known workarounds to this issue. Users are advised to upgrade.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-30536 was patched at 2024-05-15

6373. Denial of Service - Unknown Product (CVE-2023-32181) - Medium [208]

Description: {'vulners_cve_data_all': 'A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf allows for DoS via malformed configuration files\nThis issue affects libeconf: before 0.5.2.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-32181 was patched at 2024-05-15

6374. Denial of Service - Unknown Product (CVE-2023-47993) - Medium [208]

Description: {'vulners_cve_data_all': 'A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-47993 was patched at 2024-05-15

6375. Denial of Service - Unknown Product (CVE-2023-47995) - Medium [208]

Description: {'vulners_cve_data_all': 'Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-47995 was patched at 2024-05-15

6376. Denial of Service - Unknown Product (CVE-2023-47996) - Medium [208]

Description: {'vulners_cve_data_all': 'An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-47996 was patched at 2024-05-15

6377. Denial of Service - Unknown Product (CVE-2023-47997) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-47997 was patched at 2024-05-15

6378. Denial of Service - Unknown Product (CVE-2024-0074) - Medium [208]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver for Linux contains a vulnerability where an attacker may access a memory location after the end of the buffer. A successful exploit of this vulnerability may lead to denial of service and data tampering.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-0074 was patched at 2024-05-15

6379. Denial of Service - Unknown Product (CVE-2024-3651) - Medium [208]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to BDU data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-3651 was patched at 2024-05-29, 2024-06-11

debian: CVE-2024-3651 was patched at 2024-05-15

oraclelinux: CVE-2024-3651 was patched at 2024-05-31, 2024-06-13

redhat: CVE-2024-3651 was patched at 2024-05-29, 2024-06-03, 2024-06-11

redos: CVE-2024-3651 was patched at 2024-05-27

ubuntu: CVE-2024-3651 was patched at 2024-05-21

6380. Incorrect Calculation - Unknown Product (CVE-2007-6355) - Medium [208]

Description: {'vulners_cve_data_all': 'Integer overflow in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability than CVE-2007-6354.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6355 was patched at 2024-05-15

6381. Incorrect Calculation - Unknown Product (CVE-2008-6079) - Medium [208]

Description: {'vulners_cve_data_all': 'imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to "several heap and stack based buffer overflows - partly due to integer overflows."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6079 was patched at 2024-05-15

6382. Incorrect Calculation - Unknown Product (CVE-2009-0165) - Medium [208]

Description: {'vulners_cve_data_all': 'Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0165 was patched at 2024-05-15

6383. Incorrect Calculation - Unknown Product (CVE-2009-0947) - Medium [208]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in the (1) cdf_read_property_info and (2) cdf_read_sat functions in file before 5.02.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0947 was patched at 2024-05-15

6384. Incorrect Calculation - Unknown Product (CVE-2016-4009) - Medium [208]

Description: {'vulners_cve_data_all': 'Integer overflow in the ImagingResampleHorizontal function in libImaging/Resample.c in Pillow before 3.1.1 allows remote attackers to have unspecified impact via negative values of the new size, which triggers a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4009 was patched at 2024-05-15

6385. Incorrect Calculation - Unknown Product (CVE-2018-1000810) - Medium [208]

Description: {'vulners_cve_data_all': 'The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integer Overflow to Buffer Overflow vulnerability in standard library that can result in buffer overflow. This attack appear to be exploitable via str::repeat, passed a large number, can overflow an internal buffer. This vulnerability appears to have been fixed in 1.29.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000810 was patched at 2024-05-15

6386. Incorrect Calculation - Unknown Product (CVE-2018-10244) - Medium [208]

Description: {'vulners_cve_data_all': 'Suricata version 4.0.4 incorrectly handles the parsing of an EtherNet/IP PDU. A malformed PDU can cause the parsing code to read beyond the allocated data because DecodeENIPPDU in app-layer-enip-commmon.c has an integer overflow during a length check.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10244 was patched at 2024-05-15

6387. Incorrect Calculation - Unknown Product (CVE-2018-18928) - Medium [208]

Description: {'vulners_cve_data_all': 'International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18928 was patched at 2024-05-15

6388. Incorrect Calculation - Unknown Product (CVE-2019-10877) - Medium [208]

Description: {'vulners_cve_data_all': 'In Teeworlds 0.7.2, there is an integer overflow in CMap::Load() in engine/shared/map.cpp that can lead to a buffer overflow, because multiplication of width and height is mishandled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10877 was patched at 2024-05-15

6389. Incorrect Calculation - Unknown Product (CVE-2019-13107) - Medium [208]

Description: {'vulners_cve_data_all': 'Multiple integer overflows exist in MATIO before 1.5.16, related to mat.c, mat4.c, mat5.c, mat73.c, and matvar_struct.c', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-13107 was patched at 2024-05-15

6390. Incorrect Calculation - Unknown Product (CVE-2019-13445) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. parseOptions() in tools/rosbag/src/record.cpp has an integer overflow when a crafted split option can be entered on the command line.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-13445 was patched at 2024-05-15

6391. Incorrect Calculation - Unknown Product (CVE-2019-19636) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_encode_body at tosixel.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19636 was patched at 2024-05-15

6392. Incorrect Calculation - Unknown Product (CVE-2019-19637) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19637 was patched at 2024-05-15

6393. Incorrect Calculation - Unknown Product (CVE-2019-19638) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19638 was patched at 2024-05-15

6394. Incorrect Calculation - Unknown Product (CVE-2021-33797) - Medium [208]

Description: {'vulners_cve_data_all': 'Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33797 was patched at 2024-05-15

6395. Incorrect Calculation - Unknown Product (CVE-2021-3420) - Medium [208]

Description: {'vulners_cve_data_all': 'A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3420 was patched at 2024-05-15

6396. Incorrect Calculation - Unknown Product (CVE-2023-51714) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-51714 was patched at 2024-04-30, 2024-05-22

debian: CVE-2023-51714 was patched at 2024-05-15

oraclelinux: CVE-2023-51714 was patched at 2024-05-02, 2024-05-23

redhat: CVE-2023-51714 was patched at 2024-04-30, 2024-05-22

redos: CVE-2023-51714 was patched at 2024-06-06

6397. Incorrect Calculation - Unknown Product (CVE-2023-52389) - Medium [208]

Description: {'vulners_cve_data_all': 'UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52389 was patched at 2024-05-15

6398. Incorrect Calculation - Unknown Product (CVE-2024-28231) - Medium [208]

Description: {'vulners_cve_data_all': 'eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payload_size in the DATA Submessage packet is declared as uint32_t. When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow, causing the program to terminate. Versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 contain a fix for this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28231 was patched at 2024-05-15

6399. Memory Corruption - Unknown Product (CVE-2002-1225) - Medium [208]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in Heimdal before 0.5, possibly in both the (1) kadmind and (2) kdc servers, may allow remote attackers to gain root access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1225 was patched at 2024-05-15

6400. Memory Corruption - Unknown Product (CVE-2002-1226) - Medium [208]

Description: {'vulners_cve_data_all': 'Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, possibly in the (1) kadmind and (2) kdc servers, may allow remote or local attackers to gain root or other access, but not via buffer overflows (CVE-2002-1225).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1226 was patched at 2024-05-15

6401. Memory Corruption - Unknown Product (CVE-2004-2159) - Medium [208]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 have unknown impact and attack vectors via (1) xml_elem.c and (2) xml_select.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2159 was patched at 2024-05-15

6402. Memory Corruption - Unknown Product (CVE-2007-0510) - Medium [208]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) preserve.c in AWFFull 3.7.1 and earlier have unknown impact and attack vectors. NOTE: some of these details are obtained from third party information. NOTE: There may not be any attack vector that crosses privilege boundaries.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0510 was patched at 2024-05-15

6403. Memory Corruption - Unknown Product (CVE-2007-1959) - Medium [208]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vectors, related to lack of the "'other half' of buffer overflow protection."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1959 was patched at 2024-05-15

6404. Memory Corruption - Unknown Product (CVE-2007-5199) - Medium [208]

Description: {'vulners_cve_data_all': 'A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows remote attackers to have unspecified impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5199 was patched at 2024-05-15

6405. Memory Corruption - Unknown Product (CVE-2008-0728) - Medium [208]

Description: {'vulners_cve_data_all': 'The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0728 was patched at 2024-05-15

6406. Memory Corruption - Unknown Product (CVE-2009-0414) - Medium [208]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0414 was patched at 2024-05-15

6407. Memory Corruption - Unknown Product (CVE-2009-0948) - Medium [208]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in the (1) cdf_read_sat, (2) cdf_read_long_sector_chain, and (3) cdf_read_ssat function in file before 5.02.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0948 was patched at 2024-05-15

6408. Memory Corruption - Unknown Product (CVE-2009-2460) - Medium [208]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when downloaded before 20090713, have unspecified impact and remote attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2460 was patched at 2024-05-15

6409. Memory Corruption - Unknown Product (CVE-2012-5196) - Medium [208]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5196 was patched at 2024-05-15

6410. Memory Corruption - Unknown Product (CVE-2013-7088) - Medium [208]

Description: {'vulners_cve_data_all': 'ClamAV before 0.97.7 has buffer overflow in the libclamav component', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7088 was patched at 2024-05-15

6411. Memory Corruption - Unknown Product (CVE-2014-9488) - Medium [208]

Description: {'vulners_cve_data_all': 'The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9488 was patched at 2024-05-15

6412. Memory Corruption - Unknown Product (CVE-2015-1430) - Medium [208]

Description: {'vulners_cve_data_all': 'Buffer overflow in xymon 4.3.17-1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1430 was patched at 2024-05-15

6413. Memory Corruption - Unknown Product (CVE-2015-7510) - Medium [208]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7510 was patched at 2024-05-15

6414. Memory Corruption - Unknown Product (CVE-2016-3177) - Medium [208]

Description: {'vulners_cve_data_all': 'Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3177 was patched at 2024-05-15

6415. Memory Corruption - Unknown Product (CVE-2017-1000044) - Medium [208]

Description: {'vulners_cve_data_all': 'gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000044 was patched at 2024-05-15

6416. Memory Corruption - Unknown Product (CVE-2017-12940) - Medium [208]

Description: {'vulners_cve_data_all': 'libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12940 was patched at 2024-05-15

6417. Memory Corruption - Unknown Product (CVE-2017-12941) - Medium [208]

Description: {'vulners_cve_data_all': 'libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12941 was patched at 2024-05-15

6418. Memory Corruption - Unknown Product (CVE-2017-12942) - Medium [208]

Description: {'vulners_cve_data_all': 'libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the Unpack::LongLZ function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12942 was patched at 2024-05-15

6419. Memory Corruption - Unknown Product (CVE-2017-9432) - Medium [208]

Description: {'vulners_cve_data_all': 'Document Liberation Project libstaroffice before 2017-04-07 has an out-of-bounds write caused by a stack-based buffer overflow related to the DatabaseName::read function in lib/StarWriterStruct.cxx.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9432 was patched at 2024-05-15

6420. Memory Corruption - Unknown Product (CVE-2017-9728) - Medium [208]

Description: {'vulners_cve_data_all': 'In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp function in misc/regex/regexec.c when processing a crafted regular expression.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9728 was patched at 2024-05-15

6421. Memory Corruption - Unknown Product (CVE-2018-13794) - Medium [208]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflow exists in stbi__bmp_load_cont in stb_image.h in catimg 2.4.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-13794 was patched at 2024-05-15

6422. Memory Corruption - Unknown Product (CVE-2018-18439) - Medium [208]

Description: {'vulners_cve_data_all': 'DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18439 was patched at 2024-05-15

6423. Memory Corruption - Unknown Product (CVE-2019-1010022) - Medium [208]

Description: {'vulners_cve_data_all': 'GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010022 was patched at 2024-05-15

6424. Memory Corruption - Unknown Product (CVE-2019-11059) - Medium [208]

Description: {'vulners_cve_data_all': 'Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11059 was patched at 2024-05-15

6425. Memory Corruption - Unknown Product (CVE-2019-11577) - Medium [208]

Description: {'vulners_cve_data_all': 'dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11577 was patched at 2024-05-15

6426. Memory Corruption - Unknown Product (CVE-2019-11766) - Medium [208]

Description: {'vulners_cve_data_all': 'dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11766 was patched at 2024-05-15

6427. Memory Corruption - Unknown Product (CVE-2019-13952) - Medium [208]

Description: {'vulners_cve_data_all': 'The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv6 address in zone data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-13952 was patched at 2024-05-15

6428. Memory Corruption - Unknown Product (CVE-2019-14201) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14201 was patched at 2024-05-15

6429. Memory Corruption - Unknown Product (CVE-2019-14202) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14202 was patched at 2024-05-15

6430. Memory Corruption - Unknown Product (CVE-2019-14203) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14203 was patched at 2024-05-15

6431. Memory Corruption - Unknown Product (CVE-2019-14204) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14204 was patched at 2024-05-15

6432. Memory Corruption - Unknown Product (CVE-2019-14531) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14531 was patched at 2024-05-15

6433. Memory Corruption - Unknown Product (CVE-2019-15554) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is memory corruption for certain grow attempts with less than the current capacity.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15554 was patched at 2024-05-15

6434. Memory Corruption - Unknown Product (CVE-2019-15717) - Medium [208]

Description: {'vulners_cve_data_all': 'Irssi 1.2.x before 1.2.2 has a use-after-free if the IRC server sends a double CAP.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15717 was patched at 2024-05-15

6435. Memory Corruption - Unknown Product (CVE-2019-19635) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function sixel_decode_raw_impl at fromsixel.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19635 was patched at 2024-05-15

6436. Memory Corruption - Unknown Product (CVE-2019-19905) - Medium [208]

Description: {'vulners_cve_data_all': 'NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19905 was patched at 2024-05-15

6437. Memory Corruption - Unknown Product (CVE-2019-9687) - Medium [208]

Description: {'vulners_cve_data_all': 'PoDoFo 0.9.6 has a heap-based buffer overflow in PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9687 was patched at 2024-05-15

6438. Memory Corruption - Unknown Product (CVE-2020-13901) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_merge in sdp.c has a stack-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13901 was patched at 2024-05-15

6439. Memory Corruption - Unknown Product (CVE-2020-14315) - Medium [208]

Description: {'vulners_cve_data_all': 'A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-14315 was patched at 2024-05-15

6440. Memory Corruption - Unknown Product (CVE-2020-14938) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-14938 was patched at 2024-05-15

6441. Memory Corruption - Unknown Product (CVE-2020-14983) - Medium [208]

Description: {'vulners_cve_data_all': 'The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-14983 was patched at 2024-05-15

6442. Memory Corruption - Unknown Product (CVE-2020-15475) - Medium [208]

Description: {'vulners_cve_data_all': 'In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c omits certain reinitialization, leading to a use-after-free.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15475 was patched at 2024-05-15

6443. Memory Corruption - Unknown Product (CVE-2020-24027) - Medium [208]

Description: {'vulners_cve_data_all': 'In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24027 was patched at 2024-05-15

6444. Memory Corruption - Unknown Product (CVE-2020-25969) - Medium [208]

Description: {'vulners_cve_data_all': 'gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25969 was patched at 2024-05-15

6445. Memory Corruption - Unknown Product (CVE-2020-27372) - Medium [208]

Description: {'vulners_cve_data_all': 'A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27372 was patched at 2024-05-15

6446. Memory Corruption - Unknown Product (CVE-2020-36177) - Medium [208]

Description: {'vulners_cve_data_all': 'RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-of-bounds write for certain relationships between key size and digest size.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36177 was patched at 2024-05-15

6447. Memory Corruption - Unknown Product (CVE-2020-9366) - Medium [208]

Description: {'vulners_cve_data_all': 'A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-9366 was patched at 2024-05-15

6448. Memory Corruption - Unknown Product (CVE-2021-25900) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in the smallvec crate before 0.6.14 and 1.x before 1.6.1 for Rust. There is a heap-based buffer overflow in SmallVec::insert_many.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-25900 was patched at 2024-05-15

6449. Memory Corruption - Unknown Product (CVE-2021-26957) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because there is an out-of-bounds read in xcb::xproto::change_property(), as demonstrated by a format=32 T=u8 situation where out-of-bounds bytes are sent to an X server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26957 was patched at 2024-05-15

6450. Memory Corruption - Unknown Product (CVE-2021-33390) - Medium [208]

Description: {'vulners_cve_data_all': 'dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnerablility than CVE-2021-32421.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33390 was patched at 2024-05-15

6451. Memory Corruption - Unknown Product (CVE-2021-3466) - Medium [208]

Description: {'vulners_cve_data_all': 'A flaw was found in libmicrohttpd. A missing bounds check in the post_process_urlencoded function leads to a buffer overflow, allowing a remote attacker to write arbitrary data in an application that uses libmicrohttpd. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Only version 0.9.70 is vulnerable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3466 was patched at 2024-05-15

6452. Memory Corruption - Unknown Product (CVE-2021-37592) - Medium [208]

Description: {'vulners_cve_data_all': 'Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37592 was patched at 2024-05-15

6453. Memory Corruption - Unknown Product (CVE-2021-40818) - Medium [208]

Description: {'vulners_cve_data_all': 'scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40818 was patched at 2024-05-15

6454. Memory Corruption - Unknown Product (CVE-2021-41556) - Medium [208]

Description: {'vulners_cve_data_all': 'sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41556 was patched at 2024-05-15

6455. Memory Corruption - Unknown Product (CVE-2021-41736) - Medium [208]

Description: {'vulners_cve_data_all': 'Faust v2.35.0 was discovered to contain a heap-buffer overflow in the function realPropagate() at propagate.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41736 was patched at 2024-05-15

6456. Memory Corruption - Unknown Product (CVE-2021-42863) - Medium [208]

Description: {'vulners_cve_data_all': 'A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42863 was patched at 2024-05-15

6457. Memory Corruption - Unknown Product (CVE-2021-43453) - Medium [208]

Description: {'vulners_cve_data_all': 'A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file. This issue is similar to CVE-2020-29657.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43453 was patched at 2024-05-15

6458. Memory Corruption - Unknown Product (CVE-2021-45005) - Medium [208]

Description: {'vulners_cve_data_all': 'Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45005 was patched at 2024-05-15

6459. Memory Corruption - Unknown Product (CVE-2021-45707) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45707 was patched at 2024-05-15

6460. Memory Corruption - Unknown Product (CVE-2022-0080) - Medium [208]

Description: {'vulners_cve_data_all': 'mruby is vulnerable to Heap-based Buffer Overflow', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-0080 was patched at 2024-05-15

6461. Memory Corruption - Unknown Product (CVE-2022-27240) - Medium [208]

Description: {'vulners_cve_data_all': 'scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-27240 was patched at 2024-05-15

6462. Memory Corruption - Unknown Product (CVE-2022-28550) - Medium [208]

Description: {'vulners_cve_data_all': 'Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead. jhead copies strings to a stack buffer when it detects a &i or &o. However, jhead does not check the boundary of the stack buffer. As a result, there will be a stack buffer overflow problem when multiple `&i` or `&o` are given.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-28550 was patched at 2024-05-15

6463. Memory Corruption - Unknown Product (CVE-2022-29503) - Medium [208]

Description: {'vulners_cve_data_all': 'A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29503 was patched at 2024-05-15

6464. Memory Corruption - Unknown Product (CVE-2022-30292) - Medium [208]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in sqbaselib.cpp in SQUIRREL 3.2 due to lack of a certain sq_reservestack call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-30292 was patched at 2024-05-15

6465. Memory Corruption - Unknown Product (CVE-2022-33047) - Medium [208]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-33047 was patched at 2024-05-15

6466. Memory Corruption - Unknown Product (CVE-2022-48620) - Medium [208]

Description: {'vulners_cve_data_all': 'uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48620 was patched at 2024-05-15

6467. Memory Corruption - Unknown Product (CVE-2023-37117) - Medium [208]

Description: {'vulners_cve_data_all': 'A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-37117 was patched at 2024-05-15

6468. Memory Corruption - Unknown Product (CVE-2023-45666) - Medium [208]

Description: {'vulners_cve_data_all': 'stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. Thus it would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non null value. However at the same time the function may return null value, but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. Thus the issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45666 was patched at 2024-05-15

6469. Memory Corruption - Unknown Product (CVE-2023-47118) - Medium [208]

Description: {'vulners_cve_data_all': 'ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of T64 codec that crashes the ClickHouse server process. This attack does not require authentication. Note that this exploit can also be triggered via HTTP protocol, however, the attacker will need a valid credential as the HTTP authentication take places first. This issue has been fixed in version 23.10.2.13-stable, 23.9.4.11-stable, 23.8.6.16-lts and 23.3.16.7-lts.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-47118 was patched at 2024-05-15

6470. Memory Corruption - Unknown Product (CVE-2023-49208) - Medium [208]

Description: {'vulners_cve_data_all': 'scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49208 was patched at 2024-05-15

6471. Path Traversal - Unknown Product (CVE-2010-1679) - Medium [208]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1679 was patched at 2024-05-15

6472. Path Traversal - Unknown Product (CVE-2011-4350) - Medium [208]

Description: {'vulners_cve_data_all': 'Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4350 was patched at 2024-05-15

6473. Path Traversal - Unknown Product (CVE-2018-12560) - Medium [208]

Description: {'vulners_cve_data_all': 'An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12560 was patched at 2024-05-15

6474. Path Traversal - Unknown Product (CVE-2021-33178) - Medium [208]

Description: {'vulners_cve_data_all': 'The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33178 was patched at 2024-05-15

6475. Path Traversal - Unknown Product (CVE-2022-48285) - Medium [208]

Description: {'vulners_cve_data_all': 'loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48285 was patched at 2024-05-15

6476. Path Traversal - Unknown Product (CVE-2023-35946) - Medium [208]

Description: {'vulners_cve_data_all': 'Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build's configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-35946 was patched at 2024-05-15

6477. Security Feature Bypass - Unknown Product (CVE-2020-13882) - Medium [208]

Description: {'vulners_cve_data_all': 'CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and control that up to the point where the specific routine is doing its check. After that, the file can be removed, recreated, and used for additional attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13882 was patched at 2024-05-15

6478. Security Feature Bypass - Unknown Product (CVE-2020-36389) - Medium [208]

Description: {'vulners_cve_data_all': 'In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36389 was patched at 2024-05-15

6479. Security Feature Bypass - Unknown Product (CVE-2023-32644) - Medium [208]

Description: {'vulners_cve_data_all': 'Protection mechanism failure for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-32644 was patched at 2024-05-15

6480. Security Feature Bypass - Unknown Product (CVE-2023-34983) - Medium [208]

Description: {'vulners_cve_data_all': 'Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34983 was patched at 2024-05-15

6481. Arbitrary File Reading - Unknown Product (CVE-2002-1311) - Medium [207]

Description: {'vulners_cve_data_all': 'Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1311 was patched at 2024-05-15

6482. Arbitrary File Reading - Unknown Product (CVE-2003-0832) - Medium [207]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0832 was patched at 2024-05-15

6483. Arbitrary File Reading - Unknown Product (CVE-2004-0405) - Medium [207]

Description: {'vulners_cve_data_all': 'CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot dot) sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0405 was patched at 2024-05-15

6484. Arbitrary File Reading - Unknown Product (CVE-2005-0372) - Medium [207]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0372 was patched at 2024-05-15

6485. Arbitrary File Reading - Unknown Product (CVE-2006-0707) - Medium [207]

Description: {'vulners_cve_data_all': 'PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0707 was patched at 2024-05-15

6486. Arbitrary File Reading - Unknown Product (CVE-2006-0847) - Medium [207]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0847 was patched at 2024-05-15

6487. Arbitrary File Reading - Unknown Product (CVE-2006-1062) - Medium [207]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier allows attackers to read arbitrary files via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1062 was patched at 2024-05-15

6488. Arbitrary File Reading - Unknown Product (CVE-2006-2658) - Medium [207]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2658 was patched at 2024-05-15

6489. Arbitrary File Reading - Unknown Product (CVE-2008-1270) - Medium [207]

Description: {'vulners_cve_data_all': 'mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not set, uses a default of $HOME, which might allow remote attackers to read arbitrary files, as demonstrated by accessing the ~nobody directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1270 was patched at 2024-05-15

6490. Arbitrary File Reading - Unknown Product (CVE-2008-4297) - Medium [207]

Description: {'vulners_cve_data_all': 'Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4297 was patched at 2024-05-15

6491. Arbitrary File Reading - Unknown Product (CVE-2009-0753) - Medium [207]

Description: {'vulners_cve_data_all': 'Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 allows remote attackers to read arbitrary files via a leading "//" (double slash) in the filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0753 was patched at 2024-05-15

6492. Arbitrary File Reading - Unknown Product (CVE-2010-1457) - Medium [207]

Description: {'vulners_cve_data_all': 'Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a (1) -c or (2) -a option, which prints file contents in an error message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1457 was patched at 2024-05-15

6493. Arbitrary File Reading - Unknown Product (CVE-2010-3306) - Medium [207]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in the modURL function in instance.c in Weborf before 0.12.3 allows remote attackers to read arbitrary files via ..%2f sequences in a URI.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3306 was patched at 2024-05-15

6494. Arbitrary File Reading - Unknown Product (CVE-2011-1589) - Medium [207]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1589 was patched at 2024-05-15

6495. Arbitrary File Reading - Unknown Product (CVE-2012-2139) - Medium [207]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the to parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2139 was patched at 2024-05-15

6496. Arbitrary File Reading - Unknown Product (CVE-2012-3521) - Medium [207]

Description: {'vulners_cve_data_all': 'Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) geshi-path or (2) geshi-lang-path parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3521 was patched at 2024-05-15

6497. Arbitrary File Reading - Unknown Product (CVE-2013-0332) - Medium [207]

Description: {'vulners_cve_data_all': 'Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0332 was patched at 2024-05-15

6498. Information Disclosure - Unknown Product (CVE-2002-1592) - Medium [207]

Description: {'vulners_cve_data_all': 'The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1592 was patched at 2024-05-15

6499. Information Disclosure - Unknown Product (CVE-2004-1948) - Medium [207]

Description: {'vulners_cve_data_all': 'NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1948 was patched at 2024-05-15

6500. Information Disclosure - Unknown Product (CVE-2004-2479) - Medium [207]

Description: {'vulners_cve_data_all': 'Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2479 was patched at 2024-05-15

6501. Information Disclosure - Unknown Product (CVE-2005-0438) - Medium [207]

Description: {'vulners_cve_data_all': 'awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0438 was patched at 2024-05-15

6502. Information Disclosure - Unknown Product (CVE-2005-1688) - Medium [207]

Description: {'vulners_cve_data_all': 'Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1688 was patched at 2024-05-15

6503. Information Disclosure - Unknown Product (CVE-2006-6085) - Medium [207]

Description: {'vulners_cve_data_all': 'Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6085 was patched at 2024-05-15

6504. Information Disclosure - Unknown Product (CVE-2007-0902) - Medium [207]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the "Show debugging information" feature in MoinMoin 1.5.7 allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0902 was patched at 2024-05-15

6505. Information Disclosure - Unknown Product (CVE-2007-2353) - Medium [207]

Description: {'vulners_cve_data_all': 'Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2353 was patched at 2024-05-15

6506. Information Disclosure - Unknown Product (CVE-2007-5686) - Medium [207]

Description: {'vulners_cve_data_all': 'initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5686 was patched at 2024-05-15

6507. Information Disclosure - Unknown Product (CVE-2008-0191) - Medium [207]

Description: {'vulners_cve_data_all': 'WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0191 was patched at 2024-05-15

6508. Information Disclosure - Unknown Product (CVE-2009-2260) - Medium [207]

Description: {'vulners_cve_data_all': 'stardict 3.0.1, when Enable Net Dict is configured, sends the contents of the clipboard to a dictionary server, which allows remote attackers to obtain sensitive information by sniffing the network.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2260 was patched at 2024-05-15

6509. Information Disclosure - Unknown Product (CVE-2009-2431) - Medium [207]

Description: {'vulners_cve_data_all': 'WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2431 was patched at 2024-05-15

6510. Information Disclosure - Unknown Product (CVE-2010-0385) - Medium [207]

Description: {'vulners_cve_data_all': 'Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when functioning as a bridge directory authority, allows remote attackers to obtain sensitive information about bridge identities and bridge descriptors via a dbg-stability.txt directory query.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0385 was patched at 2024-05-15

6511. Information Disclosure - Unknown Product (CVE-2010-0667) - Medium [207]

Description: {'vulners_cve_data_all': 'MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of the sys.argv array in situations where the GATEWAY_INTERFACE environment variable is set, which allows remote attackers to obtain sensitive information via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0667 was patched at 2024-05-15

6512. Information Disclosure - Unknown Product (CVE-2010-3075) - Medium [207]

Description: {'vulners_cve_data_all': 'EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3075 was patched at 2024-05-15

6513. Information Disclosure - Unknown Product (CVE-2010-3430) - Medium [207]

Description: {'vulners_cve_data_all': 'The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissions, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3430 was patched at 2024-05-15

6514. Information Disclosure - Unknown Product (CVE-2010-3902) - Medium [207]

Description: {'vulners_cve_data_all': 'OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3902 was patched at 2024-05-15

6515. Information Disclosure - Unknown Product (CVE-2011-1433) - Medium [207]

Description: {'vulners_cve_data_all': 'The (1) AgentInterface and (2) CustomerInterface components in Open Ticket Request System (OTRS) before 3.0.6 place cleartext credentials into the session data in the database, which makes it easier for context-dependent attackers to obtain sensitive information by reading the _UserLogin and _UserPW fields.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1433 was patched at 2024-05-15

6516. Information Disclosure - Unknown Product (CVE-2012-3419) - Medium [207]

Description: {'vulners_cve_data_all': 'Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3419 was patched at 2024-05-15

6517. Information Disclosure - Unknown Product (CVE-2012-3519) - Medium [207]

Description: {'vulners_cve_data_all': 'routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3519 was patched at 2024-05-15

6518. Information Disclosure - Unknown Product (CVE-2013-4114) - Medium [207]

Description: {'vulners_cve_data_all': 'The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmission of a username and password, which allows remote attackers to obtain sensitive information by sniffing the network.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4114 was patched at 2024-05-15

6519. Information Disclosure - Unknown Product (CVE-2013-6833) - Medium [207]

Description: {'vulners_cve_data_all': 'The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6833 was patched at 2024-05-15

6520. Information Disclosure - Unknown Product (CVE-2013-6834) - Medium [207]

Description: {'vulners_cve_data_all': 'The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from kernel memory via a crafted ioctl call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6834 was patched at 2024-05-15

6521. Information Disclosure - Unknown Product (CVE-2014-5209) - Medium [207]

Description: {'vulners_cve_data_all': 'An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5209 was patched at 2024-05-15

6522. Information Disclosure - Unknown Product (CVE-2014-9018) - Medium [207]

Description: {'vulners_cve_data_all': 'Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9018 was patched at 2024-05-15

6523. Information Disclosure - Unknown Product (CVE-2015-1548) - Medium [207]

Description: {'vulners_cve_data_all': 'mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1548 was patched at 2024-05-15

6524. Information Disclosure - Unknown Product (CVE-2017-0630) - Medium [207]

Description: {'vulners_cve_data_all': 'An information disclosure vulnerability in the kernel trace subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34277115.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0630 was patched at 2024-05-15

6525. Information Disclosure - Unknown Product (CVE-2017-6514) - Medium [207]

Description: {'vulners_cve_data_all': 'WordPress 4.7.2 mishandles listings of post authors, which allows remote attackers to obtain sensitive information (Path Disclosure) via a /wp-json/oembed/1.0/embed?url= request, related to the "author_name":" substring.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6514 was patched at 2024-05-15

6526. Information Disclosure - Unknown Product (CVE-2018-19046) - Medium [207]

Description: {'vulners_cve_data_all': 'keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19046 was patched at 2024-05-15

6527. Information Disclosure - Unknown Product (CVE-2019-1010299) - Medium [207]

Description: {'vulners_cve_data_all': 'The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of uninitialized memory could be printed to string or to log file. The component is: Debug trait implementation for std::collections::vec_deque::Iter. The attack vector is: The program needs to invoke debug printing for iterator over an empty VecDeque. The fixed version is: 1.30.0, nightly versions after commit b85e4cc8fadaabd41da5b9645c08c68b8f89908d.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010299 was patched at 2024-05-15

6528. Information Disclosure - Unknown Product (CVE-2020-7955) - Medium [207]

Description: {'vulners_cve_data_all': 'HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7955 was patched at 2024-05-15

6529. Information Disclosure - Unknown Product (CVE-2021-24116) - Medium [207]

Description: {'vulners_cve_data_all': 'In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-24116 was patched at 2024-05-15

6530. Information Disclosure - Unknown Product (CVE-2021-32419) - Medium [207]

Description: {'vulners_cve_data_all': 'An issue in Schism Tracker v20200412 fixed in v.20200412 allows attacker to obtain sensitive information via the fmt_mtm_load_song function in fmt/mtm.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32419 was patched at 2024-05-15

6531. Information Disclosure - Unknown Product (CVE-2022-29973) - Medium [207]

Description: {'vulners_cve_data_all': 'relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in the filesystem) in certain situations involving offsets beyond ValidDataLength.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29973 was patched at 2024-05-15

6532. Information Disclosure - Unknown Product (CVE-2023-43490) - Medium [207]

Description: {'vulners_cve_data_all': 'Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-43490 was patched at 2024-05-15

ubuntu: CVE-2023-43490 was patched at 2024-05-29

6533. Information Disclosure - Unknown Product (CVE-2023-5692) - Medium [207]

Description: {'vulners_cve_data_all': 'WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-5692 was patched at 2024-05-15

6534. Information Disclosure - Unknown Product (CVE-2024-21501) - Medium [207]

Description: {'vulners_cve_data_all': 'Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-21501 was patched at 2024-05-15

6535. Unknown Vulnerability Type - ImageMagick (CVE-2014-9827) - Medium [207]

Description: {'vulners_cve_data_all': 'coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9827 was patched at 2024-05-15

6536. Unknown Vulnerability Type - ImageMagick (CVE-2017-17880) - Medium [207]

Description: {'vulners_cve_data_all': 'In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to a WEBP_DECODER_ABI_VERSION check.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17880 was patched at 2024-05-15

6537. Unknown Vulnerability Type - ImageMagick (CVE-2018-11624) - Medium [207]

Description: {'vulners_cve_data_all': 'In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11624 was patched at 2024-05-15

6538. Unknown Vulnerability Type - ImageMagick (CVE-2018-9135) - Medium [207]

Description: {'vulners_cve_data_all': 'In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in IsWEBPImageLossless in coders/webp.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-9135 was patched at 2024-05-15

6539. Unknown Vulnerability Type - Perl (CVE-2008-5398) - Medium [207]

Description: {'vulners_cve_data_all': 'Tor before 0.2.0.32 does not properly process the ClientDNSRejectInternalAddresses configuration option in situations where an exit relay issues a policy-based refusal of a stream, which allows remote exit relays to have an unknown impact by mapping an internal IP address to the destination hostname of a refused stream.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5398 was patched at 2024-05-15

6540. Unknown Vulnerability Type - Perl (CVE-2011-1599) - Medium [207]

Description: {'vulners_cve_data_all': 'manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1599 was patched at 2024-05-15

6541. Unknown Vulnerability Type - Perl (CVE-2012-3490) - Medium [207]

Description: {'vulners_cve_data_all': 'The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils/my_popen.cpp and the (3) systemCommand function in condor_vm-gahp/vmgahp_common.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the return value of setuid calls, which might cause a subprocess to be created with root privileges and allow remote attackers to gain privileges via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3490 was patched at 2024-05-15

6542. Unknown Vulnerability Type - Perl (CVE-2016-9180) - Medium [207]

Description: {'vulners_cve_data_all': 'perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9180 was patched at 2024-05-15

6543. Unknown Vulnerability Type - Python (CVE-2007-1253) - Medium [207]

Description: {'vulners_cve_data_all': 'Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1253 was patched at 2024-05-15

6544. Unknown Vulnerability Type - Python (CVE-2009-5042) - Medium [207]

Description: {'vulners_cve_data_all': 'python-docutils allows insecure usage of temporary files', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5042 was patched at 2024-05-15

6545. Unknown Vulnerability Type - Python (CVE-2020-15271) - Medium [207]

Description: {'vulners_cve_data_all': 'In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. As a workaround, the `lookatme/contrib/terminal.py` and `lookatme/contrib/file_loader.py` files may be manually deleted. Additionally, it is always recommended to be aware of what is being rendered with lookatme.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15271 was patched at 2024-05-15

6546. Unknown Vulnerability Type - Python (CVE-2022-39254) - Medium [207]

Description: {'vulners_cve_data_all': 'matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.20 fixes the issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.910CVSS Base Score is 8.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-39254 was patched at 2024-05-15

6547. Unknown Vulnerability Type - Roundcube (CVE-2015-2180) - Medium [207]

Description: {'vulners_cve_data_all': 'The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2180 was patched at 2024-05-15

6548. Arbitrary File Writing - Unknown Product (CVE-2003-0282) - Medium [205]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0282 was patched at 2024-05-15

6549. Arbitrary File Writing - Unknown Product (CVE-2004-2014) - Medium [205]

Description: {'vulners_cve_data_all': 'Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2014 was patched at 2024-05-15

6550. Arbitrary File Writing - Unknown Product (CVE-2005-1918) - Medium [205]

Description: {'vulners_cve_data_all': 'The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1918 was patched at 2024-05-15

6551. Arbitrary File Writing - Unknown Product (CVE-2006-0950) - Medium [205]

Description: {'vulners_cve_data_all': 'unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0950 was patched at 2024-05-15

6552. Arbitrary File Writing - Unknown Product (CVE-2006-5215) - Medium [205]

Description: {'vulners_cve_data_all': 'The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5215 was patched at 2024-05-15

6553. Arbitrary File Writing - Unknown Product (CVE-2007-4462) - Medium [205]

Description: {'vulners_cve_data_all': 'lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to overwrite arbitrary files via a symlink attack on the gettextization.failed.po temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4462 was patched at 2024-05-15

6554. Arbitrary File Writing - Unknown Product (CVE-2007-5200) - Medium [205]

Description: {'vulners_cve_data_all': 'hugin, as used on various operating systems including SUSE openSUSE 10.2 and 10.3, allows local users to overwrite arbitrary files via a symlink attack on the hugin_debug_optim_results.txt temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5200 was patched at 2024-05-15

6555. Arbitrary File Writing - Unknown Product (CVE-2007-5207) - Medium [205]

Description: {'vulners_cve_data_all': 'guilt 0.27 allows local users to overwrite arbitrary files via a symlink attack on a guilt.log.[PID] temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5207 was patched at 2024-05-15

6556. Arbitrary File Writing - Unknown Product (CVE-2008-4908) - Medium [205]

Description: {'vulners_cve_data_all': 'maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4908 was patched at 2024-05-15

6557. Arbitrary File Writing - Unknown Product (CVE-2009-1753) - Medium [205]

Description: {'vulners_cve_data_all': 'Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a symlink attack on an unspecified "result file."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1753 was patched at 2024-05-15

6558. Arbitrary File Writing - Unknown Product (CVE-2009-5044) - Medium [205]

Description: {'vulners_cve_data_all': 'contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5044 was patched at 2024-05-15

6559. Arbitrary File Writing - Unknown Product (CVE-2010-0156) - Medium [205]

Description: {'vulners_cve_data_all': 'Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0156 was patched at 2024-05-15

6560. Arbitrary File Writing - Unknown Product (CVE-2010-2056) - Medium [205]

Description: {'vulners_cve_data_all': 'GNU gv before 3.7.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2056 was patched at 2024-05-15

6561. Arbitrary File Writing - Unknown Product (CVE-2011-0007) - Medium [205]

Description: {'vulners_cve_data_all': 'pimd 2.1.5 and possibly earlier versions allows user-assisted local users to overwrite arbitrary files via a symlink attack on (1) pimd.dump when a USR1 signal is sent, or (2) pimd.cache when USR2 is sent.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0007 was patched at 2024-05-15

6562. Arbitrary File Writing - Unknown Product (CVE-2011-0702) - Medium [205]

Description: {'vulners_cve_data_all': 'The feh_unique_filename function in utils.c in feh before 1.11.2 might allow local users to overwrite arbitrary files via a symlink attack on a /tmp/feh_ temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0702 was patched at 2024-05-15

6563. Arbitrary File Writing - Unknown Product (CVE-2011-2533) - Medium [205]

Description: {'vulners_cve_data_all': 'The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2533 was patched at 2024-05-15

6564. Arbitrary File Writing - Unknown Product (CVE-2012-1906) - Medium [205]

Description: {'vulners_cve_data_all': 'Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1906 was patched at 2024-05-15

6565. Arbitrary File Writing - Unknown Product (CVE-2012-2093) - Medium [205]

Description: {'vulners_cve_data_all': 'src/common/latex.py in Gajim 0.15 allows local users to overwrite arbitrary files via a symlink attack on a temporary latex file, related to the get_tmpfile_name function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2093 was patched at 2024-05-15

6566. Arbitrary File Writing - Unknown Product (CVE-2012-2120) - Medium [205]

Description: {'vulners_cve_data_all': 'latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2120 was patched at 2024-05-15

6567. Arbitrary File Writing - Unknown Product (CVE-2012-5564) - Medium [205]

Description: {'vulners_cve_data_all': 'android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5564 was patched at 2024-05-15

6568. Arbitrary File Writing - Unknown Product (CVE-2012-6607) - Medium [205]

Description: {'vulners_cve_data_all': 'The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6607 was patched at 2024-05-15

6569. Arbitrary File Writing - Unknown Product (CVE-2013-1444) - Medium [205]

Description: {'vulners_cve_data_all': 'A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, 1.5.5-4, and others, allows local users to overwrite arbitrary files via a symlink attack on /tmp/2222.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1444 was patched at 2024-05-15

6570. Arbitrary File Writing - Unknown Product (CVE-2013-2142) - Medium [205]

Description: {'vulners_cve_data_all': 'userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.pem, (3) libimobiledevicerc, (4) RootCertificate.pem, or (5) RootPrivateKey.pem in /tmp/root/.config/libimobiledevice/.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2142 was patched at 2024-05-15

6571. Arbitrary File Writing - Unknown Product (CVE-2013-4116) - Medium [205]

Description: {'vulners_cve_data_all': 'lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4116 was patched at 2024-05-15

6572. Arbitrary File Writing - Unknown Product (CVE-2013-4277) - Medium [205]

Description: {'vulners_cve_data_all': 'Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4277 was patched at 2024-05-15

6573. Arbitrary File Writing - Unknown Product (CVE-2013-4472) - Medium [205]

Description: {'vulners_cve_data_all': 'The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4472 was patched at 2024-05-15

6574. Arbitrary File Writing - Unknown Product (CVE-2014-1638) - Medium [205]

Description: {'vulners_cve_data_all': '(1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1638 was patched at 2024-05-15

6575. Arbitrary File Writing - Unknown Product (CVE-2014-1639) - Medium [205]

Description: {'vulners_cve_data_all': 'syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1639 was patched at 2024-05-15

6576. Arbitrary File Writing - Unknown Product (CVE-2014-1640) - Medium [205]

Description: {'vulners_cve_data_all': 'axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1640 was patched at 2024-05-15

6577. Arbitrary File Writing - Unknown Product (CVE-2014-3986) - Medium [205]

Description: {'vulners_cve_data_all': 'include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3986 was patched at 2024-05-15

6578. Memory Corruption - FFmpeg (CVE-2024-31578) - Medium [205]

Description: FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31578 was patched at 2024-05-15

ubuntu: CVE-2024-31578 was patched at 2024-05-30

6579. Memory Corruption - QEMU (CVE-2024-26327) - Medium [205]

Description: An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26327 was patched at 2024-05-15

6580. Memory Corruption - QEMU (CVE-2024-26328) - Medium [205]

Description: {'vulners_cve_data_all': 'An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26328 was patched at 2024-05-15

6581. Open Redirect - Unknown Product (CVE-2019-9837) - Medium [205]

Description: {'vulners_cve_data_all': 'Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.7515Open Redirect
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9837 was patched at 2024-05-15

6582. Open Redirect - Unknown Product (CVE-2020-26275) - Medium [205]

Description: {'vulners_cve_data_all': 'The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability could cause the jupyter server to redirect the browser to a different malicious website. All jupyter servers running without a base_url prefix are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may *appear* safe, but ultimately redirect to a spoofed server on the public internet. This same vulnerability was patched in upstream notebook v5.7.8. This is fixed in jupyter_server 1.1.1. If upgrade is not available, a workaround can be to run your server on a url prefix: "jupyter server --ServerApp.base_url=/jupyter/".', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.7515Open Redirect
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-26275 was patched at 2024-05-15

6583. Open Redirect - Unknown Product (CVE-2020-36627) - Medium [205]

Description: {'vulners_cve_data_all': 'A vulnerability was found in Macaron i18n. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file i18n.go. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 0.5.0 is able to address this issue. The name of the patch is 329b0c4844cc16a5a253c011b55180598e707735. It is recommended to upgrade the affected component. The identifier VDB-216745 was assigned to this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.7515Open Redirect
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36627 was patched at 2024-05-15

6584. Open Redirect - Unknown Product (CVE-2021-22881) - Medium [205]

Description: {'vulners_cve_data_all': 'The Host Authorization middleware in Action Pack before 6.1.2.1, 6.0.3.5 suffers from an open redirect vulnerability. Specially crafted `Host` headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. Impacted applications will have allowed hosts with a leading dot. When an allowed host contains a leading dot, a specially crafted `Host` header can be used to redirect to a malicious website.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.7515Open Redirect
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-22881 was patched at 2024-05-15

6585. Open Redirect - Unknown Product (CVE-2022-25803) - Medium [205]

Description: {'vulners_cve_data_all': 'Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.7515Open Redirect
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25803 was patched at 2024-05-15

6586. Open Redirect - Unknown Product (CVE-2022-28923) - Medium [205]

Description: {'vulners_cve_data_all': 'Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.7515Open Redirect
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-28923 was patched at 2024-05-15

6587. Open Redirect - Unknown Product (CVE-2023-39968) - Medium [205]

Description: {'vulners_cve_data_all': 'jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.7515Open Redirect
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39968 was patched at 2024-05-15

6588. Open Redirect - Unknown Product (CVE-2023-46750) - Medium [205]

Description: {'vulners_cve_data_all': 'URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro.\nMitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.7515Open Redirect
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46750 was patched at 2024-05-15

6589. Open Redirect - Unknown Product (CVE-2024-25715) - Medium [205]

Description: {'vulners_cve_data_all': 'Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.7515Open Redirect
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25715 was patched at 2024-05-15

6590. Unknown Vulnerability Type - APT (CVE-2015-7744) - Medium [204]

Description: {'vulners_cve_data_all': 'wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7744 was patched at 2024-05-15

6591. Unknown Vulnerability Type - APT (CVE-2017-7443) - Medium [204]

Description: {'vulners_cve_data_all': 'apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP response splitting via encoded newline characters, related to lack of blocking for the %0[ad] regular expression.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7443 was patched at 2024-05-15

6592. Unknown Vulnerability Type - Binutils (CVE-2018-9996) - Medium [204]

Description: {'vulners_cve_data_all': 'An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-9996 was patched at 2024-05-15

6593. Unknown Vulnerability Type - Binutils (CVE-2022-35206) - Medium [204]

Description: {'vulners_cve_data_all': 'Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35206 was patched at 2024-05-15

6594. Unknown Vulnerability Type - GNOME desktop (CVE-2007-3920) - Medium [204]

Description: {'vulners_cve_data_all': 'GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3920 was patched at 2024-05-15

6595. Unknown Vulnerability Type - GNOME desktop (CVE-2010-0285) - Medium [204]

Description: {'vulners_cve_data_all': 'gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.610CVSS Base Score is 5.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0285 was patched at 2024-05-15

6596. Unknown Vulnerability Type - GNOME desktop (CVE-2010-0732) - Medium [204]

Description: {'vulners_cve_data_all': 'gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0732 was patched at 2024-05-15

6597. Unknown Vulnerability Type - GNOME desktop (CVE-2017-11171) - Medium [204]

Description: {'vulners_cve_data_all': 'Bad reference counting in the context of accept_ice_connection() in gsm-xsmp-server.c in old versions of gnome-session up until version 2.29.92 allows a local attacker to establish ICE connections to gnome-session with invalid authentication data (an invalid magic cookie). Each failed authentication attempt will leak a file descriptor in gnome-session. When the maximum number of file descriptors is exhausted in the gnome-session process, it will enter an infinite loop trying to communicate without success, consuming 100% of the CPU. The graphical session associated with the gnome-session process will stop working correctly, because communication with gnome-session is no longer possible.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11171 was patched at 2024-05-15

6598. Unknown Vulnerability Type - GNOME desktop (CVE-2019-19308) - Medium [204]

Description: {'vulners_cve_data_all': 'In text_to_glyphs in sushi-font-widget.c in gnome-font-viewer 3.34.0, there is a NULL pointer dereference while parsing a TTF font file that lacks a name section (due to a g_strconcat call that returns NULL).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19308 was patched at 2024-05-15

6599. Unknown Vulnerability Type - GNOME desktop (CVE-2019-19451) - Medium [204]

Description: {'vulners_cve_data_all': 'When GNOME Dia before 2019-11-27 is launched with a filename argument that is not a valid codepoint in the current encoding, it enters an endless loop, thus endlessly writing text to stdout. If this launch is from a thumbnailer service, this output will usually be written to disk via the system's logging facility (potentially with elevated privileges), thus filling up the disk and eventually rendering the system unusable. (The filename can be for a nonexistent file.) NOTE: this does not affect an upstream release, but affects certain Linux distribution packages with version numbers such as 0.97.3.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19451 was patched at 2024-05-15

6600. Unknown Vulnerability Type - GNOME desktop (CVE-2020-24661) - Medium [204]

Description: {'vulners_cve_data_all': 'GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates (e.g., self-signed certificates) when the client system is not configured to use a system-provided PKCS#11 store. This allows a meddler in the middle to present a different invalid certificate to intercept incoming and outgoing mail.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24661 was patched at 2024-05-15

6601. Unknown Vulnerability Type - GNOME desktop (CVE-2020-6750) - Medium [204]

Description: {'vulners_cve_data_all': 'GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-6750 was patched at 2024-05-15

6602. Unknown Vulnerability Type - GNOME desktop (CVE-2021-39359) - Medium [204]

Description: {'vulners_cve_data_all': 'In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39359 was patched at 2024-05-15

6603. Unknown Vulnerability Type - GNOME desktop (CVE-2021-39360) - Medium [204]

Description: {'vulners_cve_data_all': 'In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39360 was patched at 2024-05-15

6604. Unknown Vulnerability Type - GNOME desktop (CVE-2021-39361) - Medium [204]

Description: {'vulners_cve_data_all': 'In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39361 was patched at 2024-05-15

6605. Unknown Vulnerability Type - GNU C Library (CVE-2021-40647) - Medium [204]

Description: {'vulners_cve_data_all': 'In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it allows arbitrary write anywhere in the programs memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40647 was patched at 2024-05-15

6606. Unknown Vulnerability Type - ICMP (CVE-2018-17156) - Medium [204]

Description: {'vulners_cve_data_all': 'In FreeBSD before 11.2-STABLE(r340268) and 11.2-RELEASE-p5, due to incorrectly accounting for padding on 64-bit platforms, a buffer underwrite could occur when constructing an ICMP reply packet when using a non-standard value for the net.inet.icmp.quotelen sysctl.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The Internet Control Message Protocol (ICMP) is a network layer protocol used by network devices to diagnose network communication issues
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17156 was patched at 2024-05-15

6607. Unknown Vulnerability Type - Mozilla Firefox (CVE-2006-0299) - Medium [204]

Description: {'vulners_cve_data_all': 'The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0299 was patched at 2024-05-15

6608. Unknown Vulnerability Type - Mozilla Firefox (CVE-2006-5462) - Medium [204]

Description: {'vulners_cve_data_all': 'Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5462 was patched at 2024-05-15

6609. Unknown Vulnerability Type - Mozilla Firefox (CVE-2006-6585) - Medium [204]

Description: {'vulners_cve_data_all': 'The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6585 was patched at 2024-05-15

6610. Unknown Vulnerability Type - Mozilla Firefox (CVE-2017-6590) - Medium [204]

Description: {'vulners_cve_data_all': 'An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6590 was patched at 2024-05-15

6611. Unknown Vulnerability Type - Mozilla Firefox (CVE-2020-12413) - Medium [204]

Description: {'vulners_cve_data_all': 'The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-12413 was patched at 2024-05-15

6612. Unknown Vulnerability Type - OpenSSL (CVE-2011-4354) - Medium [204]

Description: {'vulners_cve_data_all': 'crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular reduction algorithm in its implementation of the P-256 and P-384 NIST elliptic curves, which allows remote attackers to obtain the private key of a TLS server via multiple handshake attempts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4354 was patched at 2024-05-15

6613. Unknown Vulnerability Type - OpenSSL (CVE-2021-3446) - Medium [204]

Description: {'vulners_cve_data_all': 'A flaw was found in libtpms in versions before 0.8.2. The commonly used integration of libtpms with OpenSSL contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3446 was patched at 2024-05-15

6614. Unknown Vulnerability Type - OpenSSL (CVE-2024-2467) - Medium [204]

Description: {'vulners_cve_data_all': 'A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-2467 was patched at 2024-05-15

6615. Unknown Vulnerability Type - OpenSSL (CVE-2024-3296) - Medium [204]

Description: {'vulners_cve_data_all': 'A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3296 was patched at 2024-05-15

6616. Unknown Vulnerability Type - PHP (CVE-2007-3543) - Medium [204]

Description: {'vulners_cve_data_all': 'Unrestricted file upload vulnerability in WordPress before 2.2.1 and WordPress MU before 1.2.3 allows remote authenticated users to upload and execute arbitrary PHP code by making a post that specifies a .php filename in the _wp_attached_file metadata field; and then sending this file's content, along with its post_ID value, to (1) wp-app.php or (2) app.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3543 was patched at 2024-05-15

6617. Unknown Vulnerability Type - PHP (CVE-2010-4257) - Medium [204]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4257 was patched at 2024-05-15

6618. Unknown Vulnerability Type - PHP (CVE-2012-2402) - Medium [204]

Description: {'vulners_cve_data_all': 'wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2402 was patched at 2024-05-15

6619. Unknown Vulnerability Type - PHP (CVE-2012-5583) - Medium [204]

Description: {'vulners_cve_data_all': 'phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5583 was patched at 2024-05-15

6620. Unknown Vulnerability Type - PHP (CVE-2017-12871) - Medium [204]

Description: {'vulners_cve_data_all': 'The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by leveraging use of the first 16 bytes of the secret key as the initialization vector (IV).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12871 was patched at 2024-05-15

6621. Unknown Vulnerability Type - PHP (CVE-2020-11441) - Medium [204]

Description: {'vulners_cve_data_all': 'phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11441 was patched at 2024-05-15

6622. Unknown Vulnerability Type - PHP (CVE-2021-26247) - Medium [204]

Description: {'vulners_cve_data_all': 'As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26247 was patched at 2024-05-15

6623. Unknown Vulnerability Type - RPC (CVE-2018-19653) - Medium [204]

Description: {'vulners_cve_data_all': 'HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19653 was patched at 2024-05-15

6624. Cross Site Scripting - Unknown Product (CVE-2016-10537) - Medium [202]

Description: {'vulners_cve_data_all': 'backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as `<` to `<`.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10537 was patched at 2024-05-15

6625. Cross Site Scripting - Unknown Product (CVE-2018-15641) - Medium [202]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in the browser of a victim via crafted calendar event attributes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-15641 was patched at 2024-05-15

6626. Cross Site Scripting - Unknown Product (CVE-2018-17572) - Medium [202]

Description: {'vulners_cve_data_all': 'InfluxDB 0.9.5 has Reflected XSS in the Write Data module.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17572 was patched at 2024-05-15

6627. Cross Site Scripting - Unknown Product (CVE-2018-18247) - Medium [202]

Description: {'vulners_cve_data_all': 'Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18247 was patched at 2024-05-15

6628. Cross Site Scripting - Unknown Product (CVE-2018-19142) - Medium [202]

Description: {'vulners_cve_data_all': 'Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19142 was patched at 2024-05-15

6629. Cross Site Scripting - Unknown Product (CVE-2018-1999024) - Medium [202]

Description: {'vulners_cve_data_all': 'MathJax version prior to version 2.7.4 contains a Cross Site Scripting (XSS) vulnerability in the \\unicode{} macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processed using Mathjax. This vulnerability appears to have been fixed in 2.7.4 and later.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1999024 was patched at 2024-05-15

6630. Cross Site Scripting - Unknown Product (CVE-2018-3717) - Medium [202]

Description: {'vulners_cve_data_all': 'connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-3717 was patched at 2024-05-15

6631. Cross Site Scripting - Unknown Product (CVE-2019-13072) - Medium [202]

Description: {'vulners_cve_data_all': 'Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-13072 was patched at 2024-05-15

6632. Cross Site Scripting - Unknown Product (CVE-2021-4020) - Medium [202]

Description: {'vulners_cve_data_all': 'janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4020 was patched at 2024-05-15

6633. Cross Site Scripting - Unknown Product (CVE-2022-25020) - Medium [202]

Description: {'vulners_cve_data_all': 'A cross-site scripting (XSS) vulnerability in Pluxml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the thumbnail path of a blog post.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25020 was patched at 2024-05-15

6634. Cross Site Scripting - Unknown Product (CVE-2022-30768) - Medium [202]

Description: {'vulners_cve_data_all': 'A Stored Cross Site Scripting (XSS) issue in ZoneMinder 1.36.12 allows an attacker to execute HTML or JavaScript code via the Username field when an Admin (or non-Admin users that can see other users logged into the platform) clicks on Logout. NOTE: this exists in later versions than CVE-2019-7348 and requires a different attack method.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-30768 was patched at 2024-05-15

6635. Cross Site Scripting - Unknown Product (CVE-2022-3704) - Medium [202]

Description: {'vulners_cve_data_all': 'A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319. NOTE: Maintainer declares that there isn’t a valid attack vector. The issue was wrongly reported as a security vulnerability by a non-member of the Rails team.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3704 was patched at 2024-05-15

debian: CVE-2022-37047 was patched at 2024-05-15

debian: CVE-2022-37048 was patched at 2024-05-15

debian: CVE-2022-37049 was patched at 2024-05-15

6636. Cross Site Scripting - Unknown Product (CVE-2022-4396) - Medium [202]

Description: {'vulners_cve_data_all': 'A vulnerability was found in RDFlib pyrdfa3 and classified as problematic. This issue affects the function _get_option of the file pyRdfa/__init__.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ffd1d62dd50d5f4190013b39cedcdfbd81f3ce3e. It is recommended to apply a patch to fix this issue. The identifier VDB-215249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-4396 was patched at 2024-05-15

6637. Cross Site Scripting - Unknown Product (CVE-2022-46165) - Medium [202]

Description: {'vulners_cve_data_all': 'Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and moves the mouse over the latest sync, a script could be executed to change settings for shared folders or add devices automatically. Additionally adding a new device with a malicious name could embed HTML or JavaScript inside parts of the page. As a result the webUI may be subject to a stored cross site scripting attack. This issue has been addressed in version 1.23.5. Users are advised to upgrade. Users unable to upgrade should avoid sharing folders with untrusted users.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-46165 was patched at 2024-05-15

6638. Cross Site Scripting - Unknown Product (CVE-2023-29839) - Medium [202]

Description: {'vulners_cve_data_all': 'A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29839 was patched at 2024-05-15

6639. Cross Site Scripting - Unknown Product (CVE-2023-34408) - Medium [202]

Description: {'vulners_cve_data_all': 'DokuWiki before 2023-04-04a allows XSS via RSS titles.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34408 was patched at 2024-05-15

6640. Cross Site Scripting - Unknown Product (CVE-2023-34537) - Medium [202]

Description: {'vulners_cve_data_all': 'A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34537 was patched at 2024-05-15

6641. Cross Site Scripting - Unknown Product (CVE-2024-27104) - Medium [202]

Description: {'vulners_cve_data_all': 'GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject to an XSS attack. This issue has been patched in version 10.0.13.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

redos: CVE-2024-27104 was patched at 2024-05-03

6642. Cross Site Scripting - Unknown Product (CVE-2024-34064) - Medium [202]

Description: {'vulners_cve_data_all': 'Jinja is an extensible templating engine. The `xmlattr` filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, `/`, `>`, or `=`, as each would then be interpreted as starting a separate attribute. If an application accepts keys (as opposed to only values) as user input, and renders these in pages that other users see as well, an attacker could use this to inject other attributes and perform XSS. The fix for CVE-2024-22195 only addressed spaces but not other characters. Accepting keys as user input is now explicitly considered an unintended use case of the `xmlattr` filter, and code that does so without otherwise validating the input should be flagged as insecure, regardless of Jinja version. Accepting _values_ as user input continues to be safe. This vulnerability is fixed in 3.1.4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-34064 was patched at 2024-06-11

debian: CVE-2024-34064 was patched at 2024-05-15

oraclelinux: CVE-2024-34064 was patched at 2024-06-11

redhat: CVE-2024-34064 was patched at 2024-06-11

ubuntu: CVE-2024-34064 was patched at 2024-05-28

6643. Remote Code Execution - Unknown Product (CVE-2005-4791) - Medium [202]

Description: {'vulners_cve_data_all': 'Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4791 was patched at 2024-05-15

6644. Remote Code Execution - Unknown Product (CVE-2006-2289) - Medium [202]

Description: {'vulners_cve_data_all': 'Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2289 was patched at 2024-05-15

6645. Unknown Vulnerability Type - 7-Zip (CVE-2008-6536) - Medium [202]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514KeePass is a free open source password manager, which helps you to manage your passwords in a secure way
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6536 was patched at 2024-05-15

6646. Unknown Vulnerability Type - Cacti (CVE-2002-1478) - Medium [202]

Description: {'vulners_cve_data_all': 'Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1478 was patched at 2024-05-15

6647. Unknown Vulnerability Type - Cacti (CVE-2005-2149) - Medium [202]

Description: {'vulners_cve_data_all': 'config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2149 was patched at 2024-05-15

6648. Unknown Vulnerability Type - Docker (CVE-2014-0048) - Medium [202]

Description: {'vulners_cve_data_all': 'An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Docker
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0048 was patched at 2024-05-15

6649. Unknown Vulnerability Type - Docker (CVE-2015-9259) - Medium [202]

Description: {'vulners_cve_data_all': 'In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Docker
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-9259 was patched at 2024-05-15

6650. Unknown Vulnerability Type - TLS (CVE-2013-7098) - Medium [202]

Description: {'vulners_cve_data_all': 'OpenConnect VPN client with GnuTLS before 5.02 contains a heap overflow if MTU is increased on reconnection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7098 was patched at 2024-05-15

6651. Unknown Vulnerability Type - TLS (CVE-2018-21029) - Medium [202]

Description: {'vulners_cve_data_all': 'systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-21029 was patched at 2024-05-15

6652. Unknown Vulnerability Type - TLS (CVE-2020-15474) - Medium [202]

Description: {'vulners_cve_data_all': 'In nDPI through 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15474 was patched at 2024-05-15

6653. Unknown Vulnerability Type - TLS (CVE-2020-15917) - Medium [202]

Description: {'vulners_cve_data_all': 'common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15917 was patched at 2024-05-15

6654. Unknown Vulnerability Type - TRIE (CVE-2016-7404) - Medium [202]

Description: {'vulners_cve_data_all': 'OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TRIE
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7404 was patched at 2024-05-15

6655. Unknown Vulnerability Type - TRIE (CVE-2019-16411) - Medium [202]

Description: {'vulners_cve_data_all': 'An issue was discovered in Suricata 4.1.4. By sending multiple IPv4 packets that have invalid IPv4Options, the function IPV4OptValidateTimestamp in decode-ipv4.c tries to access a memory region that is not allocated. There is a check for o->len < 5 (corresponding to 2 bytes of header and 3 bytes of data). Then, "flag = *(o->data + 3)" places one beyond the 3 bytes, because the code should have been "flag = *(o->data + 1)" instead.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TRIE
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16411 was patched at 2024-05-15

6656. Unknown Vulnerability Type - TRIE (CVE-2020-10574) - Medium [202]

Description: {'vulners_cve_data_all': 'An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "query_logger" Admin API request, because of a typo in the JSON validation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TRIE
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10574 was patched at 2024-05-15

6657. Unknown Vulnerability Type - TRIE (CVE-2022-28890) - Medium [202]

Description: {'vulners_cve_data_all': 'A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TRIE
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-28890 was patched at 2024-05-15

6658. Unknown Vulnerability Type - Unknown Product (CVE-2022-20128) - Medium [202]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([githubexploit] Exploit for CVE-2022-20128)
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-20128 was patched at 2024-05-15

6659. Unknown Vulnerability Type - Unknown Product (CVE-2024-31837) - Medium [202]

Description: {'vulners_cve_data_all': 'DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string vulnerability, with a threat model similar to CVE-2017-7938.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists1.017The existence of a publicly available exploit is mentioned on Vulners website ([zdt] DMitry - ( Deepmagic Information Gathering Tool ) - Local Stack Buffer Overflow Vulnerability, [exploitpack] Dmitry 1.3a - Local Buffer Overflow (PoC), [packetstorm] Dmitry 1.3a Local Stack Buffer Overflow, [exploitdb] Dmitry 1.3a - Local Buffer Overflow (PoC))
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31837 was patched at 2024-05-15

6660. Unknown Vulnerability Type - Xrdp (CVE-2013-1430) - Medium [202]

Description: {'vulners_cve_data_all': 'An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the user's cleartext password, DES encrypted with a known key.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514xrdp is an open source remote desktop protocol server
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1430 was patched at 2024-05-15

Low (4816)

6661. Unknown Vulnerability Type - BIND (CVE-2015-8400) - Low [199]

Description: {'vulners_cve_data_all': 'The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8400 was patched at 2024-05-15

6662. Unknown Vulnerability Type - BIND (CVE-2021-21263) - Low [199]

Description: {'vulners_cve_data_all': 'Laravel is a web application framework. Versions of Laravel before 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the query builder, an unexpected number of query bindings can be added to the query. In some situations, this will simply lead to no results being returned by the query builder; however, it is possible certain queries could be affected in a way that causes the query to return unexpected results.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-21263 was patched at 2024-05-15

6663. Unknown Vulnerability Type - Curl (CVE-2017-2629) - Low [199]

Description: {'vulners_cve_data_all': 'curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when there is none or if the server doesn't support the TLS extension in question. This could lead to users not detecting when a server's certificate goes invalid or otherwise be mislead that the server is in a better shape than it is in reality. This flaw also exists in the command line tool (--cert-status).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2629 was patched at 2024-05-15

6664. Unknown Vulnerability Type - ESXi (CVE-2011-1787) - Low [199]

Description: {'vulners_cve_data_all': 'Race condition in mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to gain privileges on the guest OS by mounting a filesystem on top of an arbitrary directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714VMware ESXi (formerly ESX) is an enterprise-class, type-1 hypervisor developed by VMware for deploying and serving virtual computers
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1787 was patched at 2024-05-15

6665. Unknown Vulnerability Type - FFmpeg (CVE-2018-1999015) - Low [199]

Description: {'vulners_cve_data_all': 'FFmpeg before commit 5aba5b89d0b1d73164d3b81764828bb8b20ff32a contains an out of array read vulnerability in ASF_F format demuxer that can result in heap memory reading. This attack appear to be exploitable via specially crafted ASF file that has to provided as input. This vulnerability appears to have been fixed in 5aba5b89d0b1d73164d3b81764828bb8b20ff32a and later.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1999015 was patched at 2024-05-15

6666. Unknown Vulnerability Type - MediaWiki (CVE-2010-1648) - Low [199]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in the login interface in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to hijack the authentication of users for requests that (1) create accounts or (2) reset passwords, related to the Special:Userlogin form.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1648 was patched at 2024-05-15

6667. Unknown Vulnerability Type - MediaWiki (CVE-2015-2940) - Low [199]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2940 was patched at 2024-05-15

6668. Unknown Vulnerability Type - MediaWiki (CVE-2015-8003) - Low [199]

Description: {'vulners_cve_data_all': 'MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8003 was patched at 2024-05-15

6669. Unknown Vulnerability Type - MediaWiki (CVE-2016-6336) - Low [199]

Description: {'vulners_cve_data_all': 'MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6336 was patched at 2024-05-15

6670. Unknown Vulnerability Type - MediaWiki (CVE-2017-0369) - Low [199]

Description: {'vulners_cve_data_all': 'Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0369 was patched at 2024-05-15

6671. Unknown Vulnerability Type - SQLite (CVE-2018-17197) - Low [199]

Description: {'vulners_cve_data_all': 'A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714SQLite is a database engine written in the C programming language
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17197 was patched at 2024-05-15

6672. Unknown Vulnerability Type - iOS (CVE-2020-12474) - Low [199]

Description: {'vulners_cve_data_all': 'Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-12474 was patched at 2024-05-15

6673. Unknown Vulnerability Type - iOS (CVE-2023-28999) - Low [199]

Description: {'vulners_cve_data_all': 'Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files.\u200b This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-28999 was patched at 2024-05-15

6674. Authentication Bypass - Unknown Product (CVE-2001-1534) - Low [198]

Description: {'vulners_cve_data_all': 'mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2001-1534 was patched at 2024-05-15

6675. Unknown Vulnerability Type - Apache HTTP Server (CVE-2003-1307) - Low [197]

Description: {'vulners_cve_data_all': 'The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-1307 was patched at 2024-05-15

6676. Unknown Vulnerability Type - Apache HTTP Server (CVE-2003-1580) - Low [197]

Description: {'vulners_cve_data_all': 'The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-1580 was patched at 2024-05-15

6677. Unknown Vulnerability Type - Apache HTTP Server (CVE-2007-1742) - Low [197]

Description: {'vulners_cve_data_all': 'suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated using "html_backup" and "htmleditor" under an "html" directory. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1742 was patched at 2024-05-15

6678. Unknown Vulnerability Type - Apache HTTP Server (CVE-2007-1743) - Low [197]

Description: {'vulners_cve_data_all': 'suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the researcher, who is reliable, claims that the vendor disputes the issue because "the attacks described rely on an insecure server configuration" in which the user "has write access to the document root." In addition, because this is dependent on other vulnerabilities, perhaps this is resultant and should not be included in CVE.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1743 was patched at 2024-05-15

6679. Unknown Vulnerability Type - Apache HTTP Server (CVE-2011-1176) - Low [197]

Description: {'vulners_cve_data_all': 'The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Apache HTTP Server is a free and open-source web server that delivers web content through the internet
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1176 was patched at 2024-05-15

6680. Unknown Vulnerability Type - Sudo (CVE-2005-1993) - Low [197]

Description: {'vulners_cve_data_all': 'Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1993 was patched at 2024-05-15

6681. Unknown Vulnerability Type - Windows Kernel (CVE-2011-2300) - Low [197]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 through 4.0.8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2300 was patched at 2024-05-15

6682. Unknown Vulnerability Type - Windows Kernel (CVE-2012-0105) - Low [197]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0105 was patched at 2024-05-15

6683. Unknown Vulnerability Type - Windows Kernel (CVE-2014-2441) - Low [197]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2441 was patched at 2024-05-15

6684. Denial of Service - Unknown Product (CVE-2002-1914) - Low [196]

Description: {'vulners_cve_data_all': 'dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1914 was patched at 2024-05-15

6685. Denial of Service - Unknown Product (CVE-2004-0493) - Low [196]

Description: {'vulners_cve_data_all': 'The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0493 was patched at 2024-05-15

6686. Denial of Service - Unknown Product (CVE-2005-2351) - Low [196]

Description: {'vulners_cve_data_all': 'Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2351 was patched at 2024-05-15

6687. Denial of Service - Unknown Product (CVE-2006-1010) - Low [196]

Description: {'vulners_cve_data_all': 'Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmode is enabled, allows remote attackers to cause a denial of service (segmentation fault) and possibly execute code by sending the server a large request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1010 was patched at 2024-05-15

6688. Denial of Service - Unknown Product (CVE-2007-2437) - Low [196]

Description: {'vulners_cve_data_all': 'The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2) XRenderAddTraps functions, which trigger a divide-by-zero error.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2437 was patched at 2024-05-15

6689. Denial of Service - Unknown Product (CVE-2007-3946) - Low [196]

Description: {'vulners_cve_data_all': 'mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors involving (1) a memory leak, (2) use of md5-sess without a cnonce, (3) base64 encoded strings, and (4) trailing whitespace in the Auth-Digest header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3946 was patched at 2024-05-15

6690. Denial of Service - Unknown Product (CVE-2007-3947) - Low [196]

Description: {'vulners_cve_data_all': 'request.c in lighttpd 1.4.15 allows remote attackers to cause a denial of service (daemon crash) by sending an HTTP request with duplicate headers, as demonstrated by a request containing two Location header lines, which results in a segmentation fault.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3947 was patched at 2024-05-15

6691. Denial of Service - Unknown Product (CVE-2007-4096) - Low [196]

Description: {'vulners_cve_data_all': 'Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4096 was patched at 2024-05-15

6692. Denial of Service - Unknown Product (CVE-2008-2957) - Low [196]

Description: {'vulners_cve_data_all': 'The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2957 was patched at 2024-05-15

6693. Denial of Service - Unknown Product (CVE-2010-0206) - Low [196]

Description: {'vulners_cve_data_all': 'xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0206 was patched at 2024-05-15

6694. Denial of Service - Unknown Product (CVE-2010-0207) - Low [196]

Description: {'vulners_cve_data_all': 'In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0207 was patched at 2024-05-15

6695. Denial of Service - Unknown Product (CVE-2012-3498) - Low [196]

Description: {'vulners_cve_data_all': 'PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and earlier allows local HVM guest OS kernels to cause a denial of service (host crash) and possibly read hypervisor or guest memory via vectors related to a missing range check of map->index.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3498 was patched at 2024-05-15

6696. Denial of Service - Unknown Product (CVE-2012-3570) - Low [196]

Description: {'vulners_cve_data_all': 'Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3570 was patched at 2024-05-15

6697. Denial of Service - Unknown Product (CVE-2012-6579) - Low [196]

Description: {'vulners_cve_data_all': 'Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to configure encryption or signing for certain outbound e-mail, and possibly cause a denial of service (loss of e-mail readability), via an e-mail message to a queue's address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6579 was patched at 2024-05-15

6698. Denial of Service - Unknown Product (CVE-2013-2212) - Low [196]

Description: {'vulners_cve_data_all': 'The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling caches, allows local HVM guests with access to memory mapped I/O regions to cause a denial of service (CPU consumption and possibly hypervisor or guest kernel panic) via a crafted GFN range.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2212 was patched at 2024-05-15

6699. Denial of Service - Unknown Product (CVE-2013-6456) - Low [196]

Description: {'vulners_cve_data_all': 'The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; (2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to "paths under /proc/$PID/root" and the virInitctlSetRunLevel function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6456 was patched at 2024-05-15

6700. Denial of Service - Unknown Product (CVE-2014-3968) - Low [196]

Description: {'vulners_cve_data_all': 'The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows local guest HVM administrators to cause a denial of service (host crash) via a large number of crafted requests, which trigger an error messages to be logged.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3968 was patched at 2024-05-15

6701. Denial of Service - Unknown Product (CVE-2014-9351) - Low [196]

Description: {'vulners_cve_data_all': 'engine/server/server.cpp in Teeworlds 0.6.x before 0.6.3 allows remote attackers to read memory and cause a denial of service (crash) via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9351 was patched at 2024-05-15

6702. Denial of Service - Unknown Product (CVE-2015-4645) - Low [196]

Description: {'vulners_cve_data_all': 'Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-4645 was patched at 2024-05-15

6703. Denial of Service - Unknown Product (CVE-2015-7313) - Low [196]

Description: {'vulners_cve_data_all': 'LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7313 was patched at 2024-05-15

6704. Denial of Service - Unknown Product (CVE-2015-8316) - Low [196]

Description: {'vulners_cve_data_all': 'Array index error in LightDM (aka Light Display Manager) 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service (process crash) via an XDMCP request packet with no address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8316 was patched at 2024-05-15

6705. Denial of Service - Unknown Product (CVE-2016-10025) - Low [196]

Description: {'vulners_cve_data_all': 'VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10025 was patched at 2024-05-15

6706. Denial of Service - Unknown Product (CVE-2016-10040) - Low [196]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows remote attackers to cause a denial of service (application crash) via a xml file with multiple nested open tags.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10040 was patched at 2024-05-15

6707. Denial of Service - Unknown Product (CVE-2016-10170) - Low [196]

Description: {'vulners_cve_data_all': 'The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10170 was patched at 2024-05-15

6708. Denial of Service - Unknown Product (CVE-2016-10171) - Low [196]

Description: {'vulners_cve_data_all': 'The unreorder_channels function in cli/wvunpack.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10171 was patched at 2024-05-15

6709. Denial of Service - Unknown Product (CVE-2016-10172) - Low [196]

Description: {'vulners_cve_data_all': 'The read_new_config_info function in open_utils.c in Wavpack before 5.1.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WV file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10172 was patched at 2024-05-15

6710. Denial of Service - Unknown Product (CVE-2016-1517) - Low [196]

Description: {'vulners_cve_data_all': 'OpenCV 3.0.0 allows remote attackers to cause a denial of service (segfault) via vectors involving corrupt chunks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1517 was patched at 2024-05-15

6711. Denial of Service - Unknown Product (CVE-2016-2541) - Low [196]

Description: {'vulners_cve_data_all': 'Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2541 was patched at 2024-05-15

6712. Denial of Service - Unknown Product (CVE-2016-3076) - Low [196]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the j2k_encode_entry function in Pillow 2.5.0 through 3.1.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted Jpeg2000 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3076 was patched at 2024-05-15

6713. Denial of Service - Unknown Product (CVE-2016-3182) - Low [196]

Description: {'vulners_cve_data_all': 'The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3182 was patched at 2024-05-15

6714. Denial of Service - Unknown Product (CVE-2016-3183) - Low [196]

Description: {'vulners_cve_data_all': 'The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg2000 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3183 was patched at 2024-05-15

6715. Denial of Service - Unknown Product (CVE-2016-3941) - Low [196]

Description: {'vulners_cve_data_all': 'Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3941 was patched at 2024-05-15

6716. Denial of Service - Unknown Product (CVE-2016-4796) - Low [196]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4796 was patched at 2024-05-15

6717. Denial of Service - Unknown Product (CVE-2016-4797) - Low [196]

Description: {'vulners_cve_data_all': 'Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4797 was patched at 2024-05-15

6718. Denial of Service - Unknown Product (CVE-2016-5027) - Low [196]

Description: {'vulners_cve_data_all': 'dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a crafted elf file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5027 was patched at 2024-05-15

6719. Denial of Service - Unknown Product (CVE-2016-5031) - Low [196]

Description: {'vulners_cve_data_all': 'The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5031 was patched at 2024-05-15

6720. Denial of Service - Unknown Product (CVE-2016-6163) - Low [196]

Description: {'vulners_cve_data_all': 'The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6163 was patched at 2024-05-15

6721. Denial of Service - Unknown Product (CVE-2016-6259) - Low [196]

Description: {'vulners_cve_data_all': 'Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6259 was patched at 2024-05-15

6722. Denial of Service - Unknown Product (CVE-2016-7393) - Low [196]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the aac_sync function in aac_parser.c in Libav before 11.5 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7393 was patched at 2024-05-15

6723. Denial of Service - Unknown Product (CVE-2016-7410) - Low [196]

Description: {'vulners_cve_data_all': 'The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7410 was patched at 2024-05-15

6724. Denial of Service - Unknown Product (CVE-2016-8652) - Low [196]

Description: {'vulners_cve_data_all': 'The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-8652 was patched at 2024-05-15

6725. Denial of Service - Unknown Product (CVE-2016-8681) - Low [196]

Description: {'vulners_cve_data_all': 'The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-8681 was patched at 2024-05-15

6726. Denial of Service - Unknown Product (CVE-2016-9377) - Low [196]

Description: {'vulners_cve_data_all': 'Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging IDT entry miscalculation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9377 was patched at 2024-05-15

6727. Denial of Service - Unknown Product (CVE-2016-9378) - Low [196]

Description: {'vulners_cve_data_all': 'Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9378 was patched at 2024-05-15

6728. Denial of Service - Unknown Product (CVE-2016-9574) - Low [196]

Description: {'vulners_cve_data_all': 'nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9574 was patched at 2024-05-15

6729. Denial of Service - Unknown Product (CVE-2016-9923) - Low [196]

Description: {'vulners_cve_data_all': 'Quick Emulator (Qemu) built with the 'chardev' backend support is vulnerable to a use after free issue. It could occur while hotplug and unplugging the device in the guest. A guest user/process could use this flaw to crash a Qemu process on the host resulting in DoS.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9923 was patched at 2024-05-15

6730. Denial of Service - Unknown Product (CVE-2017-11114) - Low [196]

Description: {'vulners_cve_data_all': 'The put_chars function in html_r.c in Twibright Links 2.14 allows remote attackers to cause a denial of service (buffer over-read) via a crafted HTML file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11114 was patched at 2024-05-15

6731. Denial of Service - Unknown Product (CVE-2017-11546) - Low [196]

Description: {'vulners_cve_data_all': 'The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11546 was patched at 2024-05-15

6732. Denial of Service - Unknown Product (CVE-2017-11547) - Low [196]

Description: {'vulners_cve_data_all': 'The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. NOTE: the TiMidity++ README.alsaseq documentation suggests a setuid-root installation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11547 was patched at 2024-05-15

6733. Denial of Service - Unknown Product (CVE-2017-11549) - Low [196]

Description: {'vulners_cve_data_all': 'The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mid file. NOTE: CPU consumption might be relevant when using the --background option.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11549 was patched at 2024-05-15

6734. Denial of Service - Unknown Product (CVE-2017-11550) - Low [196]

Description: {'vulners_cve_data_all': 'The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11550 was patched at 2024-05-15

6735. Denial of Service - Unknown Product (CVE-2017-11551) - Low [196]

Description: {'vulners_cve_data_all': 'The id3_field_parse function in field.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11551 was patched at 2024-05-15

6736. Denial of Service - Unknown Product (CVE-2017-11654) - Low [196]

Description: {'vulners_cve_data_all': 'An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11654 was patched at 2024-05-15

6737. Denial of Service - Unknown Product (CVE-2017-12142) - Low [196]

Description: {'vulners_cve_data_all': 'In ytnef 1.9.2, an invalid memory read vulnerability was found in the function SwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12142 was patched at 2024-05-15

6738. Denial of Service - Unknown Product (CVE-2017-12144) - Low [196]

Description: {'vulners_cve_data_all': 'In ytnef 1.9.2, an allocation failure was found in the function TNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12144 was patched at 2024-05-15

6739. Denial of Service - Unknown Product (CVE-2017-14406) - Low [196]

Description: {'vulners_cve_data_all': 'A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to remote denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14406 was patched at 2024-05-15

6740. Denial of Service - Unknown Product (CVE-2017-14407) - Low [196]

Description: {'vulners_cve_data_all': 'A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14407 was patched at 2024-05-15

6741. Denial of Service - Unknown Product (CVE-2017-14408) - Low [196]

Description: {'vulners_cve_data_all': 'A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14408 was patched at 2024-05-15

6742. Denial of Service - Unknown Product (CVE-2017-14410) - Low [196]

Description: {'vulners_cve_data_all': 'A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14410 was patched at 2024-05-15

6743. Denial of Service - Unknown Product (CVE-2017-14988) - Low [196]

Description: {'vulners_cve_data_all': 'Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote attackers to cause a denial of service (excessive memory allocation) via a crafted file that is accessed with the ImfOpenInputFile function in IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14988 was patched at 2024-05-15

6744. Denial of Service - Unknown Product (CVE-2017-16129) - Low [196]

Description: {'vulners_cve_data_all': 'The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. If a client does not take special care when processing such responses, it may result in excessive CPU and/or memory consumption. An attacker might exploit such a weakness for a DoS attack. To exploit this the attacker must control the location (URL) that superagent makes a request to.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16129 was patched at 2024-05-15

6745. Denial of Service - Unknown Product (CVE-2017-17054) - Low [196]

Description: {'vulners_cve_data_all': 'In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17054 was patched at 2024-05-15

6746. Denial of Service - Unknown Product (CVE-2017-17554) - Low [196]

Description: {'vulners_cve_data_all': 'A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17554 was patched at 2024-05-15

6747. Denial of Service - Unknown Product (CVE-2017-17664) - Low [196]

Description: {'vulners_cve_data_all': 'A Remote Crash issue was discovered in Asterisk Open Source 13.x before 13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4 and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets cause a crash in the RTCP Stack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17664 was patched at 2024-05-15

6748. Denial of Service - Unknown Product (CVE-2017-18235) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in Exempi before 2.4.3. The VPXChunk class in XMPFiles/source/FormatSupport/WEBP_Support.cpp does not ensure nonzero widths and heights, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted .webp file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-18235 was patched at 2024-05-15

6749. Denial of Service - Unknown Product (CVE-2017-18237) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in Exempi before 2.4.3. The PostScript_Support::ConvertToDate function in XMPFiles/source/FormatSupport/PostScript_Support.cpp allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via a crafted .ps file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-18237 was patched at 2024-05-15

6750. Denial of Service - Unknown Product (CVE-2017-5644) - Low [196]

Description: {'vulners_cve_data_all': 'Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5644 was patched at 2024-05-15

6751. Denial of Service - Unknown Product (CVE-2017-5665) - Low [196]

Description: {'vulners_cve_data_all': 'The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5665 was patched at 2024-05-15

6752. Denial of Service - Unknown Product (CVE-2017-5666) - Low [196]

Description: {'vulners_cve_data_all': 'The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (invalid free and crash) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5666 was patched at 2024-05-15

6753. Denial of Service - Unknown Product (CVE-2017-5851) - Low [196]

Description: {'vulners_cve_data_all': 'The free_options function in options_manager.c in mp3splt 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. NOTE: this typically has no risk; this crash of this command-line program has no further consequences for availability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5851 was patched at 2024-05-15

6754. Denial of Service - Unknown Product (CVE-2017-5855) - Low [196]

Description: {'vulners_cve_data_all': 'The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5855 was patched at 2024-05-15

6755. Denial of Service - Unknown Product (CVE-2017-5950) - Low [196]

Description: {'vulners_cve_data_all': 'The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5950 was patched at 2024-05-15

6756. Denial of Service - Unknown Product (CVE-2017-5994) - Low [196]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the vrend_create_vertex_elements_state function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (out-of-bounds array access and crash) via the num_elements parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5994 was patched at 2024-05-15

6757. Denial of Service - Unknown Product (CVE-2017-6355) - Low [196]

Description: {'vulners_cve_data_all': 'Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6355 was patched at 2024-05-15

6758. Denial of Service - Unknown Product (CVE-2017-6841) - Low [196]

Description: {'vulners_cve_data_all': 'The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6841 was patched at 2024-05-15

6759. Denial of Service - Unknown Product (CVE-2017-6845) - Low [196]

Description: {'vulners_cve_data_all': 'The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6845 was patched at 2024-05-15

6760. Denial of Service - Unknown Product (CVE-2017-6846) - Low [196]

Description: {'vulners_cve_data_all': 'The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace function in graphicsstack.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6846 was patched at 2024-05-15

6761. Denial of Service - Unknown Product (CVE-2017-6849) - Low [196]

Description: {'vulners_cve_data_all': 'The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6849 was patched at 2024-05-15

6762. Denial of Service - Unknown Product (CVE-2017-7244) - Low [196]

Description: {'vulners_cve_data_all': 'The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7244 was patched at 2024-05-15

6763. Denial of Service - Unknown Product (CVE-2017-7475) - Low [196]

Description: {'vulners_cve_data_all': 'Cairo version 1.15.4 is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7475 was patched at 2024-05-15

6764. Denial of Service - Unknown Product (CVE-2017-8053) - Low [196]

Description: {'vulners_cve_data_all': 'PoDoFo 0.9.5 allows denial of service (infinite recursion and stack consumption) via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure (PdfParser.cpp).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8053 was patched at 2024-05-15

6765. Denial of Service - Unknown Product (CVE-2017-8054) - Low [196]

Description: {'vulners_cve_data_all': 'The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted PDF document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8054 was patched at 2024-05-15

6766. Denial of Service - Unknown Product (CVE-2017-8842) - Low [196]

Description: {'vulners_cve_data_all': 'The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8842 was patched at 2024-05-15

6767. Denial of Service - Unknown Product (CVE-2017-8843) - Low [196]

Description: {'vulners_cve_data_all': 'The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8843 was patched at 2024-05-15

6768. Denial of Service - Unknown Product (CVE-2017-8845) - Low [196]

Description: {'vulners_cve_data_all': 'The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8845 was patched at 2024-05-15

6769. Denial of Service - Unknown Product (CVE-2017-8847) - Low [196]

Description: {'vulners_cve_data_all': 'The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8847 was patched at 2024-05-15

6770. Denial of Service - Unknown Product (CVE-2017-8934) - Low [196]

Description: {'vulners_cve_data_all': 'PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8934 was patched at 2024-05-15

6771. Denial of Service - Unknown Product (CVE-2017-9470) - Low [196]

Description: {'vulners_cve_data_all': 'In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9470 was patched at 2024-05-15

6772. Denial of Service - Unknown Product (CVE-2017-9472) - Low [196]

Description: {'vulners_cve_data_all': 'In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9472 was patched at 2024-05-15

6773. Denial of Service - Unknown Product (CVE-2017-9474) - Low [196]

Description: {'vulners_cve_data_all': 'In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9474 was patched at 2024-05-15

6774. Denial of Service - Unknown Product (CVE-2017-9847) - Low [196]

Description: {'vulners_cve_data_all': 'The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9847 was patched at 2024-05-15

6775. Denial of Service - Unknown Product (CVE-2017-9870) - Low [196]

Description: {'vulners_cve_data_all': 'The III_i_stereo function in layer3.c in mpglib, as used in libmpgdecoder.a in LAME 3.99.5 and other products, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted audio file that is mishandled in the code for the "block_type == 2" case, a similar issue to CVE-2017-11126.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9870 was patched at 2024-05-15

6776. Denial of Service - Unknown Product (CVE-2018-11254) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11254 was patched at 2024-05-15

6777. Denial of Service - Unknown Product (CVE-2018-11255) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in PoDoFo 0.9.5. The function PdfPage::GetPageNumber() in PdfPage.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11255 was patched at 2024-05-15

6778. Denial of Service - Unknown Product (CVE-2018-1172) - Low [196]

Description: {'vulners_cve_data_all': 'This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1172 was patched at 2024-05-15

debian: CVE-2018-11723 was patched at 2024-05-15

debian: CVE-2018-11727 was patched at 2024-05-15

debian: CVE-2018-11728 was patched at 2024-05-15

debian: CVE-2018-11729 was patched at 2024-05-15

6779. Denial of Service - Unknown Product (CVE-2018-12066) - Low [196]

Description: {'vulners_cve_data_all': 'BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12066 was patched at 2024-05-15

6780. Denial of Service - Unknown Product (CVE-2018-12982) - Low [196]

Description: {'vulners_cve_data_all': 'Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12982 was patched at 2024-05-15

6781. Denial of Service - Unknown Product (CVE-2018-16368) - Low [196]

Description: {'vulners_cve_data_all': 'SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16368 was patched at 2024-05-15

6782. Denial of Service - Unknown Product (CVE-2018-16487) - Low [196]

Description: {'vulners_cve_data_all': 'A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16487 was patched at 2024-05-15

6783. Denial of Service - Unknown Product (CVE-2018-16999) - Low [196]

Description: {'vulners_cve_data_all': 'Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16999 was patched at 2024-05-15

6784. Denial of Service - Unknown Product (CVE-2018-17154) - Low [196]

Description: {'vulners_cve_data_all': 'In FreeBSD before 11.2-STABLE(r338987), 11.2-RELEASE-p4, and 11.1-RELEASE-p15, due to insufficient memory checking in the freebsd4_getfsstat system call, a NULL pointer dereference can occur. Unprivileged authenticated local users may be able to cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17154 was patched at 2024-05-15

6785. Denial of Service - Unknown Product (CVE-2018-18454) - Low [196]

Description: {'vulners_cve_data_all': 'CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18454 was patched at 2024-05-15

6786. Denial of Service - Unknown Product (CVE-2018-18455) - Low [196]

Description: {'vulners_cve_data_all': 'The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18455 was patched at 2024-05-15

6787. Denial of Service - Unknown Product (CVE-2018-18456) - Low [196]

Description: {'vulners_cve_data_all': 'The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18456 was patched at 2024-05-15

6788. Denial of Service - Unknown Product (CVE-2018-18457) - Low [196]

Description: {'vulners_cve_data_all': 'The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18457 was patched at 2024-05-15

6789. Denial of Service - Unknown Product (CVE-2018-18458) - Low [196]

Description: {'vulners_cve_data_all': 'The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18458 was patched at 2024-05-15

6790. Denial of Service - Unknown Product (CVE-2018-18459) - Low [196]

Description: {'vulners_cve_data_all': 'The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18459 was patched at 2024-05-15

6791. Denial of Service - Unknown Product (CVE-2018-19209) - Low [196]

Description: {'vulners_cve_data_all': 'Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19209 was patched at 2024-05-15

6792. Denial of Service - Unknown Product (CVE-2018-19213) - Low [196]

Description: {'vulners_cve_data_all': 'Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19213 was patched at 2024-05-15

6793. Denial of Service - Unknown Product (CVE-2018-19567) - Low [196]

Description: {'vulners_cve_data_all': 'A floating point exception in parse_tiff_ifd in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19567 was patched at 2024-05-15

6794. Denial of Service - Unknown Product (CVE-2018-19568) - Low [196]

Description: {'vulners_cve_data_all': 'A floating point exception in kodak_radc_load_raw in dcraw through 9.28 could be used by attackers able to supply malicious files to crash an application that bundles the dcraw code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19568 was patched at 2024-05-15

6795. Denial of Service - Unknown Product (CVE-2018-19755) - Low [196]

Description: {'vulners_cve_data_all': 'There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19755 was patched at 2024-05-15

6796. Denial of Service - Unknown Product (CVE-2018-19756) - Low [196]

Description: {'vulners_cve_data_all': 'There is a heap-based buffer over-read at stb_image.h (function: stbi__tga_load) in libsixel 1.8.2 that will cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19756 was patched at 2024-05-15

6797. Denial of Service - Unknown Product (CVE-2018-19759) - Low [196]

Description: {'vulners_cve_data_all': 'There is a heap-based buffer over-read at stb_image_write.h (function: stbi_write_png_to_mem) in libsixel 1.8.2 that will cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19759 was patched at 2024-05-15

6798. Denial of Service - Unknown Product (CVE-2018-19761) - Low [196]

Description: {'vulners_cve_data_all': 'There is an illegal address access at fromsixel.c (function: sixel_decode_raw_impl) in libsixel 1.8.2 that will cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19761 was patched at 2024-05-15

6799. Denial of Service - Unknown Product (CVE-2018-19763) - Low [196]

Description: {'vulners_cve_data_all': 'There is a heap-based buffer over-read at writer.c (function: write_png_to_file) in libsixel 1.8.2 that will cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19763 was patched at 2024-05-15

6800. Denial of Service - Unknown Product (CVE-2018-19881) - Low [196]

Description: {'vulners_cve_data_all': 'In Artifex MuPDF 1.14.0, svg/svg-run.c allows remote attackers to cause a denial of service (recursive calls followed by a fitz/xml.c fz_xml_att crash from excessive stack consumption) via a crafted svg file, as demonstrated by mupdf-gl.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19881 was patched at 2024-05-15

6801. Denial of Service - Unknown Product (CVE-2018-19882) - Low [196]

Description: {'vulners_cve_data_all': 'In Artifex MuPDF 1.14.0, the svg_run_image function in svg/svg-run.c allows remote attackers to cause a denial of service (href_att NULL pointer dereference and application crash) via a crafted svg file, as demonstrated by mupdf-gl.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19882 was patched at 2024-05-15

6802. Denial of Service - Unknown Product (CVE-2018-19886) - Low [196]

Description: {'vulners_cve_data_all': 'An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 8 case.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19886 was patched at 2024-05-15

6803. Denial of Service - Unknown Product (CVE-2018-19887) - Low [196]

Description: {'vulners_cve_data_all': 'An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 4 case.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19887 was patched at 2024-05-15

6804. Denial of Service - Unknown Product (CVE-2018-19888) - Low [196]

Description: {'vulners_cve_data_all': 'An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the HCB_ESC case.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19888 was patched at 2024-05-15

6805. Denial of Service - Unknown Product (CVE-2018-19889) - Low [196]

Description: {'vulners_cve_data_all': 'An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 6 case.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19889 was patched at 2024-05-15

6806. Denial of Service - Unknown Product (CVE-2018-19890) - Low [196]

Description: {'vulners_cve_data_all': 'An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 2 case.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19890 was patched at 2024-05-15

6807. Denial of Service - Unknown Product (CVE-2018-19891) - Low [196]

Description: {'vulners_cve_data_all': 'An invalid memory address dereference was discovered in the huffcode function (libfaac/huff2.c) in Freeware Advanced Audio Coder (FAAC) 1.29.9.2. The vulnerability causes a segmentation fault and application crash, which leads to denial of service in the book 10 case.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19891 was patched at 2024-05-15

6808. Denial of Service - Unknown Product (CVE-2018-20348) - Low [196]

Description: {'vulners_cve_data_all': 'libpff_item_tree_create_node in libpff_item_tree.c in libpff before experimental-20180714 allows attackers to cause a denial of service (infinite recursion) via a crafted file, related to libfdata_tree_get_node_value in libfdata_tree.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20348 was patched at 2024-05-15

6809. Denial of Service - Unknown Product (CVE-2018-20535) - Low [196]

Description: {'vulners_cve_data_all': 'There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20535 was patched at 2024-05-15

6810. Denial of Service - Unknown Product (CVE-2018-20538) - Low [196]

Description: {'vulners_cve_data_all': 'There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20538 was patched at 2024-05-15

6811. Denial of Service - Unknown Product (CVE-2018-20592) - Low [196]

Description: {'vulners_cve_data_all': 'In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20592 was patched at 2024-05-15

6812. Denial of Service - Unknown Product (CVE-2018-5295) - Low [196]

Description: {'vulners_cve_data_all': 'In PoDoFo 0.9.5, there is an integer overflow in the PdfXRefStreamParserObject::ParseStream function (base/PdfXRefStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-5295 was patched at 2024-05-15

6813. Denial of Service - Unknown Product (CVE-2018-5296) - Low [196]

Description: {'vulners_cve_data_all': 'In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function (base/PdfParser.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-5296 was patched at 2024-05-15

6814. Denial of Service - Unknown Product (CVE-2018-5309) - Low [196]

Description: {'vulners_cve_data_all': 'In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function (base/PdfObjectStreamParserObject.cpp). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted pdf file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-5309 was patched at 2024-05-15

6815. Denial of Service - Unknown Product (CVE-2018-5783) - Low [196]

Description: {'vulners_cve_data_all': 'In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PoDoFo::PdfVecObjects::Reserve function (base/PdfVecObjects.h). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-5783 was patched at 2024-05-15

6816. Denial of Service - Unknown Product (CVE-2018-6352) - Low [196]

Description: {'vulners_cve_data_all': 'In PoDoFo 0.9.5, there is an Excessive Iteration in the PdfParser::ReadObjectsInternal function of base/PdfParser.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6352 was patched at 2024-05-15

6817. Denial of Service - Unknown Product (CVE-2018-6925) - Low [196]

Description: {'vulners_cve_data_all': 'In FreeBSD before 11.2-STABLE(r338986), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338985), and 10.4-RELEASE-p13, due to improper maintenance of IPv6 protocol control block flags through various failure paths, an unprivileged authenticated local user may be able to cause a NULL pointer dereference causing the kernel to crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6925 was patched at 2024-05-15

6818. Denial of Service - Unknown Product (CVE-2018-7173) - Low [196]

Description: {'vulners_cve_data_all': 'A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7173 was patched at 2024-05-15

6819. Denial of Service - Unknown Product (CVE-2018-7174) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7174 was patched at 2024-05-15

6820. Denial of Service - Unknown Product (CVE-2018-7175) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7175 was patched at 2024-05-15

6821. Denial of Service - Unknown Product (CVE-2018-7452) - Low [196]

Description: {'vulners_cve_data_all': 'A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7452 was patched at 2024-05-15

6822. Denial of Service - Unknown Product (CVE-2018-7453) - Low [196]

Description: {'vulners_cve_data_all': 'Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7453 was patched at 2024-05-15

6823. Denial of Service - Unknown Product (CVE-2018-7454) - Low [196]

Description: {'vulners_cve_data_all': 'A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7454 was patched at 2024-05-15

6824. Denial of Service - Unknown Product (CVE-2018-7455) - Low [196]

Description: {'vulners_cve_data_all': 'An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7455 was patched at 2024-05-15

6825. Denial of Service - Unknown Product (CVE-2018-8101) - Low [196]

Description: {'vulners_cve_data_all': 'The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-8101 was patched at 2024-05-15

6826. Denial of Service - Unknown Product (CVE-2018-8102) - Low [196]

Description: {'vulners_cve_data_all': 'The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-8102 was patched at 2024-05-15

6827. Denial of Service - Unknown Product (CVE-2018-8103) - Low [196]

Description: {'vulners_cve_data_all': 'The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-8103 was patched at 2024-05-15

6828. Denial of Service - Unknown Product (CVE-2018-8104) - Low [196]

Description: {'vulners_cve_data_all': 'The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-8104 was patched at 2024-05-15

6829. Denial of Service - Unknown Product (CVE-2018-8105) - Low [196]

Description: {'vulners_cve_data_all': 'The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-8105 was patched at 2024-05-15

6830. Denial of Service - Unknown Product (CVE-2018-8106) - Low [196]

Description: {'vulners_cve_data_all': 'The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-8106 was patched at 2024-05-15

6831. Denial of Service - Unknown Product (CVE-2018-8107) - Low [196]

Description: {'vulners_cve_data_all': 'The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-8107 was patched at 2024-05-15

6832. Denial of Service - Unknown Product (CVE-2019-0146) - Low [196]

Description: {'vulners_cve_data_all': 'Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-0146 was patched at 2024-05-15

6833. Denial of Service - Unknown Product (CVE-2019-1010004) - Low [196]

Description: {'vulners_cve_data_all': 'SoX - Sound eXchange 14.4.2 and earlier is affected by: Out-of-bounds Read. The impact is: Denial of Service. The component is: read_samples function at xa.c:219. The attack vector is: Victim must open specially crafted .xa file. NOTE: this may overlap CVE-2017-18189.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010004 was patched at 2024-05-15

6834. Denial of Service - Unknown Product (CVE-2019-1010189) - Low [196]

Description: {'vulners_cve_data_all': 'mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010189 was patched at 2024-05-15

6835. Denial of Service - Unknown Product (CVE-2019-1010190) - Low [196]

Description: {'vulners_cve_data_all': 'mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact is: DoS, the program may crash if the memory is not mapped. The component is: putwhitespan() in g3/pbm2g3.c. The attack vector is: Local, the victim must open a specially crafted file. The fixed version is: 1.2.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010190 was patched at 2024-05-15

6836. Denial of Service - Unknown Product (CVE-2019-10654) - Low [196]

Description: {'vulners_cve_data_all': 'The lzo1x_decompress function in liblzo2.so.2 in LZO 2.10, as used in Long Range Zip (aka lrzip) 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive, a different vulnerability than CVE-2017-8845.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10654 was patched at 2024-05-15

6837. Denial of Service - Unknown Product (CVE-2019-14295) - Low [196]

Description: {'vulners_cve_data_all': 'An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14295 was patched at 2024-05-15

6838. Denial of Service - Unknown Product (CVE-2019-1786) - Low [196]

Description: {'vulners_cve_data_all': 'A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1786 was patched at 2024-05-15

6839. Denial of Service - Unknown Product (CVE-2019-1798) - Low [196]

Description: {'vulners_cve_data_all': 'A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1798 was patched at 2024-05-15

6840. Denial of Service - Unknown Product (CVE-2019-18359) - Low [196]

Description: {'vulners_cve_data_all': 'A buffer over-read was discovered in ReadMP3APETag in apetag.c in MP3Gain 1.6.2. The vulnerability causes an application crash, which leads to remote denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-18359 was patched at 2024-05-15

6841. Denial of Service - Unknown Product (CVE-2019-20051) - Low [196]

Description: {'vulners_cve_data_all': 'A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20051 was patched at 2024-05-15

6842. Denial of Service - Unknown Product (CVE-2019-20093) - Low [196]

Description: {'vulners_cve_data_all': 'The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20093 was patched at 2024-05-15

6843. Denial of Service - Unknown Product (CVE-2019-3837) - Low [196]

Description: {'vulners_cve_data_all': 'It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-3837 was patched at 2024-05-15

6844. Denial of Service - Unknown Product (CVE-2019-5020) - Low [196]

Description: {'vulners_cve_data_all': 'An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5020 was patched at 2024-05-15

6845. Denial of Service - Unknown Product (CVE-2020-10809) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10809 was patched at 2024-05-15

6846. Denial of Service - Unknown Product (CVE-2020-10810) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an attacker to cause Denial of Service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10810 was patched at 2024-05-15

6847. Denial of Service - Unknown Product (CVE-2020-10811) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function H5O__layout_decode() located in H5Olayout.c. It allows an attacker to cause Denial of Service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10811 was patched at 2024-05-15

6848. Denial of Service - Unknown Product (CVE-2020-10870) - Low [196]

Description: {'vulners_cve_data_all': 'Zim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10870 was patched at 2024-05-15

6849. Denial of Service - Unknown Product (CVE-2020-11863) - Low [196]

Description: {'vulners_cve_data_all': 'libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11863 was patched at 2024-05-15

6850. Denial of Service - Unknown Product (CVE-2020-11864) - Low [196]

Description: {'vulners_cve_data_all': 'libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11864 was patched at 2024-05-15

6851. Denial of Service - Unknown Product (CVE-2020-13999) - Low [196]

Description: {'vulners_cve_data_all': 'ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13999 was patched at 2024-05-15

6852. Denial of Service - Unknown Product (CVE-2020-14150) - Low [196]

Description: {'vulners_cve_data_all': 'GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-14150 was patched at 2024-05-15

6853. Denial of Service - Unknown Product (CVE-2020-14312) - Low [196]

Description: {'vulners_cve_data_all': 'A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-14312 was patched at 2024-05-15

6854. Denial of Service - Unknown Product (CVE-2020-14340) - Low [196]

Description: {'vulners_cve_data_all': 'A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-14340 was patched at 2024-05-15

6855. Denial of Service - Unknown Product (CVE-2020-18770) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2020-18770 was patched at 2024-04-30, 2024-05-22

debian: CVE-2020-18770 was patched at 2024-05-15

oraclelinux: CVE-2020-18770 was patched at 2024-05-02, 2024-05-23

redhat: CVE-2020-18770 was patched at 2024-04-30, 2024-05-22

6856. Denial of Service - Unknown Product (CVE-2020-18780) - Low [196]

Description: {'vulners_cve_data_all': 'A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18780 was patched at 2024-05-15

6857. Denial of Service - Unknown Product (CVE-2020-18781) - Low [196]

Description: {'vulners_cve_data_all': 'Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18781 was patched at 2024-05-15

6858. Denial of Service - Unknown Product (CVE-2020-21528) - Low [196]

Description: {'vulners_cve_data_all': 'A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21528 was patched at 2024-05-15

6859. Denial of Service - Unknown Product (CVE-2020-21685) - Low [196]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21685 was patched at 2024-05-15

6860. Denial of Service - Unknown Product (CVE-2020-21686) - Low [196]

Description: {'vulners_cve_data_all': 'A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21686 was patched at 2024-05-15

6861. Denial of Service - Unknown Product (CVE-2020-21687) - Low [196]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21687 was patched at 2024-05-15

6862. Denial of Service - Unknown Product (CVE-2020-21723) - Low [196]

Description: {'vulners_cve_data_all': 'A Segmentation Fault issue discovered StreamSerializer::extractStreams function in streamSerializer.cpp in oggvideotools 0.9.1 allows remote attackers to cause a denial of service (crash) via opening of crafted ogg file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21723 was patched at 2024-05-15

6863. Denial of Service - Unknown Product (CVE-2020-23884) - Low [196]

Description: {'vulners_cve_data_all': 'A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial of service (DoS) via a crafted MNG file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23884 was patched at 2024-05-15

6864. Denial of Service - Unknown Product (CVE-2020-23911) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in asn1c through v0.9.28. A NULL pointer dereference exists in the function _default_error_logger() located in asn1fix.c. It allows an attacker to cause Denial of Service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23911 was patched at 2024-05-15

6865. Denial of Service - Unknown Product (CVE-2020-23914) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer dereference exists in the peg::AstOptimizer::optimize() located in peglib.h. It allows an attacker to cause Denial of Service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23914 was patched at 2024-05-15

6866. Denial of Service - Unknown Product (CVE-2020-24187) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24187 was patched at 2024-05-15

6867. Denial of Service - Unknown Product (CVE-2020-26164) - Low [196]

Description: {'vulners_cve_data_all': 'In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-26164 was patched at 2024-05-15

6868. Denial of Service - Unknown Product (CVE-2020-27787) - Low [196]

Description: {'vulners_cve_data_all': 'A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27787 was patched at 2024-05-15

6869. Denial of Service - Unknown Product (CVE-2020-27788) - Low [196]

Description: {'vulners_cve_data_all': 'An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27788 was patched at 2024-05-15

6870. Denial of Service - Unknown Product (CVE-2020-27790) - Low [196]

Description: {'vulners_cve_data_all': 'A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. An attacker with a crafted input file could trigger this issue that could cause a crash leading to a denial of service. The highest impact is to Availability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27790 was patched at 2024-05-15

6871. Denial of Service - Unknown Product (CVE-2020-29567) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met when first checked, the checking CPU may send an interrupt to itself, in the expectation that this IRQ will be delivered only after the condition preventing the cleanup has cleared. For two specific IRQ vectors, this expectation was violated, resulting in a continuous stream of self-interrupts, which renders the CPU effectively unusable. A domain with a passed through PCI device can cause lockup of a physical CPU, resulting in a Denial of Service (DoS) to the entire host. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with physical PCI devices passed through to them can exploit the vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-29567 was patched at 2024-05-15

6872. Denial of Service - Unknown Product (CVE-2021-26945) - Low [196]

Description: {'vulners_cve_data_all': 'An integer overflow leading to a heap-buffer overflow was found in OpenEXR in versions before 3.0.1. An attacker could use this flaw to crash an application compiled with OpenEXR.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26945 was patched at 2024-05-15

6873. Denial of Service - Unknown Product (CVE-2021-27815) - Low [196]

Description: {'vulners_cve_data_all': 'NULL Pointer Deference in the exif command line tool, when printing out XML formatted EXIF data, in exif v0.6.22 and earlier allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-27815 was patched at 2024-05-15

6874. Denial of Service - Unknown Product (CVE-2021-28025) - Low [196]

Description: {'vulners_cve_data_all': 'Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28025 was patched at 2024-05-15

6875. Denial of Service - Unknown Product (CVE-2021-28687) - Low [196]

Description: {'vulners_cve_data_all': 'HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, but not all of them. When the "soft reset" feature was implemented, the libxl__domain_suspend_state structure didn't require any initialization or disposal. At some point later, an initialization function was introduced for the structure; but the "soft reset" path wasn't refactored to call the initialization function. When a guest nwo initiates a "soft reboot", uninitialized data structure leads to an assert() when later code finds the structure in an unexpected state. The effect of this is to crash the process monitoring the guest. How this affects the system depends on the structure of the toolstack. For xl, this will have no security-relevant effect: every VM has its own independent monitoring process, which contains no state. The domain in question will hang in a crashed state, but can be destroyed by `xl destroy` just like any other non-cooperating domain. For daemon-based toolstacks linked against libxl, such as libvirt, this will crash the toolstack, losing the state of any in-progress operations (localized DoS), and preventing further administrator operations unless the daemon is configured to restart automatically (system-wide DoS). If crashes "leak" resources, then repeated crashes could use up resources, also causing a system-wide DoS.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28687 was patched at 2024-05-15

6876. Denial of Service - Unknown Product (CVE-2021-30469) - Low [196]

Description: {'vulners_cve_data_all': 'A flaw was found in PoDoFo 0.9.7. An use-after-free in PoDoFo::PdfVecObjects::Clear() function can cause a denial of service via a crafted PDF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30469 was patched at 2024-05-15

6877. Denial of Service - Unknown Product (CVE-2021-30501) - Low [196]

Description: {'vulners_cve_data_all': 'An assertion abort was found in upx MemBuffer::alloc() in mem.cpp, in version UPX 4.0.0. The flow allows attackers to cause a denial of service (abort) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30501 was patched at 2024-05-15

6878. Denial of Service - Unknown Product (CVE-2021-36373) - Low [196]

Description: {'vulners_cve_data_all': 'When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-36373 was patched at 2024-05-15

6879. Denial of Service - Unknown Product (CVE-2021-36374) - Low [196]

Description: {'vulners_cve_data_all': 'When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-36374 was patched at 2024-05-15

6880. Denial of Service - Unknown Product (CVE-2021-40573) - Low [196]

Description: {'vulners_cve_data_all': 'The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40573 was patched at 2024-05-15

6881. Denial of Service - Unknown Product (CVE-2021-42373) - Low [196]

Description: {'vulners_cve_data_all': 'A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42373 was patched at 2024-05-15

6882. Denial of Service - Unknown Product (CVE-2021-42375) - Low [196]

Description: {'vulners_cve_data_all': 'An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42375 was patched at 2024-05-15

6883. Denial of Service - Unknown Product (CVE-2021-42376) - Low [196]

Description: {'vulners_cve_data_all': 'A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \\x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42376 was patched at 2024-05-15

6884. Denial of Service - Unknown Product (CVE-2021-42917) - Low [196]

Description: {'vulners_cve_data_all': 'Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42917 was patched at 2024-05-15

6885. Denial of Service - Unknown Product (CVE-2021-44647) - Low [196]

Description: {'vulners_cve_data_all': 'Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44647 was patched at 2024-05-15

6886. Denial of Service - Unknown Product (CVE-2021-44917) - Low [196]

Description: {'vulners_cve_data_all': 'A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44917 was patched at 2024-05-15

6887. Denial of Service - Unknown Product (CVE-2021-45261) - Low [196]

Description: {'vulners_cve_data_all': 'An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45261 was patched at 2024-05-15

6888. Denial of Service - Unknown Product (CVE-2021-45293) - Low [196]

Description: {'vulners_cve_data_all': 'A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45293 was patched at 2024-05-15

6889. Denial of Service - Unknown Product (CVE-2021-45829) - Low [196]

Description: {'vulners_cve_data_all': 'HDF5 1.13.1-1 is affected by: segmentation fault, which causes a Denial of Service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45829 was patched at 2024-05-15

6890. Denial of Service - Unknown Product (CVE-2021-45830) - Low [196]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflow vulnerability exists in HDF5 1.13.1-1 via H5F_addr_decode_len in /hdf5/src/H5Fint.c, which could cause a Denial of Service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45830 was patched at 2024-05-15

6891. Denial of Service - Unknown Product (CVE-2021-45832) - Low [196]

Description: {'vulners_cve_data_all': 'A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 at at hdf5/src/H5Eint.c, which causes a Denial of Service (context-dependent).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45832 was patched at 2024-05-15

6892. Denial of Service - Unknown Product (CVE-2021-45833) - Low [196]

Description: {'vulners_cve_data_all': 'A Stack-based Buffer Overflow Vulnerability exists in HDF5 1.13.1-1 via the H5D__create_chunk_file_map_hyper function in /hdf5/src/H5Dchunk.c, which causes a Denial of Service (context-dependent).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45833 was patched at 2024-05-15

6893. Denial of Service - Unknown Product (CVE-2021-45846) - Low [196]

Description: {'vulners_cve_data_all': 'A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker to cause an application crash using a crafted AMF document, where a metadata tag lacks a "type" attribute.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45846 was patched at 2024-05-15

6894. Denial of Service - Unknown Product (CVE-2021-45847) - Low [196]

Description: {'vulners_cve_data_all': 'Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45847 was patched at 2024-05-15

6895. Denial of Service - Unknown Product (CVE-2021-46019) - Low [196]

Description: {'vulners_cve_data_all': 'An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46019 was patched at 2024-05-15

6896. Denial of Service - Unknown Product (CVE-2021-46021) - Low [196]

Description: {'vulners_cve_data_all': 'An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46021 was patched at 2024-05-15

6897. Denial of Service - Unknown Product (CVE-2021-46022) - Low [196]

Description: {'vulners_cve_data_all': 'An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46022 was patched at 2024-05-15

6898. Denial of Service - Unknown Product (CVE-2021-46048) - Low [196]

Description: {'vulners_cve_data_all': 'A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46048 was patched at 2024-05-15

6899. Denial of Service - Unknown Product (CVE-2021-46052) - Low [196]

Description: {'vulners_cve_data_all': 'A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46052 was patched at 2024-05-15

6900. Denial of Service - Unknown Product (CVE-2021-46053) - Low [196]

Description: {'vulners_cve_data_all': 'A Denial of Service vulnerability exists in Binaryen 103. The program terminates with signal SIGKILL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46053 was patched at 2024-05-15

6901. Denial of Service - Unknown Product (CVE-2021-46054) - Low [196]

Description: {'vulners_cve_data_all': 'A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46054 was patched at 2024-05-15

6902. Denial of Service - Unknown Product (CVE-2021-46055) - Low [196]

Description: {'vulners_cve_data_all': 'A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46055 was patched at 2024-05-15

6903. Denial of Service - Unknown Product (CVE-2022-1515) - Low [196]

Description: {'vulners_cve_data_all': 'A memory leak was discovered in matio 1.5.21 and earlier in Mat_VarReadNextInfo5() in mat5.c via a crafted file. This issue can potentially result in DoS.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1515 was patched at 2024-05-15

ubuntu: CVE-2022-1515 was patched at 2024-06-13

6904. Denial of Service - Unknown Product (CVE-2022-24613) - Low [196]

Description: {'vulners_cve_data_all': 'metadata-extractor up to 2.16.0 can throw various uncaught exceptions while parsing a specially crafted JPEG file, which could result in an application crash. This could be used to mount a denial of service attack against services that use metadata-extractor library.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24613 was patched at 2024-05-15

6905. Denial of Service - Unknown Product (CVE-2022-24614) - Low [196]

Description: {'vulners_cve_data_all': 'When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24614 was patched at 2024-05-15

6906. Denial of Service - Unknown Product (CVE-2022-24615) - Low [196]

Description: {'vulners_cve_data_all': 'zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24615 was patched at 2024-05-15

6907. Denial of Service - Unknown Product (CVE-2022-25050) - Low [196]

Description: {'vulners_cve_data_all': 'rtl_433 21.12 was discovered to contain a stack overflow in the function somfy_iohc_decode(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25050 was patched at 2024-05-15

6908. Denial of Service - Unknown Product (CVE-2022-25327) - Low [196]

Description: {'vulners_cve_data_all': 'The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the system. We recommend upgrading to version 0.3.3 or above', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25327 was patched at 2024-05-15

6909. Denial of Service - Unknown Product (CVE-2022-2652) - Low [196]

Description: {'vulners_cve_data_all': 'Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2652 was patched at 2024-05-15

6910. Denial of Service - Unknown Product (CVE-2022-27419) - Low [196]

Description: {'vulners_cve_data_all': 'rtl_433 21.12 was discovered to contain a stack overflow in the function acurite_00275rm_decode at /devices/acurite.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-27419 was patched at 2024-05-15

6911. Denial of Service - Unknown Product (CVE-2022-28191) - Low [196]

Description: {'vulners_cve_data_all': 'NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where uncontrolled resource consumption can be triggered by an unprivileged regular user, which may lead to denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-28191 was patched at 2024-05-15

6912. Denial of Service - Unknown Product (CVE-2022-30126) - Low [196]

Description: {'vulners_cve_data_all': 'In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-30126 was patched at 2024-05-15

6913. Denial of Service - Unknown Product (CVE-2022-33067) - Low [196]

Description: {'vulners_cve_data_all': 'Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. These vulnerabilities allow attackers to cause a Denial of Service via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-33067 was patched at 2024-05-15

6914. Denial of Service - Unknown Product (CVE-2022-34679) - Low [196]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unhandled return value can lead to a null-pointer dereference, which may lead to denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-34679 was patched at 2024-05-15

6915. Denial of Service - Unknown Product (CVE-2022-34682) - Low [196]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a null-pointer dereference, which may lead to denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-34682 was patched at 2024-05-15

6916. Denial of Service - Unknown Product (CVE-2022-4132) - Low [196]

Description: {'vulners_cve_data_all': 'A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-4132 was patched at 2024-05-15

6917. Denial of Service - Unknown Product (CVE-2023-0190) - Low [196]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0190 was patched at 2024-05-15

6918. Denial of Service - Unknown Product (CVE-2023-23456) - Low [196]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-23456 was patched at 2024-05-15

6919. Denial of Service - Unknown Product (CVE-2023-23457) - Low [196]

Description: {'vulners_cve_data_all': 'A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-23457 was patched at 2024-05-15

6920. Denial of Service - Unknown Product (CVE-2023-26112) - Low [196]

Description: {'vulners_cve_data_all': 'All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\).\r\r**Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.\r\r', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26112 was patched at 2024-05-15

6921. Denial of Service - Unknown Product (CVE-2023-26590) - Low [196]

Description: {'vulners_cve_data_all': 'A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26590 was patched at 2024-05-15

6922. Denial of Service - Unknown Product (CVE-2023-28374) - Low [196]

Description: {'vulners_cve_data_all': 'Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-28374 was patched at 2024-05-15

6923. Denial of Service - Unknown Product (CVE-2023-28428) - Low [196]

Description: {'vulners_cve_data_all': 'PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue is available in version 1.1.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-28428 was patched at 2024-05-15

6924. Denial of Service - Unknown Product (CVE-2023-28720) - Low [196]

Description: {'vulners_cve_data_all': 'Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access..', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-28720 was patched at 2024-05-15

6925. Denial of Service - Unknown Product (CVE-2023-30207) - Low [196]

Description: {'vulners_cve_data_all': 'A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to cause a denial of service via use of crafted mp3 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-30207 was patched at 2024-05-15

6926. Denial of Service - Unknown Product (CVE-2023-31518) - Low [196]

Description: {'vulners_cve_data_all': 'A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via a crafted map file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31518 was patched at 2024-05-15

6927. Denial of Service - Unknown Product (CVE-2023-31794) - Low [196]

Description: {'vulners_cve_data_all': 'MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31794 was patched at 2024-05-15

6928. Denial of Service - Unknown Product (CVE-2023-32570) - Low [196]

Description: {'vulners_cve_data_all': 'VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-32570 was patched at 2024-05-15

6929. Denial of Service - Unknown Product (CVE-2023-33546) - Low [196]

Description: {'vulners_cve_data_all': 'Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow. NOTE: this is disputed by multiple parties because Janino is not intended for use with untrusted input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-33546 was patched at 2024-05-15

6930. Denial of Service - Unknown Product (CVE-2023-36308) - Low [196]

Description: {'vulners_cve_data_all': 'disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. NOTE: it is unclear whether there are common use cases in which this panic could have any security consequence', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-36308 was patched at 2024-05-15

6931. Denial of Service - Unknown Product (CVE-2023-38252) - Low [196]

Description: {'vulners_cve_data_all': 'An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38252 was patched at 2024-05-15

6932. Denial of Service - Unknown Product (CVE-2023-38253) - Low [196]

Description: {'vulners_cve_data_all': 'An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38253 was patched at 2024-05-15

6933. Denial of Service - Unknown Product (CVE-2023-38560) - Low [196]

Description: {'vulners_cve_data_all': 'An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38560 was patched at 2024-05-15

6934. Denial of Service - Unknown Product (CVE-2023-38665) - Low [196]

Description: {'vulners_cve_data_all': 'Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38665 was patched at 2024-05-15

6935. Denial of Service - Unknown Product (CVE-2023-38667) - Low [196]

Description: {'vulners_cve_data_all': 'Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38667 was patched at 2024-05-15

6936. Denial of Service - Unknown Product (CVE-2023-38668) - Low [196]

Description: {'vulners_cve_data_all': 'Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38668 was patched at 2024-05-15

6937. Denial of Service - Unknown Product (CVE-2023-39741) - Low [196]

Description: {'vulners_cve_data_all': 'lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39741 was patched at 2024-05-15

6938. Denial of Service - Unknown Product (CVE-2023-4256) - Low [196]

Description: {'vulners_cve_data_all': 'Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. This vulnerability can be exploited by supplying a specifically crafted file to the tcprewrite binary. This flaw enables a local attacker to initiate a Denial of Service (DoS) attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-4256 was patched at 2024-05-15

6939. Denial of Service - Unknown Product (CVE-2023-43898) - Low [196]

Description: {'vulners_cve_data_all': 'Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-43898 was patched at 2024-05-15

6940. Denial of Service - Unknown Product (CVE-2023-44821) - Low [196]

Description: {'vulners_cve_data_all': 'Gifsicle through 1.94, if deployed in a way that allows untrusted input to affect Gif_Realloc calls, might allow a denial of service (memory consumption). NOTE: this has been disputed by multiple parties because the Gifsicle code is not commonly used for unattended operation in which new input arrives for a long-running process, does not ship with functionality to link it into another application as a library, and does not have realistic use cases in which an adversary controls the entire command line.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-44821 was patched at 2024-05-15

6941. Denial of Service - Unknown Product (CVE-2023-51258) - Low [196]

Description: {'vulners_cve_data_all': 'A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51258 was patched at 2024-05-15

6942. Denial of Service - Unknown Product (CVE-2024-26308) - Low [196]

Description: {'vulners_cve_data_all': 'Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.\n\nUsers are recommended to upgrade to version 1.26, which fixes the issue.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26308 was patched at 2024-05-15

6943. Denial of Service - Unknown Product (CVE-2024-3772) - Low [196]

Description: {'vulners_cve_data_all': 'Regular expression denial of service in Pydanic < 2.4.0, < 1.10.13 allows remote attackers to cause denial of service via a crafted email string.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3772 was patched at 2024-05-15

6944. Incorrect Calculation - Unknown Product (CVE-2009-3930) - Low [196]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3930 was patched at 2024-05-15

6945. Incorrect Calculation - Unknown Product (CVE-2016-9580) - Low [196]

Description: {'vulners_cve_data_all': 'An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9580 was patched at 2024-05-15

6946. Incorrect Calculation - Unknown Product (CVE-2019-20205) - Low [196]

Description: {'vulners_cve_data_all': 'libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20205 was patched at 2024-05-15

6947. Incorrect Calculation - Unknown Product (CVE-2020-26682) - Low [196]

Description: {'vulners_cve_data_all': 'In libass 0.14.0, the `ass_outline_construct`'s call to `outline_stroke` causes a signed integer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-26682 was patched at 2024-05-15

6948. Memory Corruption - Unknown Product (CVE-2006-5868) - Low [196]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5868 was patched at 2024-05-15

6949. Memory Corruption - Unknown Product (CVE-2013-2019) - Low [196]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2019 was patched at 2024-05-15

6950. Memory Corruption - Unknown Product (CVE-2013-2298) - Low [196]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2298 was patched at 2024-05-15

6951. Memory Corruption - Unknown Product (CVE-2016-9581) - Low [196]

Description: {'vulners_cve_data_all': 'An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9581 was patched at 2024-05-15

6952. Memory Corruption - Unknown Product (CVE-2017-17509) - Low [196]

Description: {'vulners_cve_data_all': 'In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17509 was patched at 2024-05-15

6953. Memory Corruption - Unknown Product (CVE-2017-17973) - Low [196]

Description: {'vulners_cve_data_all': 'In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17973 was patched at 2024-05-15

6954. Memory Corruption - Unknown Product (CVE-2018-14034) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14034 was patched at 2024-05-15

6955. Memory Corruption - Unknown Product (CVE-2018-14449) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in libgig 4.1.0. There is an out of bounds read in gig::File::UpdateChunks in gig.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14449 was patched at 2024-05-15

6956. Memory Corruption - Unknown Product (CVE-2018-14450) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "update dimension region's chunks" feature of the function gig::Region::UpdateChunks in gig.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14450 was patched at 2024-05-15

6957. Memory Corruption - Unknown Product (CVE-2018-14451) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14451 was patched at 2024-05-15

6958. Memory Corruption - Unknown Product (CVE-2018-14452) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the "always assign the sample of the first dimension region of this region" feature of the function gig::Region::UpdateChunks in gig.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14452 was patched at 2024-05-15

6959. Memory Corruption - Unknown Product (CVE-2018-14453) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store16 in helper.h.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14453 was patched at 2024-05-15

6960. Memory Corruption - Unknown Product (CVE-2018-14454) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in libgig 4.1.0. There is an out-of-bounds read in the function RIFF::Chunk::Read in RIFF.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14454 was patched at 2024-05-15

6961. Memory Corruption - Unknown Product (CVE-2018-14455) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store32 in helper.h.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14455 was patched at 2024-05-15

6962. Memory Corruption - Unknown Product (CVE-2018-14456) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14456 was patched at 2024-05-15

6963. Memory Corruption - Unknown Product (CVE-2018-14457) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::UpdateChunks in DLS.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14457 was patched at 2024-05-15

6964. Memory Corruption - Unknown Product (CVE-2018-14458) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in pData[1] access in the function store32 in helper.h.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14458 was patched at 2024-05-15

6965. Memory Corruption - Unknown Product (CVE-2018-14459) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in pData[0] access in the function store16 in helper.h.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14459 was patched at 2024-05-15

6966. Memory Corruption - Unknown Product (CVE-2018-16438) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in H5L_extern_query at H5Lexternal.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16438 was patched at 2024-05-15

6967. Memory Corruption - Unknown Product (CVE-2018-17942) - Low [196]

Description: {'vulners_cve_data_all': 'The convert_to_decimal function in vasnprintf.c in Gnulib before 2018-09-23 has a heap-based buffer overflow because memory is not allocated for a trailing '\\0' character during %f processing.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17942 was patched at 2024-05-15

6968. Memory Corruption - Unknown Product (CVE-2018-19760) - Low [196]

Description: {'vulners_cve_data_all': 'cfg_init in confuse.c in libConfuse 3.2.2 has a memory leak.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19760 was patched at 2024-05-15

6969. Memory Corruption - Unknown Product (CVE-2018-20541) - Low [196]

Description: {'vulners_cve_data_all': 'There is a heap-based buffer overflow in libxsmm_sparse_csc_reader at generator_spgemm_csc_reader.c in LIBXSMM 1.10, a different vulnerability than CVE-2018-20542 (which is in a different part of the source code and is seen at different addresses).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20541 was patched at 2024-05-15

6970. Memory Corruption - Unknown Product (CVE-2018-6611) - Low [196]

Description: {'vulners_cve_data_all': 'soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt before 0.3.6, has an out-of-bounds read via a malformed STP file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6611 was patched at 2024-05-15

6971. Memory Corruption - Unknown Product (CVE-2019-10088) - Low [196]

Description: {'vulners_cve_data_all': 'A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10088 was patched at 2024-05-15

6972. Memory Corruption - Unknown Product (CVE-2019-11471) - Low [196]

Description: {'vulners_cve_data_all': 'libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11471 was patched at 2024-05-15

6973. Memory Corruption - Unknown Product (CVE-2019-11639) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11639 was patched at 2024-05-15

6974. Memory Corruption - Unknown Product (CVE-2019-11640) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11640 was patched at 2024-05-15

6975. Memory Corruption - Unknown Product (CVE-2019-13568) - Low [196]

Description: {'vulners_cve_data_all': 'CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-13568 was patched at 2024-05-15

6976. Memory Corruption - Unknown Product (CVE-2019-14690) - Low [196]

Description: {'vulners_cve_data_all': 'AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14690 was patched at 2024-05-15

6977. Memory Corruption - Unknown Product (CVE-2019-14691) - Low [196]

Description: {'vulners_cve_data_all': 'AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in dtm.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14691 was patched at 2024-05-15

6978. Memory Corruption - Unknown Product (CVE-2019-14692) - Low [196]

Description: {'vulners_cve_data_all': 'AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14692 was patched at 2024-05-15

6979. Memory Corruption - Unknown Product (CVE-2019-14732) - Low [196]

Description: {'vulners_cve_data_all': 'AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14732 was patched at 2024-05-15

6980. Memory Corruption - Unknown Product (CVE-2019-14733) - Low [196]

Description: {'vulners_cve_data_all': 'AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::load() in rad.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14733 was patched at 2024-05-15

6981. Memory Corruption - Unknown Product (CVE-2019-14734) - Low [196]

Description: {'vulners_cve_data_all': 'AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14734 was patched at 2024-05-15

6982. Memory Corruption - Unknown Product (CVE-2019-19720) - Low [196]

Description: {'vulners_cve_data_all': 'Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19720 was patched at 2024-05-15

6983. Memory Corruption - Unknown Product (CVE-2019-20094) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_init_frame at fromgif.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20094 was patched at 2024-05-15

6984. Memory Corruption - Unknown Product (CVE-2019-20140) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_out_code at fromgif.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20140 was patched at 2024-05-15

6985. Memory Corruption - Unknown Product (CVE-2019-20433) - Low [196]

Description: {'vulners_cve_data_all': 'libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20433 was patched at 2024-05-15

6986. Memory Corruption - Unknown Product (CVE-2019-9151) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5VM_memcpyvv in H5VM.c when called from H5D__compact_readvv in H5Dcompact.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9151 was patched at 2024-05-15

6987. Memory Corruption - Unknown Product (CVE-2019-9152) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5MM_xstrdup in H5MM.c when called from H5O_dtype_decode_helper in H5Odtype.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9152 was patched at 2024-05-15

6988. Memory Corruption - Unknown Product (CVE-2020-15888) - Low [196]

Description: {'vulners_cve_data_all': 'Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15888 was patched at 2024-05-15

6989. Memory Corruption - Unknown Product (CVE-2020-29657) - Low [196]

Description: {'vulners_cve_data_all': 'In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unhandled_exception in the main-utils.c file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-29657 was patched at 2024-05-15

6990. Memory Corruption - Unknown Product (CVE-2020-36129) - Low [196]

Description: {'vulners_cve_data_all': 'AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36129 was patched at 2024-05-15

6991. Memory Corruption - Unknown Product (CVE-2020-36428) - Low [196]

Description: {'vulners_cve_data_all': 'matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble (called from ReadInt32Data and Mat_VarRead4).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36428 was patched at 2024-05-15

6992. Memory Corruption - Unknown Product (CVE-2020-5496) - Low [196]

Description: {'vulners_cve_data_all': 'FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5496 was patched at 2024-05-15

6993. Memory Corruption - Unknown Product (CVE-2020-6860) - Low [196]

Description: {'vulners_cve_data_all': 'libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-6860 was patched at 2024-05-15

6994. Memory Corruption - Unknown Product (CVE-2021-36082) - Low [196]

Description: {'vulners_cve_data_all': 'ntop nDPI 3.4 has a stack-based buffer overflow in processClientServerHello.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-36082 was patched at 2024-05-15

6995. Memory Corruption - Unknown Product (CVE-2021-39536) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in libxsmm through v1.16.1-93. The JIT code has a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39536 was patched at 2024-05-15

6996. Memory Corruption - Unknown Product (CVE-2021-41715) - Low [196]

Description: {'vulners_cve_data_all': 'libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41715 was patched at 2024-05-15

6997. Memory Corruption - Unknown Product (CVE-2022-27046) - Low [196]

Description: {'vulners_cve_data_all': 'libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-27046 was patched at 2024-05-15

6998. Memory Corruption - Unknown Product (CVE-2022-39047) - Low [196]

Description: {'vulners_cve_data_all': 'Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vulnerability in the Modpack Installer utility's handling of the modpack URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-39047 was patched at 2024-05-15

6999. Memory Corruption - Unknown Product (CVE-2023-29421) - Low [196]

Description: {'vulners_cve_data_all': 'An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3_decode_block.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29421 was patched at 2024-05-15

7000. Memory Corruption - Unknown Product (CVE-2023-31566) - Low [196]

Description: {'vulners_cve_data_all': 'Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31566 was patched at 2024-05-15

7001. Memory Corruption - Unknown Product (CVE-2023-31567) - Low [196]

Description: {'vulners_cve_data_all': 'Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31567 was patched at 2024-05-15

7002. Memory Corruption - Unknown Product (CVE-2024-25447) - Low [196]

Description: {'vulners_cve_data_all': 'An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25447 was patched at 2024-05-15

7003. Memory Corruption - Unknown Product (CVE-2024-25448) - Low [196]

Description: {'vulners_cve_data_all': 'An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25448 was patched at 2024-05-15

7004. Path Traversal - Unknown Product (CVE-2002-1425) - Low [196]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ (dot-dot) sequence in the filename to be extracted.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1425 was patched at 2024-05-15

7005. Path Traversal - Unknown Product (CVE-2004-0792) - Low [196]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0792 was patched at 2024-05-15

7006. Path Traversal - Unknown Product (CVE-2005-2007) - Low [196]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the id parameter to the (1) upload or (2) attachment scripts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2007 was patched at 2024-05-15

7007. Path Traversal - Unknown Product (CVE-2007-2836) - Low [196]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2836 was patched at 2024-05-15

7008. Path Traversal - Unknown Product (CVE-2008-5301) - Low [196]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5301 was patched at 2024-05-15

7009. Path Traversal - Unknown Product (CVE-2010-0396) - Low [196]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0396 was patched at 2024-05-15

7010. Path Traversal - Unknown Product (CVE-2010-4369) - Low [196]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4369 was patched at 2024-05-15

7011. Path Traversal - Unknown Product (CVE-2012-3360) - Low [196]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3360 was patched at 2024-05-15

7012. Path Traversal - Unknown Product (CVE-2014-9485) - Low [196]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry in a ZIP archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9485 was patched at 2024-05-15

7013. Path Traversal - Unknown Product (CVE-2014-9983) - Low [196]

Description: {'vulners_cve_data_all': 'Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9983 was patched at 2024-05-15

7014. Path Traversal - Unknown Product (CVE-2015-0552) - Low [196]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demonstrated by "\\tmp\\moo."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0552 was patched at 2024-05-15

7015. Path Traversal - Unknown Product (CVE-2018-1000161) - Low [196]

Description: {'vulners_cve_data_all': 'nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against a malicious web site. This vulnerability appears to have been fixed in 7.7.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000161 was patched at 2024-05-15

7016. Unknown Vulnerability Type - Unknown Product (CVE-2017-15377) - Low [196]

Description: {'vulners_cve_data_all': 'In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15377 was patched at 2024-05-15

7017. Arbitrary File Reading - Unknown Product (CVE-2010-2237) - Low [195]

Description: {'vulners_cve_data_all': 'Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2237 was patched at 2024-05-15

7018. Arbitrary File Reading - Unknown Product (CVE-2010-2238) - Low [195]

Description: {'vulners_cve_data_all': 'Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2238 was patched at 2024-05-15

7019. Arbitrary File Reading - Unknown Product (CVE-2011-2178) - Low [195]

Description: {'vulners_cve_data_all': 'The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security manager private data" that "reopens disk probing" and might allow guest OS users to read arbitrary files on the host OS. NOTE: this vulnerability exists because of a CVE-2010-2238 regression.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2178 was patched at 2024-05-15

7020. Arbitrary File Reading - Unknown Product (CVE-2011-2746) - Low [195]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.x before 2.4.11 and 3.x before 3.0.10 allows remote authenticated administrators to read arbitrary files via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2746 was patched at 2024-05-15

7021. Arbitrary File Reading - Unknown Product (CVE-2012-3864) - Low [195]

Description: {'vulners_cve_data_all': 'Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3864 was patched at 2024-05-15

7022. Information Disclosure - Unknown Product (CVE-2007-5936) - Low [195]

Description: {'vulners_cve_data_all': 'dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5936 was patched at 2024-05-15

7023. Information Disclosure - Unknown Product (CVE-2008-1290) - Low [195]

Description: {'vulners_cve_data_all': 'ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1290 was patched at 2024-05-15

7024. Information Disclosure - Unknown Product (CVE-2010-2072) - Low [195]

Description: {'vulners_cve_data_all': 'Pyftpd 0.8.4 creates log files with predictable names in a temporary directory, which allows local users to cause a denial of service and obtain sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2072 was patched at 2024-05-15

7025. Information Disclosure - Unknown Product (CVE-2011-1498) - Low [195]

Description: {'vulners_cve_data_all': 'Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1498 was patched at 2024-05-15

7026. Information Disclosure - Unknown Product (CVE-2011-4896) - Low [195]

Description: {'vulners_cve_data_all': 'Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4896 was patched at 2024-05-15

7027. Information Disclosure - Unknown Product (CVE-2012-2146) - Low [195]

Description: {'vulners_cve_data_all': 'Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector (IV), which makes it easier for context-dependent users to obtain sensitive information and decrypt the database.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2146 was patched at 2024-05-15

7028. Information Disclosure - Unknown Product (CVE-2012-5624) - Low [195]

Description: {'vulners_cve_data_all': 'The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5624 was patched at 2024-05-15

7029. Information Disclosure - Unknown Product (CVE-2012-6076) - Low [195]

Description: {'vulners_cve_data_all': 'Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6076 was patched at 2024-05-15

7030. Information Disclosure - Unknown Product (CVE-2012-6459) - Low [195]

Description: {'vulners_cve_data_all': 'ConnMan 1.3 on Tizen continues to list the bluetooth service after offline mode has been enabled, which might allow remote attackers to obtain sensitive information via Bluetooth packets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6459 was patched at 2024-05-15

7031. Information Disclosure - Unknown Product (CVE-2013-0212) - Low [195]

Description: {'vulners_cve_data_all': 'store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0212 was patched at 2024-05-15

7032. Information Disclosure - Unknown Product (CVE-2014-0246) - Low [195]

Description: {'vulners_cve_data_all': 'SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0246 was patched at 2024-05-15

7033. Information Disclosure - Unknown Product (CVE-2014-5369) - Low [195]

Description: {'vulners_cve_data_all': 'Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5369 was patched at 2024-05-15

7034. Information Disclosure - Unknown Product (CVE-2016-6189) - Low [195]

Description: {'vulners_cve_data_all': 'Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by reading the fields in the (1) ics or (2) XML calendar feeds.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6189 was patched at 2024-05-15

7035. Information Disclosure - Unknown Product (CVE-2016-6190) - Low [195]

Description: {'vulners_cve_data_all': 'SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all users.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6190 was patched at 2024-05-15

7036. Information Disclosure - Unknown Product (CVE-2017-7995) - Low [195]

Description: {'vulners_cve_data_all': 'Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges only after accessing them, allowing host PCI device space memory reads, leading to information disclosure. This is an error in the get_user function. NOTE: the upstream Xen Project considers versions before 4.5.x to be EOL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7995 was patched at 2024-05-15

7037. Information Disclosure - Unknown Product (CVE-2019-12383) - Low [195]

Description: {'vulners_cve_data_all': 'Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my language" setting.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12383 was patched at 2024-05-15

7038. Information Disclosure - Unknown Product (CVE-2019-9245) - Low [195]

Description: {'vulners_cve_data_all': 'In the Android kernel in the f2fs driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9245 was patched at 2024-05-15

7039. Information Disclosure - Unknown Product (CVE-2019-9444) - Low [195]

Description: {'vulners_cve_data_all': 'In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9444 was patched at 2024-05-15

7040. Information Disclosure - Unknown Product (CVE-2021-39657) - Low [195]

Description: {'vulners_cve_data_all': 'In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-194696049References: Upstream kernel', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39657 was patched at 2024-05-15

7041. Information Disclosure - Unknown Product (CVE-2021-39711) - Low [195]

Description: {'vulners_cve_data_all': 'In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernel', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39711 was patched at 2024-05-15

7042. Information Disclosure - Unknown Product (CVE-2023-0193) - Low [195]

Description: {'vulners_cve_data_all': '\nNVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0193 was patched at 2024-05-15

7043. Information Disclosure - Unknown Product (CVE-2023-35061) - Low [195]

Description: {'vulners_cve_data_all': 'Improper initialization for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-35061 was patched at 2024-05-15

7044. Unknown Vulnerability Type - Eclipse Mosquitto (CVE-2018-20145) - Low [195]

Description: {'vulners_cve_data_all': 'Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Eclipse Mosquitto provides a lightweight server implementation of the MQTT protocol that is suitable for all situations from full power machines to embedded and low power machines
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20145 was patched at 2024-05-15

7045. Unknown Vulnerability Type - Exim (CVE-2012-2140) - Low [195]

Description: {'vulners_cve_data_all': 'The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Exim is a mail transfer agent (MTA) used on Unix-like operating systems
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2140 was patched at 2024-05-15

7046. Unknown Vulnerability Type - Exim (CVE-2021-38371) - Low [195]

Description: {'vulners_cve_data_all': 'The STARTTLS feature in Exim through 4.94.2 allows response injection (buffering) during MTA SMTP sending.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Exim is a mail transfer agent (MTA) used on Unix-like operating systems
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38371 was patched at 2024-05-15

7047. Unknown Vulnerability Type - ImageMagick (CVE-2005-4601) - Low [195]

Description: {'vulners_cve_data_all': 'The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4601 was patched at 2024-05-15

7048. Unknown Vulnerability Type - ImageMagick (CVE-2006-5099) - Low [195]

Description: {'vulners_cve_data_all': 'lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5099 was patched at 2024-05-15

7049. Unknown Vulnerability Type - ImageMagick (CVE-2021-20311) - Low [195]

Description: {'vulners_cve_data_all': 'A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-20311 was patched at 2024-05-15

7050. Unknown Vulnerability Type - Perl (CVE-2002-0703) - Low [195]

Description: {'vulners_cve_data_all': 'An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0703 was patched at 2024-05-15

7051. Unknown Vulnerability Type - Perl (CVE-2002-0738) - Low [195]

Description: {'vulners_cve_data_all': 'MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0738 was patched at 2024-05-15

7052. Unknown Vulnerability Type - Perl (CVE-2002-1271) - Low [195]

Description: {'vulners_cve_data_all': 'The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1271 was patched at 2024-05-15

7053. Unknown Vulnerability Type - Perl (CVE-2003-0516) - Low [195]

Description: {'vulners_cve_data_all': 'cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0516 was patched at 2024-05-15

7054. Unknown Vulnerability Type - Perl (CVE-2004-0986) - Low [195]

Description: {'vulners_cve_data_all': 'Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0986 was patched at 2024-05-15

7055. Unknown Vulnerability Type - Perl (CVE-2004-1096) - Low [195]

Description: {'vulners_cve_data_all': 'Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1096 was patched at 2024-05-15

7056. Unknown Vulnerability Type - Perl (CVE-2005-0130) - Low [195]

Description: {'vulners_cve_data_all': 'Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC scripts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0130 was patched at 2024-05-15

7057. Unknown Vulnerability Type - Perl (CVE-2005-0198) - Low [195]

Description: {'vulners_cve_data_all': 'A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0198 was patched at 2024-05-15

7058. Unknown Vulnerability Type - Perl (CVE-2005-0638) - Low [195]

Description: {'vulners_cve_data_all': 'xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0638 was patched at 2024-05-15

7059. Unknown Vulnerability Type - Perl (CVE-2005-1824) - Low [195]

Description: {'vulners_cve_data_all': 'The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1824 was patched at 2024-05-15

7060. Unknown Vulnerability Type - Perl (CVE-2005-2471) - Low [195]

Description: {'vulners_cve_data_all': 'pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2471 was patched at 2024-05-15

7061. Unknown Vulnerability Type - Perl (CVE-2006-5872) - Low [195]

Description: {'vulners_cve_data_all': 'login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5872 was patched at 2024-05-15

7062. Unknown Vulnerability Type - Perl (CVE-2007-0233) - Low [195]

Description: {'vulners_cve_data_all': 'wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in WordPress.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0233 was patched at 2024-05-15

7063. Unknown Vulnerability Type - Perl (CVE-2007-1595) - Low [195]

Description: {'vulners_cve_data_all': 'The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1595 was patched at 2024-05-15

7064. Unknown Vulnerability Type - Perl (CVE-2008-2146) - Low [195]

Description: {'vulners_cve_data_all': 'wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATH_INFO ($PHP_SELF), which allows remote attackers to bypass intended access restrictions for certain pages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2146 was patched at 2024-05-15

7065. Unknown Vulnerability Type - Perl (CVE-2008-3196) - Low [195]

Description: {'vulners_cve_data_all': 'skeleton.c in yacc does not properly handle reduction of a rule with an empty right hand side, which allows context-dependent attackers to cause an out-of-bounds stack access when the yacc stack pointer points to the end of the stack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3196 was patched at 2024-05-15

7066. Unknown Vulnerability Type - Perl (CVE-2010-0412) - Low [195]

Description: {'vulners_cve_data_all': 'stap-server in SystemTap 1.1 does not properly restrict the value of the -B (aka BUILD) option, which allows attackers to have an unspecified impact via vectors associated with executing the make program, a different vulnerability than CVE-2009-4273.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0412 was patched at 2024-05-15

7067. Unknown Vulnerability Type - Perl (CVE-2010-0669) - Low [195]

Description: {'vulners_cve_data_all': 'MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly sanitize user profiles, which has unspecified impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0669 was patched at 2024-05-15

7068. Unknown Vulnerability Type - Perl (CVE-2010-1678) - Low [195]

Description: {'vulners_cve_data_all': 'Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1678 was patched at 2024-05-15

7069. Unknown Vulnerability Type - Perl (CVE-2010-2060) - Low [195]

Description: {'vulners_cve_data_all': 'The put command functionality in beanstalkd 1.4.5 and earlier allows remote attackers to execute arbitrary Beanstalk commands via the body in a job that is too big, which is not properly handled by the dispatch_cmd function in prot.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2060 was patched at 2024-05-15

7070. Unknown Vulnerability Type - Perl (CVE-2010-3055) - Low [195]

Description: {'vulners_cve_data_all': 'The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3055 was patched at 2024-05-15

7071. Unknown Vulnerability Type - Perl (CVE-2010-5108) - Low [195]

Description: {'vulners_cve_data_all': 'Trac 0.11.6 does not properly check workflow permissions before modifying a ticket. This can be exploited by an attacker to change the status and resolution of tickets without having proper permissions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-5108 was patched at 2024-05-15

7072. Unknown Vulnerability Type - Perl (CVE-2012-3292) - Low [195]

Description: {'vulners_cve_data_all': 'The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3292 was patched at 2024-05-15

7073. Unknown Vulnerability Type - Perl (CVE-2012-4456) - Low [195]

Description: {'vulners_cve_data_all': 'The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4456 was patched at 2024-05-15

7074. Unknown Vulnerability Type - Perl (CVE-2012-5642) - Low [195]

Description: {'vulners_cve_data_all': 'server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5642 was patched at 2024-05-15

7075. Unknown Vulnerability Type - Perl (CVE-2012-6071) - Low [195]

Description: {'vulners_cve_data_all': 'nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6071 was patched at 2024-05-15

7076. Unknown Vulnerability Type - Perl (CVE-2014-1845) - Low [195]

Description: {'vulners_cve_data_all': 'An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1845 was patched at 2024-05-15

7077. Unknown Vulnerability Type - Perl (CVE-2014-2901) - Low [195]

Description: {'vulners_cve_data_all': 'wolfssl before 3.2.0 does not properly issue certificates for a server's hostname.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2901 was patched at 2024-05-15

7078. Unknown Vulnerability Type - Perl (CVE-2014-2902) - Low [195]

Description: {'vulners_cve_data_all': 'wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2902 was patched at 2024-05-15

7079. Unknown Vulnerability Type - Perl (CVE-2014-2904) - Low [195]

Description: {'vulners_cve_data_all': 'wolfssl before 3.2.0 has a server certificate that is not properly authorized for server authentication.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2904 was patched at 2024-05-15

7080. Unknown Vulnerability Type - Perl (CVE-2014-5220) - Low [195]

Description: {'vulners_cve_data_all': 'The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5220 was patched at 2024-05-15

7081. Unknown Vulnerability Type - Perl (CVE-2014-8413) - Low [195]

Description: {'vulners_cve_data_all': 'The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8413 was patched at 2024-05-15

7082. Unknown Vulnerability Type - Perl (CVE-2016-10122) - Low [195]

Description: {'vulners_cve_data_all': 'Firejail does not properly clean environment variables, which allows local users to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10122 was patched at 2024-05-15

7083. Unknown Vulnerability Type - Perl (CVE-2016-3125) - Low [195]

Description: {'vulners_cve_data_all': 'The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3125 was patched at 2024-05-15

7084. Unknown Vulnerability Type - Perl (CVE-2017-0374) - Low [195]

Description: {'vulners_cve_data_all': 'lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0374 was patched at 2024-05-15

7085. Unknown Vulnerability Type - Perl (CVE-2017-10916) - Low [195]

Description: {'vulners_cve_data_all': 'The vCPU context-switch implementation in Xen through 4.8.x improperly interacts with the Memory Protection Extensions (MPX) and Protection Key (PKU) features, which makes it easier for guest OS users to defeat ASLR and other protection mechanisms, aka XSA-220.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-10916 was patched at 2024-05-15

7086. Unknown Vulnerability Type - Perl (CVE-2017-7500) - Low [195]

Description: {'vulners_cve_data_all': 'It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7500 was patched at 2024-05-15

7087. Unknown Vulnerability Type - Perl (CVE-2018-16976) - Low [195]

Description: {'vulners_cve_data_all': 'Gitolite before 3.6.9 does not (in certain configurations involving @all or a regex) properly restrict access to a Git repository that is in the process of being migrated until the full set of migration steps has been completed. This can allow valid users to obtain unintended access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16976 was patched at 2024-05-15

7088. Unknown Vulnerability Type - Perl (CVE-2019-3806) - Low [195]

Description: {'vulners_cve_data_all': 'An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-3806 was patched at 2024-05-15

7089. Unknown Vulnerability Type - Perl (CVE-2020-11713) - Low [195]

Description: {'vulners_cve_data_all': 'wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11713 was patched at 2024-05-15

7090. Unknown Vulnerability Type - Perl (CVE-2020-15694) - Low [195]

Description: {'vulners_cve_data_all': 'In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15694 was patched at 2024-05-15

7091. Unknown Vulnerability Type - Perl (CVE-2020-27187) - Low [195]

Description: {'vulners_cve_data_all': 'An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27187 was patched at 2024-05-15

7092. Unknown Vulnerability Type - Perl (CVE-2022-23647) - Low [195]

Description: {'vulners_cve_data_all': 'Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code. Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted. This bug has been fixed in v1.27.0. As a workaround, do not use the command line plugin on untrusted inputs, or sanitize all code blocks (remove all HTML code text) from all code blocks that use the command line plugin.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-23647 was patched at 2024-05-15

7093. Unknown Vulnerability Type - Python (CVE-2005-0088) - Low [195]

Description: {'vulners_cve_data_all': 'The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0088 was patched at 2024-05-15

7094. Unknown Vulnerability Type - Python (CVE-2005-3302) - Low [195]

Description: {'vulners_cve_data_all': 'Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3302 was patched at 2024-05-15

7095. Unknown Vulnerability Type - Python (CVE-2008-6547) - Low [195]

Description: {'vulners_cve_data_all': 'schema.py in FormEncode for Python (python-formencode) 1.0 does not apply the chained_validators feature, which allows attackers to bypass intended access restrictions via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6547 was patched at 2024-05-15

7096. Unknown Vulnerability Type - Python (CVE-2009-2940) - Low [195]

Description: {'vulners_cve_data_all': 'The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2940 was patched at 2024-05-15

7097. Unknown Vulnerability Type - Python (CVE-2011-4104) - Low [195]

Description: {'vulners_cve_data_all': 'The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4104 was patched at 2024-05-15

7098. Unknown Vulnerability Type - Python (CVE-2012-5577) - Low [195]

Description: {'vulners_cve_data_all': 'Python keyring lib before 0.10 created keyring files with world-readable permissions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5577 was patched at 2024-05-15

7099. Unknown Vulnerability Type - Python (CVE-2014-7143) - Low [195]

Description: {'vulners_cve_data_all': 'Python Twisted 14.0 trustRoot is not respected in HTTP client', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-7143 was patched at 2024-05-15

7100. Unknown Vulnerability Type - Python (CVE-2015-7546) - Low [195]

Description: {'vulners_cve_data_all': 'The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7546 was patched at 2024-05-15

7101. Unknown Vulnerability Type - Python (CVE-2018-6353) - Low [195]

Description: {'vulners_cve_data_all': 'The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended workstation, which makes it easier for attackers to steal Bitcoin via hook code that runs at a later time when the wallet password has been entered, a different vulnerability than CVE-2018-1000022.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6353 was patched at 2024-05-15

7102. Unknown Vulnerability Type - Python (CVE-2020-26263) - Low [195]

Description: {'vulners_cve_data_all': 'tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS#1 v1.5 decryption is data dependant. In particular, the code has multiple ways in which it leaks information about the decrypted ciphertext. It aborts as soon as the plaintext doesn't start with 0x00, 0x02. All TLS servers that enable RSA key exchange as well as applications that use the RSA decryption API directly are vulnerable. This is patched in versions 0.7.6 and 0.8.0-alpha39. Note: the patches depend on Python processing the individual bytes in side-channel free manner, this is known to not the case (see reference). As such, users that require side-channel resistance are recommended to use different TLS implementations, as stated in the security policy of tlslite-ng.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-26263 was patched at 2024-05-15

7103. Unknown Vulnerability Type - Python (CVE-2021-40839) - Low [195]

Description: {'vulners_cve_data_all': 'The rencode package through 1.0.6 for Python allows an infinite loop in typecode decoding (such as via ;\\x2f\\x7f), enabling a remote attack that consumes CPU and memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40839 was patched at 2024-05-15

7104. Unknown Vulnerability Type - Python (CVE-2022-22846) - Low [195]

Description: {'vulners_cve_data_all': 'The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-22846 was patched at 2024-05-15

7105. Unknown Vulnerability Type - Python (CVE-2022-31471) - Low [195]

Description: {'vulners_cve_data_all': 'untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-31471 was patched at 2024-05-15

7106. Unknown Vulnerability Type - Python (CVE-2023-36830) - Low [195]

Description: {'vulners_cve_data_all': 'SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the `library_path` config value to allow arbitrary python code to be executed via macros. For many users who use SQLFluff in the context of an environment where all users already have fairly escalated privileges, this may not be an issue - however in larger user bases, or where SQLFluff is bundled into another tool where developers still wish to give users access to supply their on rule configuration, this may be an issue.\n\nThe 2.1.2 release offers the ability for the `library_path` argument to be overwritten on the command line by using the `--library-path` option. This overrides any values provided in the config files and effectively prevents this route of attack for users which have access to the config file, but not to the scripts which call the SQLFluff CLI directly. A similar option is provided for the Python API, where users also have a greater ability to further customise or override configuration as necessary. Unless `library_path` is explicitly required, SQLFluff maintainers recommend using the option `--library-path none` when invoking SQLFluff which will disable the `library-path` option entirely regardless of the options set in the configuration file or via inline config directives. As a workaround, limiting access to - or otherwise validating configuration files before they are ingested by SQLFluff will provides a similar effect and does not require upgrade.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-36830 was patched at 2024-05-15

7107. Unknown Vulnerability Type - Python (CVE-2023-6597) - Low [195]

Description: {'vulners_cve_data_all': 'An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-6597 was patched at 2024-05-23, 2024-05-29

debian: CVE-2023-6597 was patched at 2024-05-15

oraclelinux: CVE-2023-6597 was patched at 2024-05-29, 2024-05-31

redhat: CVE-2023-6597 was patched at 2024-05-23, 2024-05-28, 2024-05-29

7108. Unknown Vulnerability Type - Roundcube (CVE-2018-1000071) - Low [195]

Description: {'vulners_cve_data_all': 'roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000071 was patched at 2024-05-15

7109. Unknown Vulnerability Type - Wireshark (CVE-2006-3630) - Low [195]

Description: {'vulners_cve_data_all': 'Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the (1) NCP NMAS and (2) NDPS dissectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3630 was patched at 2024-05-15

7110. Unknown Vulnerability Type - Wireshark (CVE-2016-7957) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-btl2cap.c by avoiding use of a seven-byte memcmp for potentially shorter strings.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7957 was patched at 2024-05-15

7111. Unknown Vulnerability Type - Wireshark (CVE-2016-7958) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/CMakeLists.txt by registering this dissector.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7958 was patched at 2024-05-15

7112. Unknown Vulnerability Type - Wireshark (CVE-2017-11410) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding validation of the relationships between indexes and lengths. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-7702.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11410 was patched at 2024-05-15

7113. Unknown Vulnerability Type - Wireshark (CVE-2017-11411) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-9350.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11411 was patched at 2024-05-15

7114. Unknown Vulnerability Type - Wireshark (CVE-2017-13764) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.4.0, the Modbus dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/packet-mbtcp.c by adding length validation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-13764 was patched at 2024-05-15

7115. Unknown Vulnerability Type - Wireshark (CVE-2017-13767) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-msdp.c by adding length validation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-13767 was patched at 2024-05-15

7116. Unknown Vulnerability Type - Wireshark (CVE-2017-15189) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by adding decrements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15189 was patched at 2024-05-15

7117. Unknown Vulnerability Type - Wireshark (CVE-2017-15190) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15190 was patched at 2024-05-15

7118. Unknown Vulnerability Type - Wireshark (CVE-2017-15192) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by considering a case where not all of the BTATT packets have the same encapsulation level.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15192 was patched at 2024-05-15

7119. Unknown Vulnerability Type - Wireshark (CVE-2017-15193) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-mbim.c by changing the memory-allocation approach.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15193 was patched at 2024-05-15

7120. Unknown Vulnerability Type - Wireshark (CVE-2017-7701) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7701 was patched at 2024-05-15

7121. Unknown Vulnerability Type - Wireshark (CVE-2017-7702) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wbxml.c by adding length validation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7702 was patched at 2024-05-15

7122. Unknown Vulnerability Type - Wireshark (CVE-2017-7704) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7704 was patched at 2024-05-15

7123. Unknown Vulnerability Type - Wireshark (CVE-2017-7705) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-rpcrdma.c by correctly checking for going beyond the maximum offset.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7705 was patched at 2024-05-15

7124. Unknown Vulnerability Type - Wireshark (CVE-2017-7745) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-sigcomp.c by correcting a memory-size check.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7745 was patched at 2024-05-15

7125. Unknown Vulnerability Type - Wireshark (CVE-2017-7748) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-wsp.c by adding a length check.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7748 was patched at 2024-05-15

7126. Unknown Vulnerability Type - Wireshark (CVE-2017-9343) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9343 was patched at 2024-05-15

7127. Unknown Vulnerability Type - Wireshark (CVE-2017-9345) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dns.c by trying to detect self-referencing pointers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9345 was patched at 2024-05-15

7128. Unknown Vulnerability Type - Wireshark (CVE-2017-9346) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-slsk.c by making loop bounds more explicit.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9346 was patched at 2024-05-15

7129. Unknown Vulnerability Type - Wireshark (CVE-2017-9348) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9348 was patched at 2024-05-15

7130. Unknown Vulnerability Type - Wireshark (CVE-2017-9350) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by checking for a negative length.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9350 was patched at 2024-05-15

7131. Unknown Vulnerability Type - Wireshark (CVE-2017-9351) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9351 was patched at 2024-05-15

7132. Unknown Vulnerability Type - Wireshark (CVE-2017-9352) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by ensuring that backwards parsing cannot occur.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9352 was patched at 2024-05-15

7133. Unknown Vulnerability Type - Wireshark (CVE-2017-9354) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector could crash. This was addressed in epan/dissectors/packet-rgmp.c by validating an IPv4 address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9354 was patched at 2024-05-15

7134. Unknown Vulnerability Type - Wireshark (CVE-2018-14344) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a buffer over-read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14344 was patched at 2024-05-15

7135. Unknown Vulnerability Type - Wireshark (CVE-2018-14367) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14367 was patched at 2024-05-15

7136. Unknown Vulnerability Type - Wireshark (CVE-2018-14370) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14370 was patched at 2024-05-15

7137. Unknown Vulnerability Type - Wireshark (CVE-2018-7320) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol dissector could crash. This was addressed in epan/dissectors/packet-sigcomp.c by validating operand offsets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7320 was patched at 2024-05-15

7138. Unknown Vulnerability Type - Wireshark (CVE-2018-7321) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thrift.c had a large loop that was addressed by not proceeding with dissection after encountering an unexpected type.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7321 was patched at 2024-05-15

7139. Unknown Vulnerability Type - Wireshark (CVE-2018-7326) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-lltd.c had an infinite loop that was addressed by using a correct integer data type.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7326 was patched at 2024-05-15

7140. Unknown Vulnerability Type - Wireshark (CVE-2018-7327) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-openflow_v6.c had an infinite loop that was addressed by validating property lengths.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7327 was patched at 2024-05-15

7141. Unknown Vulnerability Type - Wireshark (CVE-2018-7328) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-usb.c had an infinite loop that was addressed by rejecting short frame header lengths.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7328 was patched at 2024-05-15

7142. Unknown Vulnerability Type - Wireshark (CVE-2018-7329) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7329 was patched at 2024-05-15

7143. Unknown Vulnerability Type - Wireshark (CVE-2018-7330) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-thread.c had an infinite loop that was addressed by using a correct integer data type.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7330 was patched at 2024-05-15

7144. Unknown Vulnerability Type - Wireshark (CVE-2018-7333) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-rpcrdma.c had an infinite loop that was addressed by validating a chunk size.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7333 was patched at 2024-05-15

7145. Unknown Vulnerability Type - Wireshark (CVE-2018-7421) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7421 was patched at 2024-05-15

7146. Unknown Vulnerability Type - Wireshark (CVE-2018-9257) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-cql.c by checking for a nonzero number of columns.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-9257 was patched at 2024-05-15

7147. Unknown Vulnerability Type - Wireshark (CVE-2020-9429) - Low [195]

Description: {'vulners_cve_data_all': 'In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-9429 was patched at 2024-05-15

7148. Unknown Vulnerability Type - libxml2 (CVE-2021-42521) - Low [195]

Description: {'vulners_cve_data_all': 'There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may crash the application.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42521 was patched at 2024-05-15

7149. Arbitrary File Writing - Unknown Product (CVE-2003-0136) - Low [193]

Description: {'vulners_cve_data_all': 'psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0136 was patched at 2024-05-15

7150. Arbitrary File Writing - Unknown Product (CVE-2003-0193) - Low [193]

Description: {'vulners_cve_data_all': 'msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names ("word$$.html").', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0193 was patched at 2024-05-15

7151. Arbitrary File Writing - Unknown Product (CVE-2003-0367) - Low [193]

Description: {'vulners_cve_data_all': 'znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0367 was patched at 2024-05-15

7152. Arbitrary File Writing - Unknown Product (CVE-2003-0381) - Low [193]

Description: {'vulners_cve_data_all': 'Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0381 was patched at 2024-05-15

7153. Arbitrary File Writing - Unknown Product (CVE-2004-0256) - Low [193]

Description: {'vulners_cve_data_all': 'GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0256 was patched at 2024-05-15

7154. Arbitrary File Writing - Unknown Product (CVE-2004-0372) - Low [193]

Description: {'vulners_cve_data_all': 'xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0372 was patched at 2024-05-15

7155. Arbitrary File Writing - Unknown Product (CVE-2004-0422) - Low [193]

Description: {'vulners_cve_data_all': 'flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0422 was patched at 2024-05-15

7156. Arbitrary File Writing - Unknown Product (CVE-2004-0423) - Low [193]

Description: {'vulners_cve_data_all': 'The log_event function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0423 was patched at 2024-05-15

7157. Arbitrary File Writing - Unknown Product (CVE-2004-0564) - Low [193]

Description: {'vulners_cve_data_all': 'Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this identifier applies *only* to those configurations and installations under which pppoe is run setuid root despite the developer's warnings.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0564 was patched at 2024-05-15

7158. Arbitrary File Writing - Unknown Product (CVE-2004-0770) - Low [193]

Description: {'vulners_cve_data_all': 'romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files during decompression of (1) gzip or (2) bzip ROM files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0770 was patched at 2024-05-15

7159. Arbitrary File Writing - Unknown Product (CVE-2004-0851) - Low [193]

Description: {'vulners_cve_data_all': 'The (1) write_list and (2) dump_curr_list functions in Net-Acct before 0.71 allows local users to overwrite arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0851 was patched at 2024-05-15

7160. Arbitrary File Writing - Unknown Product (CVE-2004-1110) - Low [193]

Description: {'vulners_cve_data_all': 'The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1110 was patched at 2024-05-15

7161. Arbitrary File Writing - Unknown Product (CVE-2004-1179) - Low [193]

Description: {'vulners_cve_data_all': 'The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7.7 allows local users to overwrite arbitrary files via a symlink attack on temporary directories.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1179 was patched at 2024-05-15

7162. Arbitrary File Writing - Unknown Product (CVE-2004-1296) - Low [193]

Description: {'vulners_cve_data_all': 'The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1296 was patched at 2024-05-15

7163. Arbitrary File Writing - Unknown Product (CVE-2004-1377) - Low [193]

Description: {'vulners_cve_data_all': 'The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1377 was patched at 2024-05-15

7164. Arbitrary File Writing - Unknown Product (CVE-2005-0161) - Low [193]

Description: {'vulners_cve_data_all': 'Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0161 was patched at 2024-05-15

7165. Arbitrary File Writing - Unknown Product (CVE-2005-0225) - Low [193]

Description: {'vulners_cve_data_all': 'firehol.sh in FireHOL before 1.224 creates temporary files with predictable file names, which could allow local users to overwrite arbitrary files via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0225 was patched at 2024-05-15

7166. Arbitrary File Writing - Unknown Product (CVE-2005-0990) - Low [193]

Description: {'vulners_cve_data_all': 'unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0990 was patched at 2024-05-15

7167. Arbitrary File Writing - Unknown Product (CVE-2005-1270) - Low [193]

Description: {'vulners_cve_data_all': 'The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1270 was patched at 2024-05-15

7168. Arbitrary File Writing - Unknown Product (CVE-2005-2231) - Low [193]

Description: {'vulners_cve_data_all': 'High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2231 was patched at 2024-05-15

7169. Arbitrary File Writing - Unknown Product (CVE-2005-2353) - Low [193]

Description: {'vulners_cve_data_all': 'run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2353 was patched at 2024-05-15

7170. Arbitrary File Writing - Unknown Product (CVE-2005-2672) - Low [193]

Description: {'vulners_cve_data_all': 'pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2672 was patched at 2024-05-15

7171. Arbitrary File Writing - Unknown Product (CVE-2005-2992) - Low [193]

Description: {'vulners_cve_data_all': 'arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2992 was patched at 2024-05-15

7172. Arbitrary File Writing - Unknown Product (CVE-2005-3069) - Low [193]

Description: {'vulners_cve_data_all': 'xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3069 was patched at 2024-05-15

7173. Arbitrary File Writing - Unknown Product (CVE-2005-3126) - Low [193]

Description: {'vulners_cve_data_all': 'The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3126 was patched at 2024-05-15

7174. Arbitrary File Writing - Unknown Product (CVE-2005-3341) - Low [193]

Description: {'vulners_cve_data_all': 'DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by (1) register-q.sh and (2) register-p.sh.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3341 was patched at 2024-05-15

7175. Arbitrary File Writing - Unknown Product (CVE-2005-3885) - Low [193]

Description: {'vulners_cve_data_all': 'The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3885 was patched at 2024-05-15

7176. Arbitrary File Writing - Unknown Product (CVE-2006-0582) - Low [193]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0582 was patched at 2024-05-15

7177. Arbitrary File Writing - Unknown Product (CVE-2007-6595) - Low [193]

Description: {'vulners_cve_data_all': 'ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6595 was patched at 2024-05-15

7178. Arbitrary File Writing - Unknown Product (CVE-2009-1215) - Low [193]

Description: {'vulners_cve_data_all': 'Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1215 was patched at 2024-05-15

7179. Arbitrary File Writing - Unknown Product (CVE-2010-1160) - Low [193]

Description: {'vulners_cve_data_all': 'GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is being edited by the victim.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1160 was patched at 2024-05-15

7180. Arbitrary File Writing - Unknown Product (CVE-2010-2192) - Low [193]

Description: {'vulners_cve_data_all': 'The make_lockdir_name function in policy.c in pmount 0.9.18 allow local users to overwrite arbitrary files via a symlink attack on a file in /var/lock/.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2192 was patched at 2024-05-15

7181. Arbitrary File Writing - Unknown Product (CVE-2012-5530) - Low [193]

Description: {'vulners_cve_data_all': 'The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5530 was patched at 2024-05-15

7182. Arbitrary File Writing - Unknown Product (CVE-2013-0265) - Low [193]

Description: {'vulners_cve_data_all': 'The redirect_stderr function in xnbd_common.c in xnbd-server and xndb-wrapper in xNBD 0.1.0 allow local users to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0265 was patched at 2024-05-15

7183. Unknown Vulnerability Type - APT (CVE-2007-2379) - Low [192]

Description: {'vulners_cve_data_all': 'The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2379 was patched at 2024-05-15

7184. Unknown Vulnerability Type - APT (CVE-2007-2383) - Low [192]

Description: {'vulners_cve_data_all': 'The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2383 was patched at 2024-05-15

7185. Unknown Vulnerability Type - APT (CVE-2018-8956) - Low [192]

Description: {'vulners_cve_data_all': 'ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote attackers to prevent a broadcast client from synchronizing its clock with a broadcast NTP server via soofed mode 3 and mode 5 packets. The attacker must either be a part of the same broadcast network or control a slave in that broadcast network that can capture certain required packets on the attacker's behalf and send them to the attacker.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-8956 was patched at 2024-05-15

7186. Unknown Vulnerability Type - ASP.NET (CVE-2010-4225) - Low [192]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx (ASP.NET) applications via unknown vectors related to an "unloading bug."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814An open-source, server-side web-application framework designed for web development
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4225 was patched at 2024-05-15

7187. Unknown Vulnerability Type - GNOME desktop (CVE-2008-6792) - Low [192]

Description: {'vulners_cve_data_all': 'system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully conduct brute-force password attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6792 was patched at 2024-05-15

7188. Unknown Vulnerability Type - GNOME desktop (CVE-2013-7221) - Low [192]

Description: {'vulners_cve_data_all': 'The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7221 was patched at 2024-05-15

7189. Unknown Vulnerability Type - GNU C Library (CVE-2019-1010024) - Low [192]

Description: {'vulners_cve_data_all': 'GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010024 was patched at 2024-05-15

7190. Unknown Vulnerability Type - GNU C Library (CVE-2019-1010025) - Low [192]

Description: {'vulners_cve_data_all': 'GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1010025 was patched at 2024-05-15

7191. Unknown Vulnerability Type - Mozilla Firefox (CVE-2006-0296) - Low [192]

Description: {'vulners_cve_data_all': 'The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0296 was patched at 2024-05-15

7192. Unknown Vulnerability Type - Node.js (CVE-2015-8859) - Low [192]

Description: {'vulners_cve_data_all': 'The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8859 was patched at 2024-05-15

7193. Unknown Vulnerability Type - Node.js (CVE-2022-35948) - Low [192]

Description: {'vulners_cve_data_all': 'undici is an HTTP/1.1 client, written from scratch for Node.js.`=< undici@5.8.0` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifically, inside the `content-type` header. Example: ``` import { request } from 'undici' const unsanitizedContentTypeInput = 'application/json\\r\\n\\r\\nGET /foo2 HTTP/1.1' await request('http://localhost:3000, { method: 'GET', headers: { 'content-type': unsanitizedContentTypeInput }, }) ``` The above snippet will perform two requests in a single `request` API call: 1) `http://localhost:3000/` 2) `http://localhost:3000/foo2` This issue was patched in Undici v5.8.1. Sanitize input when sending content-type headers using user input as a workaround.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35948 was patched at 2024-05-15

7194. Unknown Vulnerability Type - Node.js (CVE-2022-36083) - Low [192]

Description: {'vulners_cve_data_all': 'JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named `p2c` PBES2 Count, which determines how many PBKDF2 iterations must be executed in order to derive a CEK wrapping key. The purpose of this parameter is to intentionally slow down the key derivation function in order to make password brute-force and dictionary attacks more expensive. This makes the PBES2 algorithms unsuitable for situations where the JWE is coming from an untrusted source: an adversary can intentionally pick an extremely high PBES2 Count value, that will initiate a CPU-bound computation that may take an unreasonable amount of time to finish. Under certain conditions, it is possible to have the user's environment consume unreasonable amount of CPU time. The impact is limited only to users utilizing the JWE decryption APIs with symmetric secrets to decrypt JWEs from untrusted parties who do not limit the accepted JWE Key Management Algorithms (`alg` Header Parameter) using the `keyManagementAlgorithms` (or `algorithms` in v1.x) decryption option or through other means. The `v1.28.2`, `v2.0.6`, `v3.20.4`, and `v4.9.2` releases limit the maximum PBKDF2 iteration count to `10000` by default. It is possible to adjust this limit with a newly introduced `maxPBES2Count` decryption option. If users are unable to upgrade their required library version, they have two options depending on whether they expect to receive JWEs using any of the three PBKDF2-based JWE key management algorithms. They can use the `keyManagementAlgorithms` decryption option to disable accepting PBKDF2 altogether, or they can inspect the JOSE Header prior to using the decryption API and limit the PBKDF2 iteration count (`p2c` Header Parameter).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-36083 was patched at 2024-05-15

7195. Unknown Vulnerability Type - OpenSSH (CVE-2005-2797) - Low [192]

Description: {'vulners_cve_data_all': 'OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2797 was patched at 2024-05-15

7196. Unknown Vulnerability Type - OpenSSH (CVE-2005-2798) - Low [192]

Description: {'vulners_cve_data_all': 'sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2798 was patched at 2024-05-15

7197. Unknown Vulnerability Type - OpenSSH (CVE-2011-0539) - Low [192]

Description: {'vulners_cve_data_all': 'The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0539 was patched at 2024-05-15

7198. Unknown Vulnerability Type - OpenSSL (CVE-2003-0078) - Low [192]

Description: {'vulners_cve_data_all': 'ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0078 was patched at 2024-05-15

7199. Unknown Vulnerability Type - OpenSSL (CVE-2003-0147) - Low [192]

Description: {'vulners_cve_data_all': 'OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0147 was patched at 2024-05-15

7200. Unknown Vulnerability Type - OpenSSL (CVE-2005-2969) - Low [192]

Description: {'vulners_cve_data_all': 'The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2969 was patched at 2024-05-15

7201. Unknown Vulnerability Type - OpenSSL (CVE-2006-3419) - Low [192]

Description: {'vulners_cve_data_all': 'Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3419 was patched at 2024-05-15

7202. Unknown Vulnerability Type - OpenSSL (CVE-2008-7278) - Low [192]

Description: {'vulners_cve_data_all': 'The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, and 2.3.x before 2.3.0-beta1, does not properly configure the RANDFILE environment variable for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7278 was patched at 2024-05-15

7203. Unknown Vulnerability Type - OpenSSL (CVE-2009-5057) - Low [192]

Description: {'vulners_cve_data_all': 'The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5057 was patched at 2024-05-15

7204. Unknown Vulnerability Type - OpenSSL (CVE-2016-2217) - Low [192]

Description: {'vulners_cve_data_all': 'The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does not use a prime number for the DH, which makes it easier for remote attackers to obtain the shared secret.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2217 was patched at 2024-05-15

7205. Unknown Vulnerability Type - OpenSSL (CVE-2020-7041) - Low [192]

Description: {'vulners_cve_data_all': 'An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7041 was patched at 2024-05-15

7206. Unknown Vulnerability Type - OpenSSL (CVE-2020-7042) - Low [192]

Description: {'vulners_cve_data_all': 'An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7042 was patched at 2024-05-15

7207. Unknown Vulnerability Type - PHP (CVE-2004-1584) - Low [192]

Description: {'vulners_cve_data_all': 'CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1584 was patched at 2024-05-15

7208. Unknown Vulnerability Type - PHP (CVE-2005-0459) - Low [192]

Description: {'vulners_cve_data_all': 'phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0459 was patched at 2024-05-15

7209. Unknown Vulnerability Type - PHP (CVE-2005-0544) - Low [192]

Description: {'vulners_cve_data_all': 'phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0544 was patched at 2024-05-15

7210. Unknown Vulnerability Type - PHP (CVE-2005-2109) - Low [192]

Description: {'vulners_cve_data_all': 'wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2109 was patched at 2024-05-15

7211. Unknown Vulnerability Type - PHP (CVE-2005-3300) - Low [192]

Description: {'vulners_cve_data_all': 'The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3300 was patched at 2024-05-15

7212. Unknown Vulnerability Type - PHP (CVE-2005-3621) - Low [192]

Description: {'vulners_cve_data_all': 'CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3621 was patched at 2024-05-15

7213. Unknown Vulnerability Type - PHP (CVE-2005-3622) - Low [192]

Description: {'vulners_cve_data_all': 'phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3622 was patched at 2024-05-15

7214. Unknown Vulnerability Type - PHP (CVE-2006-0658) - Low [192]

Description: {'vulners_cve_data_all': 'Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0658 was patched at 2024-05-15

7215. Unknown Vulnerability Type - PHP (CVE-2006-2702) - Low [192]

Description: {'vulners_cve_data_all': 'vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2702 was patched at 2024-05-15

7216. Unknown Vulnerability Type - PHP (CVE-2006-5116) - Low [192]

Description: {'vulners_cve_data_all': 'Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5116 was patched at 2024-05-15

7217. Unknown Vulnerability Type - PHP (CVE-2006-6943) - Low [192]

Description: {'vulners_cve_data_all': 'PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full server path via direct requests to (a) scripts/check_lang.php and (b) themes/darkblue_orange/layout.inc.php; and via the (1) lang[], (2) target[], (3) db[], (4) goto[], (5) table[], and (6) tbl_group[] array arguments to (c) index.php, and the (7) back[] argument to (d) sql.php; and an invalid (8) sort_by parameter to (e) server_databases.php and (9) db parameter to (f) db_printview.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6943 was patched at 2024-05-15

7218. Unknown Vulnerability Type - PHP (CVE-2007-3163) - Low [192]

Description: {'vulners_cve_data_all': 'Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue to CVE-2006-0658.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3163 was patched at 2024-05-15

7219. Unknown Vulnerability Type - PHP (CVE-2008-1149) - Low [192]

Description: {'vulners_cve_data_all': 'phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1149 was patched at 2024-05-15

7220. Unknown Vulnerability Type - PHP (CVE-2008-6755) - Low [192]

Description: {'vulners_cve_data_all': 'ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by accessing it through a (1) PHP or (2) CGI script.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6755 was patched at 2024-05-15

7221. Unknown Vulnerability Type - PHP (CVE-2010-5296) - Low [192]

Description: {'vulners_cve_data_all': 'wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-5296 was patched at 2024-05-15

7222. Unknown Vulnerability Type - PHP (CVE-2011-3128) - Low [192]

Description: {'vulners_cve_data_all': 'WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to wp-includes/post.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3128 was patched at 2024-05-15

7223. Unknown Vulnerability Type - PHP (CVE-2011-3265) - Low [192]

Description: {'vulners_cve_data_all': 'popup.php in Zabbix before 1.8.7 allows remote attackers to read the contents of arbitrary database tables via a modified srctbl parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3265 was patched at 2024-05-15

7224. Unknown Vulnerability Type - PHP (CVE-2012-4674) - Low [192]

Description: {'vulners_cve_data_all': 'PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4674 was patched at 2024-05-15

7225. Unknown Vulnerability Type - PHP (CVE-2016-3124) - Low [192]

Description: {'vulners_cve_data_all': 'The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3124 was patched at 2024-05-15

7226. Unknown Vulnerability Type - PHP (CVE-2016-9847) - Low [192]

Description: {'vulners_cve_data_all': 'An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9847 was patched at 2024-05-15

7227. Unknown Vulnerability Type - PHP (CVE-2016-9848) - Low [192]

Description: {'vulners_cve_data_all': 'An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP information including values of HttpOnly cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9848 was patched at 2024-05-15

7228. Unknown Vulnerability Type - PHP (CVE-2016-9851) - Low [192]

Description: {'vulners_cve_data_all': 'An issue was discovered in phpMyAdmin. With a crafted request parameter value it is possible to bypass the logout timeout. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9851 was patched at 2024-05-15

7229. Unknown Vulnerability Type - PHP (CVE-2016-9853) - Low [192]

Description: {'vulners_cve_data_all': 'An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the fopen wrapper issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9853 was patched at 2024-05-15

7230. Unknown Vulnerability Type - PHP (CVE-2016-9854) - Low [192]

Description: {'vulners_cve_data_all': 'An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the json_decode issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9854 was patched at 2024-05-15

7231. Unknown Vulnerability Type - PHP (CVE-2016-9855) - Low [192]

Description: {'vulners_cve_data_all': 'An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the PMA_shutdownDuringExport issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9855 was patched at 2024-05-15

7232. Unknown Vulnerability Type - PHP (CVE-2020-5226) - Low [192]

Description: {'vulners_cve_data_all': 'Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\\Utils\\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency. This new wrapper allows us to use Twig templates in order to create the email sent with an error report. Since Twig provides automatic escaping of variables, manual escaping of the free-text field in www/errorreport.php was removed to avoid double escaping. However, for those not using the new user interface yet, an email template is hardcoded into the class itself in plain PHP. Since no escaping is provided in this template, it is then possible to inject HTML inside the template by manually crafting the contents of the free-text field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5226 was patched at 2024-05-15

7233. Unknown Vulnerability Type - PHP (CVE-2022-24953) - Low [192]

Description: {'vulners_cve_data_all': 'The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24953 was patched at 2024-05-15

7234. Unknown Vulnerability Type - RPC (CVE-2007-1893) - Low [192]

Description: {'vulners_cve_data_all': 'xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1893 was patched at 2024-05-15

7235. Unknown Vulnerability Type - RPC (CVE-2018-1000022) - Low [192]

Description: {'vulners_cve_data_all': 'Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wallet is not password protected. This attack appear to be exploitable via The victim must visit a web page with specially crafted javascript. This vulnerability appears to have been fixed in 3.0.5.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000022 was patched at 2024-05-15

7236. Unknown Vulnerability Type - RPC (CVE-2019-15161) - Low [192]

Description: {'vulners_cve_data_all': 'rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15161 was patched at 2024-05-15

7237. Unknown Vulnerability Type - RPC (CVE-2019-15162) - Low [192]

Description: {'vulners_cve_data_all': 'rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15162 was patched at 2024-05-15

7238. Unknown Vulnerability Type - RPC (CVE-2023-32732) - Low [192]

Description: {'vulners_cve_data_all': 'gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in\xa0 https://github.com/grpc/grpc/pull/32309 https://www.google.com/url \n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Remote Procedure Call Runtime
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-32732 was patched at 2024-05-15

7239. Unknown Vulnerability Type - Samba (CVE-2004-0686) - Low [192]

Description: {'vulners_cve_data_all': 'Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0686 was patched at 2024-05-15

7240. Unknown Vulnerability Type - Webkit (CVE-2015-8079) - Low [192]

Description: {'vulners_cve_data_all': 'qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814WebKit is a browser engine developed by Apple and primarily used in its Safari web browser, as well as all web browsers on iOS and iPadOS
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8079 was patched at 2024-05-15

7241. Unknown Vulnerability Type - WinRAR (CVE-2007-3122) - Low [192]

Description: {'vulners_cve_data_all': 'The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814WinRAR is a trialware file archiver utility for Windows, developed by Eugene Roshal of win.rar GmbH
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3122 was patched at 2024-05-15

7242. Unknown Vulnerability Type - Windows NTFS (CVE-2007-5159) - Low [192]

Description: {'vulners_cve_data_all': 'The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The default file system of the Windows NT family
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5159 was patched at 2024-05-15

7243. Memory Corruption - Git (CVE-2022-2061) - Low [191]

Description: Heap-based Buffer Overflow in GitHub repository hpjansson/chafa prior to 1.12.0.

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.414Git
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2061 was patched at 2024-05-15

7244. Cross Site Scripting - Unknown Product (CVE-2002-1335) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape an HTML tag in a frame, which allows remote attackers to insert arbitrary web script or HTML and access files or cookies.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1335 was patched at 2024-05-15

7245. Cross Site Scripting - Unknown Product (CVE-2002-1388) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1388 was patched at 2024-05-15

7246. Cross Site Scripting - Unknown Product (CVE-2003-0038) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0038 was patched at 2024-05-15

7247. Cross Site Scripting - Unknown Product (CVE-2003-0615) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0615 was patched at 2024-05-15

7248. Cross Site Scripting - Unknown Product (CVE-2003-0992) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0992 was patched at 2024-05-15

7249. Cross Site Scripting - Unknown Product (CVE-2003-1164) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remote attackers to inject arbitrary web script or HTML via the URI, which is injected into the HTML error page.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-1164 was patched at 2024-05-15

7250. Cross Site Scripting - Unknown Product (CVE-2004-1341) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 allows remote attackers to inject arbitrary web script or HTML via the arguments to info2www.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1341 was patched at 2024-05-15

7251. Cross Site Scripting - Unknown Product (CVE-2004-1397) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via an argument to wiki.pl.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1397 was patched at 2024-05-15

7252. Cross Site Scripting - Unknown Product (CVE-2004-1735) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1735 was patched at 2024-05-15

7253. Cross Site Scripting - Unknown Product (CVE-2005-2088) - Low [190]

Description: {'vulners_cve_data_all': 'The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2088 was patched at 2024-05-15

7254. Cross Site Scripting - Unknown Product (CVE-2005-2724) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2724 was patched at 2024-05-15

7255. Cross Site Scripting - Unknown Product (CVE-2005-2803) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via a page name in a Login link, a different vulnerability than CVE-2005-2336.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2803 was patched at 2024-05-15

7256. Cross Site Scripting - Unknown Product (CVE-2005-2860) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2860 was patched at 2024-05-15

7257. Cross Site Scripting - Unknown Product (CVE-2005-3352) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3352 was patched at 2024-05-15

7258. Cross Site Scripting - Unknown Product (CVE-2005-4644) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4644 was patched at 2024-05-15

7259. Cross Site Scripting - Unknown Product (CVE-2006-0985) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0985 was patched at 2024-05-15

7260. Cross Site Scripting - Unknown Product (CVE-2006-1165) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki before 2006-03-05 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors relating to "handling EXIF data."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1165 was patched at 2024-05-15

7261. Cross Site Scripting - Unknown Product (CVE-2006-1263) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1263 was patched at 2024-05-15

7262. Cross Site Scripting - Unknown Product (CVE-2006-2106) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2106 was patched at 2024-05-15

7263. Cross Site Scripting - Unknown Product (CVE-2006-6174) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and 2.1.x before 2.1.4.20061126 allows remote attackers to inject arbitrary web script or HTML via the conf parameter in (1) tdiary.rb and (2) skel/conf.rhtml.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6174 was patched at 2024-05-15

7264. Cross Site Scripting - Unknown Product (CVE-2007-0857) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before 1.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0857 was patched at 2024-05-15

7265. Cross Site Scripting - Unknown Product (CVE-2007-0901) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0901 was patched at 2024-05-15

7266. Cross Site Scripting - Unknown Product (CVE-2007-2524) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, but the proper identifier for the ipsec-tools issue is CVE-2007-1841.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2524 was patched at 2024-05-15

7267. Cross Site Scripting - Unknown Product (CVE-2007-2739) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2739 was patched at 2024-05-15

7268. Cross Site Scripting - Unknown Product (CVE-2007-3227) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3227 was patched at 2024-05-15

7269. Cross Site Scripting - Unknown Product (CVE-2007-3299) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when AllSearchStr (aka the All Search Terms report) is enabled, allows remote attackers to inject arbitrary web script or HTML via a search string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3299 was patched at 2024-05-15

7270. Cross Site Scripting - Unknown Product (CVE-2007-6306) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6306 was patched at 2024-05-15

7271. Cross Site Scripting - Unknown Product (CVE-2008-0780) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through 1.5.8 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the login action.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0780 was patched at 2024-05-15

7272. Cross Site Scripting - Unknown Product (CVE-2008-0781) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) message, (2) pagename, and (3) target filenames.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0781 was patched at 2024-05-15

7273. Cross Site Scripting - Unknown Product (CVE-2008-0808) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki before 1.1.47 allows remote attackers to inject arbitrary web script or HTML via meta tags.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0808 was patched at 2024-05-15

7274. Cross Site Scripting - Unknown Product (CVE-2008-0809) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the htmlscrubber in Ikiwiki before 1.1.46 allows remote attackers to inject arbitrary web script or HTML via title contents.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0809 was patched at 2024-05-15

7275. Cross Site Scripting - Unknown Product (CVE-2008-1098) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1098 was patched at 2024-05-15

7276. Cross Site Scripting - Unknown Product (CVE-2008-1468) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1468 was patched at 2024-05-15

7277. Cross Site Scripting - Unknown Product (CVE-2008-2068) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2068 was patched at 2024-05-15

7278. Cross Site Scripting - Unknown Product (CVE-2008-2236) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in blosxom.cgi in Blosxom before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the flav parameter (flavour variable). NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2236 was patched at 2024-05-15

7279. Cross Site Scripting - Unknown Product (CVE-2008-2302) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2302 was patched at 2024-05-15

7280. Cross Site Scripting - Unknown Product (CVE-2008-3381) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3381 was patched at 2024-05-15

7281. Cross Site Scripting - Unknown Product (CVE-2008-7275) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) before 2.3.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) AgentTicketMailbox or (2) CustomerTicketOverView.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7275 was patched at 2024-05-15

7282. Cross Site Scripting - Unknown Product (CVE-2009-0260) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0260 was patched at 2024-05-15

7283. Cross Site Scripting - Unknown Product (CVE-2009-0312) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the antispam feature (security/antispam.py) in MoinMoin 1.7 and 1.8.1 allows remote attackers to inject arbitrary web script or HTML via crafted, disallowed content.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0312 was patched at 2024-05-15

7284. Cross Site Scripting - Unknown Product (CVE-2009-0934) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0934 was patched at 2024-05-15

7285. Cross Site Scripting - Unknown Product (CVE-2009-1482) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an AttachFile sub-action in the error_msg function or (2) multiple vectors related to package file errors in the upload_form function, different vectors than CVE-2009-0260.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1482 was patched at 2024-05-15

7286. Cross Site Scripting - Unknown Product (CVE-2009-2851) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2851 was patched at 2024-05-15

7287. Cross Site Scripting - Unknown Product (CVE-2009-2937) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2937 was patched at 2024-05-15

7288. Cross Site Scripting - Unknown Product (CVE-2009-2947) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2947 was patched at 2024-05-15

7289. Cross Site Scripting - Unknown Product (CVE-2009-2959) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2959 was patched at 2024-05-15

7290. Cross Site Scripting - Unknown Product (CVE-2009-2967) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, different vulnerabilities than CVE-2009-2959.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2967 was patched at 2024-05-15

7291. Cross Site Scripting - Unknown Product (CVE-2009-3618) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3618 was patched at 2024-05-15

7292. Cross Site Scripting - Unknown Product (CVE-2009-4078) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4078 was patched at 2024-05-15

7293. Cross Site Scripting - Unknown Product (CVE-2009-4214) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the strip_tags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and actionpack/lib/action_controller/vendor/html-scanner/html/node.rb.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4214 was patched at 2024-05-15

7294. Cross Site Scripting - Unknown Product (CVE-2010-0726) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack transmission) plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly related to the (1) plugin_tb_url and (2) plugin_tb_excerpt parameters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0726 was patched at 2024-05-15

7295. Cross Site Scripting - Unknown Product (CVE-2010-0736) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0736 was patched at 2024-05-15

7296. Cross Site Scripting - Unknown Product (CVE-2010-1195) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1195 was patched at 2024-05-15

7297. Cross Site Scripting - Unknown Product (CVE-2010-2273) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, and util/buildscripts/jslib/buildUtil.js, as demonstrated by the (1) dojoUrl and (2) testUrl parameters to util/doh/runner.html.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2273 was patched at 2024-05-15

7298. Cross Site Scripting - Unknown Product (CVE-2010-2275) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/test_Button.html.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2275 was patched at 2024-05-15

7299. Cross Site Scripting - Unknown Product (CVE-2010-2477) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2477 was patched at 2024-05-15

7300. Cross Site Scripting - Unknown Product (CVE-2010-2487) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2487 was patched at 2024-05-15

7301. Cross Site Scripting - Unknown Product (CVE-2010-2969) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2969 was patched at 2024-05-15

7302. Cross Site Scripting - Unknown Product (CVE-2010-2970) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2970 was patched at 2024-05-15

7303. Cross Site Scripting - Unknown Product (CVE-2010-3082) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3082 was patched at 2024-05-15

7304. Cross Site Scripting - Unknown Product (CVE-2010-4524) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by <scr<body>ipt> and </scr<body>ipt> sequences.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4524 was patched at 2024-05-15

7305. Cross Site Scripting - Unknown Product (CVE-2010-4536) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4536 was patched at 2024-05-15

7306. Cross Site Scripting - Unknown Product (CVE-2011-0697) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 might allow remote attackers to inject arbitrary web script or HTML via a filename associated with a file upload.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0697 was patched at 2024-05-15

7307. Cross Site Scripting - Unknown Product (CVE-2011-1518) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.4.x before 2.4.10 and 3.x before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1518 was patched at 2024-05-15

7308. Cross Site Scripting - Unknown Product (CVE-2011-1716) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1716 was patched at 2024-05-15

7309. Cross Site Scripting - Unknown Product (CVE-2011-1841) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1841 was patched at 2024-05-15

7310. Cross Site Scripting - Unknown Product (CVE-2011-2083) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2083 was patched at 2024-05-15

7311. Cross Site Scripting - Unknown Product (CVE-2011-2510) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2510 was patched at 2024-05-15

7312. Cross Site Scripting - Unknown Product (CVE-2011-2770) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in man2html.cgi.c in man2html 1.6, and possibly other version, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to error messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2770 was patched at 2024-05-15

7313. Cross Site Scripting - Unknown Product (CVE-2011-2931) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2931 was patched at 2024-05-15

7314. Cross Site Scripting - Unknown Product (CVE-2011-2932) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a "UTF-8 escaping vulnerability."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2932 was patched at 2024-05-15

7315. Cross Site Scripting - Unknown Product (CVE-2011-3361) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in CGI/Browse.pm in BackupPC 3.2.0 and possibly other versions before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a browse action to index.cgi.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3361 was patched at 2024-05-15

7316. Cross Site Scripting - Unknown Product (CVE-2011-3635) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3635 was patched at 2024-05-15

7317. Cross Site Scripting - Unknown Product (CVE-2011-4170) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4170 was patched at 2024-05-15

7318. Cross Site Scripting - Unknown Product (CVE-2011-4923) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than CVE-2011-3361.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4923 was patched at 2024-05-15

7319. Cross Site Scripting - Unknown Product (CVE-2011-4928) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4928 was patched at 2024-05-15

7320. Cross Site Scripting - Unknown Product (CVE-2011-4956) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4956 was patched at 2024-05-15

7321. Cross Site Scripting - Unknown Product (CVE-2011-5027) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the profiler.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-5027 was patched at 2024-05-15

7322. Cross Site Scripting - Unknown Product (CVE-2011-5081) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to inject arbitrary web script or HTML via the share parameter in a RestoreFile action to index.cgi.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-5081 was patched at 2024-05-15

7323. Cross Site Scripting - Unknown Product (CVE-2012-0220) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin (Plugin/meta.pm) in ikiwiki before 3.20120516 allow remote attackers to inject arbitrary web script or HTML via the (1) author or (2) authorurl meta tags.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0220 was patched at 2024-05-15

7324. Cross Site Scripting - Unknown Product (CVE-2012-0327) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0327 was patched at 2024-05-15

7325. Cross Site Scripting - Unknown Product (CVE-2012-0790) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping 2.4.2, 2.6.6, and other versions before 2.6.7 allows remote attackers to inject arbitrary web script or HTML via the displaymode parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0790 was patched at 2024-05-15

7326. Cross Site Scripting - Unknown Product (CVE-2012-0869) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0869 was patched at 2024-05-15

7327. Cross Site Scripting - Unknown Product (CVE-2012-1098) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1098 was patched at 2024-05-15

7328. Cross Site Scripting - Unknown Product (CVE-2012-1099) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_options_helper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain generation of OPTION elements within SELECT elements.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1099 was patched at 2024-05-15

7329. Cross Site Scripting - Unknown Product (CVE-2012-1293) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to or (2) from parameters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1293 was patched at 2024-05-15

7330. Cross Site Scripting - Unknown Product (CVE-2012-1410) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1410 was patched at 2024-05-15

7331. Cross Site Scripting - Unknown Product (CVE-2012-2094) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2094 was patched at 2024-05-15

7332. Cross Site Scripting - Unknown Product (CVE-2012-2151) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2151 was patched at 2024-05-15

7333. Cross Site Scripting - Unknown Product (CVE-2012-2582) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2582 was patched at 2024-05-15

7334. Cross Site Scripting - Unknown Product (CVE-2012-2768) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2768 was patched at 2024-05-15

7335. Cross Site Scripting - Unknown Product (CVE-2012-2769) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2769 was patched at 2024-05-15

7336. Cross Site Scripting - Unknown Product (CVE-2012-3464) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3464 was patched at 2024-05-15

7337. Cross Site Scripting - Unknown Product (CVE-2012-4533) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4533 was patched at 2024-05-15

7338. Cross Site Scripting - Unknown Product (CVE-2012-4675) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4675 was patched at 2024-05-15

7339. Cross Site Scripting - Unknown Product (CVE-2012-6082) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6082 was patched at 2024-05-15

7340. Cross Site Scripting - Unknown Product (CVE-2012-6620) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6620 was patched at 2024-05-15

7341. Cross Site Scripting - Unknown Product (CVE-2012-6640) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web script or HTML via a crafted SVG image attachment, a different vulnerability than CVE-2012-5565.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6640 was patched at 2024-05-15

7342. Cross Site Scripting - Unknown Product (CVE-2013-0236) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the content of a post.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0236 was patched at 2024-05-15

7343. Cross Site Scripting - Unknown Product (CVE-2013-0237) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0237 was patched at 2024-05-15

7344. Cross Site Scripting - Unknown Product (CVE-2013-0275) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0275 was patched at 2024-05-15

7345. Cross Site Scripting - Unknown Product (CVE-2013-5855) - Low [190]

Description: {'vulners_cve_data_all': 'Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-5855 was patched at 2024-05-15

7346. Cross Site Scripting - Unknown Product (CVE-2013-5943) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in Graphite before 0.9.11 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-5943 was patched at 2024-05-15

7347. Cross Site Scripting - Unknown Product (CVE-2013-6047) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in the site creation interface in ikiwiki-hosting before 0.20131025 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6047 was patched at 2024-05-15

7348. Cross Site Scripting - Unknown Product (CVE-2013-6858) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6858 was patched at 2024-05-15

7349. Cross Site Scripting - Unknown Product (CVE-2014-3207) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3207 was patched at 2024-05-15

7350. Cross Site Scripting - Unknown Product (CVE-2014-4722) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4722 was patched at 2024-05-15

7351. Cross Site Scripting - Unknown Product (CVE-2014-4945) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic (1) mailbox or (2) message view.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4945 was patched at 2024-05-15

7352. Cross Site Scripting - Unknown Product (CVE-2014-4946) - Low [190]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via (1) unspecified flags or (2) a mailbox name in the dynamic mailbox view.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4946 was patched at 2024-05-15

7353. Cross Site Scripting - Unknown Product (CVE-2014-5191) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5191 was patched at 2024-05-15

7354. Cross Site Scripting - Unknown Product (CVE-2014-9032) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9032 was patched at 2024-05-15

7355. Cross Site Scripting - Unknown Product (CVE-2014-9743) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9743 was patched at 2024-05-15

7356. Cross Site Scripting - Unknown Product (CVE-2015-1032) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in Kiwix before 0.9.1, when using kiwix-serve, allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to /search.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1032 was patched at 2024-05-15

7357. Cross Site Scripting - Unknown Product (CVE-2015-2241) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2241 was patched at 2024-05-15

7358. Cross Site Scripting - Unknown Product (CVE-2015-5733) - Low [190]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5733 was patched at 2024-05-15

7359. Cross Site Scripting - Unknown Product (CVE-2022-24918) - Low [190]

Description: {'vulners_cve_data_all': 'An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24918 was patched at 2024-05-15

7360. Cross Site Scripting - Unknown Product (CVE-2024-29203) - Low [190]

Description: {'vulners_cve_data_all': 'TinyMCE is an open source rich text editor. A\xa0cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29203 was patched at 2024-05-15

7361. Cross Site Scripting - Unknown Product (CVE-2024-29881) - Low [190]

Description: {'vulners_cve_data_all': 'TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29881 was patched at 2024-05-15

7362. Unknown Vulnerability Type - Cacti (CVE-2014-4000) - Low [190]

Description: {'vulners_cve_data_all': 'Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4000 was patched at 2024-05-15

7363. Unknown Vulnerability Type - Cacti (CVE-2016-10700) - Low [190]

Description: {'vulners_cve_data_all': 'auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10700 was patched at 2024-05-15

7364. Unknown Vulnerability Type - Cacti (CVE-2017-1000031) - Low [190]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000031 was patched at 2024-05-15

7365. Unknown Vulnerability Type - Cacti (CVE-2024-34340) - Low [190]

Description: {'vulners_cve_data_all': 'Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat_password_verify`. In `compat_password_verify`, `password_verify` is called if there is it, else use `md5`. `password_verify` and `password_hash` are supported on PHP < 5.5.0, following PHP manual. The vulnerability is in `compat_password_verify`. Md5-hashed user input is compared with correct password in database by `$md5 == $hash`. It is a loose comparison, not `===`. It is a type juggling vulnerability. Version 1.2.27 contains a patch for the issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-34340 was patched at 2024-05-15

7366. Unknown Vulnerability Type - GDI (CVE-2012-3513) - Low [190]

Description: {'vulners_cve_data_all': 'munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514GDI
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3513 was patched at 2024-05-15

7367. Unknown Vulnerability Type - Kerberos (CVE-2004-0971) - Low [190]

Description: {'vulners_cve_data_all': 'The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0971 was patched at 2024-05-15

7368. Unknown Vulnerability Type - Kerberos (CVE-2010-4021) - Low [190]

Description: {'vulners_cve_data_all': 'The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common114Kerberos is a protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4021 was patched at 2024-05-15

7369. Unknown Vulnerability Type - TLS (CVE-2019-15699) - Low [190]

Description: {'vulners_cve_data_all': 'An issue was discovered in app-layer-ssl.c in Suricata 4.1.4. Upon receiving a corrupted SSLv3 (TLS 1.2) packet, the parser function TLSDecodeHSHelloExtensions tries to access a memory region that is not allocated, because the expected length of HSHelloExtensions does not match the real length of the HSHelloExtensions part of the packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15699 was patched at 2024-05-15

7370. Unknown Vulnerability Type - TLS (CVE-2020-15133) - Low [190]

Description: {'vulners_cve_data_all': 'In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The `Faye::WebSocket::Client` class uses the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any `wss:` connection made using this library is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to. For further background information on this issue, please see the referenced GitHub Advisory. Upgrading `faye-websocket` to v0.11.0 is recommended.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.910CVSS Base Score is 8.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15133 was patched at 2024-05-15

7371. Unknown Vulnerability Type - TLS (CVE-2020-15134) - Low [190]

Description: {'vulners_cve_data_all': 'Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any `https:` or `wss:` connection made using these libraries is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to. The first request a Faye client makes is always sent via normal HTTP, but later messages may be sent via WebSocket. Therefore it is vulnerable to the same problem that these underlying libraries are, and we needed both libraries to support TLS verification before Faye could claim to do the same. Your client would still be insecure if its initial HTTPS request was verified, but later WebSocket connections were not. This is fixed in Faye v1.4.0, which enables verification by default. For further background information on this issue, please see the referenced GitHub Advisory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.910CVSS Base Score is 8.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15134 was patched at 2024-05-15

7372. Unknown Vulnerability Type - TLS (CVE-2022-23408) - Low [190]

Description: {'vulners_cve_data_all': 'wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections (without AEAD) using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-23408 was patched at 2024-05-15

7373. Unknown Vulnerability Type - TLS (CVE-2023-3724) - Low [190]

Description: {'vulners_cve_data_all': 'If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated, allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers, nor expose private key information, but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1.3 client side users update the version of wolfSSL used.\xa0\n\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-3724 was patched at 2024-05-15

7374. Unknown Vulnerability Type - TRIE (CVE-2018-1098) - Low [190]

Description: {'vulners_cve_data_all': 'A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe (can't PUT from an HTML form or such) but POST allows creating in-order keys that an attacker can send.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1098 was patched at 2024-05-15

7375. Unknown Vulnerability Type - TRIE (CVE-2019-16410) - Low [190]

Description: {'vulners_cve_data_all': 'An issue was discovered in Suricata 4.1.4. By sending multiple fragmented IPv4 packets, the function Defrag4Reassemble in defrag.c tries to access a memory region that is not allocated, because of a lack of header_len checking.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16410 was patched at 2024-05-15

7376. Memory Corruption - Perl (CVE-2024-31142) - Low [189]

Description: Because of a logical error in XSA-407 (Branch Type Confusion), the mitigation is not applied properly when it is intended to be used. XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31142 was patched at 2024-05-15

7377. Unknown Vulnerability Type - BIND (CVE-2007-2925) - Low [188]

Description: {'vulners_cve_data_all': 'The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2925 was patched at 2024-05-15

7378. Unknown Vulnerability Type - BIND (CVE-2009-0164) - Low [188]

Description: {'vulners_cve_data_all': 'The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0164 was patched at 2024-05-15

7379. Unknown Vulnerability Type - BIND (CVE-2018-1099) - Low [188]

Description: {'vulners_cve_data_all': 'DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An attacker can control his DNS records to direct to localhost, and trick the browser into sending requests to localhost (or any other address).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1099 was patched at 2024-05-15

debian: CVE-2018-10992 was patched at 2024-05-15

7380. Unknown Vulnerability Type - ESXi (CVE-2011-2145) - Low [188]

Description: {'vulners_cve_data_all': 'mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a "procedural error."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714VMware ESXi (formerly ESX) is an enterprise-class, type-1 hypervisor developed by VMware for deploying and serving virtual computers
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2145 was patched at 2024-05-15

7381. Unknown Vulnerability Type - FFmpeg (CVE-2016-7122) - Low [188]

Description: {'vulners_cve_data_all': 'The avi_read_nikon function in libavformat/avidec.c in FFmpeg before 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that has a crafted 'nctg' structure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7122 was patched at 2024-05-15

7382. Unknown Vulnerability Type - Kubernetes (CVE-2020-8565) - Low [188]

Description: {'vulners_cve_data_all': 'In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-8565 was patched at 2024-05-15

7383. Unknown Vulnerability Type - MediaWiki (CVE-2008-5252) - Low [188]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in the Special:Import feature in MediaWiki 1.3.0 through 1.6.10, 1.12.x before 1.12.2, and 1.13.x before 1.13.3 allows remote attackers to perform unspecified actions as authenticated users via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5252 was patched at 2024-05-15

7384. Unknown Vulnerability Type - MediaWiki (CVE-2010-1150) - Low [188]

Description: {'vulners_cve_data_all': 'MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to conduct phishing attacks by arranging for a victim to login to the attacker's account and then execute a crafted user script, related to a "login CSRF" issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1150 was patched at 2024-05-15

7385. Unknown Vulnerability Type - MediaWiki (CVE-2011-0003) - Low [188]

Description: {'vulners_cve_data_all': 'MediaWiki before 1.16.1, when user or site JavaScript or CSS is enabled, allows remote attackers to conduct clickjacking attacks via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0003 was patched at 2024-05-15

7386. Unknown Vulnerability Type - MediaWiki (CVE-2017-0363) - Low [188]

Description: {'vulners_cve_data_all': 'Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0363 was patched at 2024-05-15

7387. Unknown Vulnerability Type - MediaWiki (CVE-2017-0364) - Low [188]

Description: {'vulners_cve_data_all': 'Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0364 was patched at 2024-05-15

7388. Unknown Vulnerability Type - MediaWiki (CVE-2020-25815) - Low [188]

Description: {'vulners_cve_data_all': 'An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25815 was patched at 2024-05-15

7389. Unknown Vulnerability Type - iOS (CVE-2018-20681) - Low [188]

Description: {'vulners_cve_data_all': 'mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices (such as additionally attached graphical outputs via HDMI, VGA, DVI, etc.) the content of a screensaver-locked session can be revealed. In some scenarios, the attacker can execute applications, such as by clicking with a mouse.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20681 was patched at 2024-05-15

7390. Unknown Vulnerability Type - iOS (CVE-2019-11690) - Low [188]

Description: {'vulners_cve_data_all': 'gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11690 was patched at 2024-05-15

7391. Unknown Vulnerability Type - GPAC (CVE-2024-0321) - Low [185]

Description: {'vulners_cve_data_all': 'Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-0321 was patched at 2024-05-15

7392. Unknown Vulnerability Type - Git (CVE-2016-10128) - Low [185]

Description: {'vulners_cve_data_all': 'Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10128 was patched at 2024-05-15

7393. Unknown Vulnerability Type - Git (CVE-2022-39237) - Low [185]

Description: {'vulners_cve_data_all': 'syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-39237 was patched at 2024-05-15

7394. Unknown Vulnerability Type - Git (CVE-2024-3817) - Low [185]

Description: {'vulners_cve_data_all': 'HashiCorp’s go-getter library is vulnerable to argument injection when executing Git to discover remote branches. \n\nThis vulnerability does not affect the go-getter/v2 branch and package.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3817 was patched at 2024-05-15

7395. Unknown Vulnerability Type - Linux Kernel (CVE-2020-35501) - Low [185]

Description: {'vulners_cve_data_all': 'A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.310CVSS Base Score is 3.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35501 was patched at 2024-05-15

7396. Unknown Vulnerability Type - Linux Kernel (CVE-2020-36766) - Low [185]

Description: {'vulners_cve_data_all': 'An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36766 was patched at 2024-05-15

7397. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46934) - Low [185]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: validate user data in compat ioctl\n\nWrong user data may cause warning in i2c_transfer(), ex: zero msgs.\nUserspace should not be able to trigger warnings, so this patch adds\nvalidation checks for user data in compact ioctl to prevent reported\nwarnings', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2021-46934 was patched at 2024-06-05

debian: CVE-2021-46934 was patched at 2024-05-15

oraclelinux: CVE-2021-46934 was patched at 2024-06-05

redhat: CVE-2021-46934 was patched at 2024-06-05

7398. Unknown Vulnerability Type - Sudo (CVE-2007-0474) - Low [185]

Description: {'vulners_cve_data_all': 'Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0474 was patched at 2024-05-15

7399. Unknown Vulnerability Type - Windows LDAP (CVE-2013-4477) - Low [185]

Description: {'vulners_cve_data_all': 'The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4477 was patched at 2024-05-15

7400. Denial of Service - Unknown Product (CVE-2000-1226) - Low [184]

Description: {'vulners_cve_data_all': 'Snort 1.6, when running in straight ASCII packet logging mode or IDS mode with straight decoded ASCII packet logging selected, allows remote attackers to cause a denial of service (crash) by sending non-IP protocols that Snort does not know about, as demonstrated by an nmap protocol scan.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2000-1226 was patched at 2024-05-15

7401. Denial of Service - Unknown Product (CVE-2001-1558) - Low [184]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 allows attackers to cause a denial of service (crash).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2001-1558 was patched at 2024-05-15

7402. Denial of Service - Unknown Product (CVE-2002-0914) - Low [184]

Description: {'vulners_cve_data_all': 'Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0914 was patched at 2024-05-15

7403. Denial of Service - Unknown Product (CVE-2002-1049) - Low [184]

Description: {'vulners_cve_data_all': 'Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service (crash) via the TSI data element.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1049 was patched at 2024-05-15

7404. Denial of Service - Unknown Product (CVE-2002-1154) - Low [184]

Description: {'vulners_cve_data_all': 'anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1154 was patched at 2024-05-15

7405. Denial of Service - Unknown Product (CVE-2002-1170) - Low [184]

Description: {'vulners_cve_data_all': 'The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1170 was patched at 2024-05-15

7406. Denial of Service - Unknown Product (CVE-2002-1232) - Low [184]

Description: {'vulners_cve_data_all': 'Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1232 was patched at 2024-05-15

7407. Denial of Service - Unknown Product (CVE-2002-1566) - Low [184]

Description: {'vulners_cve_data_all': 'netris 0.5, and possibly other versions before 0.52, when running with the -w (wait) option, allows remote attackers to cause a denial of service (crash) via a long string to port 9284.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1566 was patched at 2024-05-15

7408. Denial of Service - Unknown Product (CVE-2002-1765) - Low [184]

Description: {'vulners_cve_data_all': 'Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of service (memory consumption and crash) via an email with a malformed MIME header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1765 was patched at 2024-05-15

7409. Denial of Service - Unknown Product (CVE-2002-2097) - Low [184]

Description: {'vulners_cve_data_all': 'The compression code in MaraDNS before 0.9.01 allows remote attackers to cause a denial of service via crafted DNS packets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-2097 was patched at 2024-05-15

7410. Denial of Service - Unknown Product (CVE-2002-2102) - Low [184]

Description: {'vulners_cve_data_all': 'InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to cause a denial of service (NullPointerException) via an invalid block of deflated data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-2102 was patched at 2024-05-15

7411. Denial of Service - Unknown Product (CVE-2003-0032) - Low [184]

Description: {'vulners_cve_data_all': 'Memory leak in libmcrypt before 2.5.5 allows attackers to cause a denial of service (memory exhaustion) via a large number of requests to the application, which causes libmcrypt to dynamically load algorithms via libtool.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0032 was patched at 2024-05-15

7412. Denial of Service - Unknown Product (CVE-2003-0093) - Low [184]

Description: {'vulners_cve_data_all': 'The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0093 was patched at 2024-05-15

7413. Denial of Service - Unknown Product (CVE-2003-0129) - Low [184]

Description: {'vulners_cve_data_all': 'Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0129 was patched at 2024-05-15

7414. Denial of Service - Unknown Product (CVE-2003-0132) - Low [184]

Description: {'vulners_cve_data_all': 'A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0132 was patched at 2024-05-15

7415. Denial of Service - Unknown Product (CVE-2003-0133) - Low [184]

Description: {'vulners_cve_data_all': 'GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0133 was patched at 2024-05-15

7416. Denial of Service - Unknown Product (CVE-2003-0134) - Low [184]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0134 was patched at 2024-05-15

7417. Denial of Service - Unknown Product (CVE-2003-0195) - Low [184]

Description: {'vulners_cve_data_all': 'CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0195 was patched at 2024-05-15

7418. Denial of Service - Unknown Product (CVE-2003-0211) - Low [184]

Description: {'vulners_cve_data_all': 'Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0211 was patched at 2024-05-15

7419. Denial of Service - Unknown Product (CVE-2003-0251) - Low [184]

Description: {'vulners_cve_data_all': 'ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0251 was patched at 2024-05-15

7420. Denial of Service - Unknown Product (CVE-2003-0254) - Low [184]

Description: {'vulners_cve_data_all': 'Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0254 was patched at 2024-05-15

7421. Denial of Service - Unknown Product (CVE-2003-0366) - Low [184]

Description: {'vulners_cve_data_all': 'lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0366 was patched at 2024-05-15

7422. Denial of Service - Unknown Product (CVE-2003-0706) - Low [184]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote attackers to cause a denial of service (tight loop).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0706 was patched at 2024-05-15

7423. Denial of Service - Unknown Product (CVE-2003-0744) - Low [184]

Description: {'vulners_cve_data_all': 'The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote attackers to cause a denial of service (process hang and termination) via certain malformed Usenet news articles that cause fetchnews to hang while waiting for input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0744 was patched at 2024-05-15

7424. Denial of Service - Unknown Product (CVE-2003-0775) - Low [184]

Description: {'vulners_cve_data_all': 'saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0775 was patched at 2024-05-15

7425. Denial of Service - Unknown Product (CVE-2003-0788) - Low [184]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a "busy loop") via certain inputs to the IPP port (TCP 631).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0788 was patched at 2024-05-15

7426. Denial of Service - Unknown Product (CVE-2003-0795) - Low [184]

Description: {'vulners_cve_data_all': 'The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0795 was patched at 2024-05-15

7427. Denial of Service - Unknown Product (CVE-2003-0864) - Low [184]

Description: {'vulners_cve_data_all': 'Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10.3p3 allows remote attackers to cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0864 was patched at 2024-05-15

7428. Denial of Service - Unknown Product (CVE-2003-0967) - Low [184]

Description: {'vulners_cve_data_all': 'rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0967 was patched at 2024-05-15

7429. Denial of Service - Unknown Product (CVE-2003-0991) - Low [184]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0991 was patched at 2024-05-15

7430. Denial of Service - Unknown Product (CVE-2003-1029) - Low [184]

Description: {'vulners_cve_data_all': 'The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-1029 was patched at 2024-05-15

7431. Denial of Service - Unknown Product (CVE-2003-1084) - Low [184]

Description: {'vulners_cve_data_all': 'Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-1084 was patched at 2024-05-15

7432. Denial of Service - Unknown Product (CVE-2004-0055) - Low [184]

Description: {'vulners_cve_data_all': 'The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0055 was patched at 2024-05-15

7433. Denial of Service - Unknown Product (CVE-2004-0057) - Low [184]

Description: {'vulners_cve_data_all': 'The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0057 was patched at 2024-05-15

7434. Denial of Service - Unknown Product (CVE-2004-0111) - Low [184]

Description: {'vulners_cve_data_all': 'gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0111 was patched at 2024-05-15

7435. Denial of Service - Unknown Product (CVE-2004-0113) - Low [184]

Description: {'vulners_cve_data_all': 'Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0113 was patched at 2024-05-15

7436. Denial of Service - Unknown Product (CVE-2004-0183) - Low [184]

Description: {'vulners_cve_data_all': 'TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0183 was patched at 2024-05-15

7437. Denial of Service - Unknown Product (CVE-2004-0270) - Low [184]

Description: {'vulners_cve_data_all': 'libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0270 was patched at 2024-05-15

7438. Denial of Service - Unknown Product (CVE-2004-0558) - Low [184]

Description: {'vulners_cve_data_all': 'The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service (service hang) via a certain UDP packet to the IPP port.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0558 was patched at 2024-05-15

7439. Denial of Service - Unknown Product (CVE-2004-0656) - Low [184]

Description: {'vulners_cve_data_all': 'The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0656 was patched at 2024-05-15

7440. Denial of Service - Unknown Product (CVE-2004-0748) - Low [184]

Description: {'vulners_cve_data_all': 'mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0748 was patched at 2024-05-15

7441. Denial of Service - Unknown Product (CVE-2004-0751) - Low [184]

Description: {'vulners_cve_data_all': 'The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0751 was patched at 2024-05-15

7442. Denial of Service - Unknown Product (CVE-2004-0753) - Low [184]

Description: {'vulners_cve_data_all': 'The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0753 was patched at 2024-05-15

7443. Denial of Service - Unknown Product (CVE-2004-0786) - Low [184]

Description: {'vulners_cve_data_all': 'The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0786 was patched at 2024-05-15

7444. Denial of Service - Unknown Product (CVE-2004-0788) - Low [184]

Description: {'vulners_cve_data_all': 'Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (application crash) via a crafted ICO file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0788 was patched at 2024-05-15

7445. Denial of Service - Unknown Product (CVE-2004-0796) - Low [184]

Description: {'vulners_cve_data_all': 'SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to cause a denial of service via certain malformed messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0796 was patched at 2024-05-15

7446. Denial of Service - Unknown Product (CVE-2004-0809) - Low [184]

Description: {'vulners_cve_data_all': 'The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0809 was patched at 2024-05-15

7447. Denial of Service - Unknown Product (CVE-2004-0832) - Low [184]

Description: {'vulners_cve_data_all': 'The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2.5.6 and earlier, with NTLM authentication enabled, allow remote attackers to cause a denial of service (application crash) via an NTLMSSP packet that causes a negative value to be passed to memcpy.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0832 was patched at 2024-05-15

7448. Denial of Service - Unknown Product (CVE-2004-0886) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0886 was patched at 2024-05-15

7449. Denial of Service - Unknown Product (CVE-2004-0911) - Low [184]

Description: {'vulners_cve_data_all': 'telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service (free of an invalid pointer), a different vulnerability than CVE-2001-0554.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0911 was patched at 2024-05-15

7450. Denial of Service - Unknown Product (CVE-2004-0918) - Low [184]

Description: {'vulners_cve_data_all': 'The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0918 was patched at 2024-05-15

7451. Denial of Service - Unknown Product (CVE-2004-0938) - Low [184]

Description: {'vulners_cve_data_all': 'FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0938 was patched at 2024-05-15

7452. Denial of Service - Unknown Product (CVE-2004-0960) - Low [184]

Description: {'vulners_cve_data_all': 'FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0960 was patched at 2024-05-15

7453. Denial of Service - Unknown Product (CVE-2004-0961) - Low [184]

Description: {'vulners_cve_data_all': 'Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0961 was patched at 2024-05-15

7454. Denial of Service - Unknown Product (CVE-2004-1007) - Low [184]

Description: {'vulners_cve_data_all': 'The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1007 was patched at 2024-05-15

7455. Denial of Service - Unknown Product (CVE-2004-1009) - Low [184]

Description: {'vulners_cve_data_all': 'Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1009 was patched at 2024-05-15

7456. Denial of Service - Unknown Product (CVE-2004-1014) - Low [184]

Description: {'vulners_cve_data_all': 'statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1014 was patched at 2024-05-15

7457. Denial of Service - Unknown Product (CVE-2004-1090) - Low [184]

Description: {'vulners_cve_data_all': 'Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1090 was patched at 2024-05-15

7458. Denial of Service - Unknown Product (CVE-2004-1091) - Low [184]

Description: {'vulners_cve_data_all': 'Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1091 was patched at 2024-05-15

7459. Denial of Service - Unknown Product (CVE-2004-1092) - Low [184]

Description: {'vulners_cve_data_all': 'Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1092 was patched at 2024-05-15

7460. Denial of Service - Unknown Product (CVE-2004-1093) - Low [184]

Description: {'vulners_cve_data_all': 'Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1093 was patched at 2024-05-15

7461. Denial of Service - Unknown Product (CVE-2004-1174) - Low [184]

Description: {'vulners_cve_data_all': 'direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1174 was patched at 2024-05-15

7462. Denial of Service - Unknown Product (CVE-2004-1180) - Low [184]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1180 was patched at 2024-05-15

7463. Denial of Service - Unknown Product (CVE-2004-1186) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1186 was patched at 2024-05-15

7464. Denial of Service - Unknown Product (CVE-2004-1617) - Low [184]

Description: {'vulners_cve_data_all': 'Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1617 was patched at 2024-05-15

7465. Denial of Service - Unknown Product (CVE-2004-1897) - Low [184]

Description: {'vulners_cve_data_all': 'Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service (segmentation fault) by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1897 was patched at 2024-05-15

7466. Denial of Service - Unknown Product (CVE-2004-2027) - Low [184]

Description: {'vulners_cve_data_all': 'Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a long Basic Authorization header that triggers an out-of-bounds read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2027 was patched at 2024-05-15

7467. Denial of Service - Unknown Product (CVE-2004-2259) - Low [184]

Description: {'vulners_cve_data_all': 'vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2259 was patched at 2024-05-15

7468. Denial of Service - Unknown Product (CVE-2004-2460) - Low [184]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service (application crash) via an "infinite" Unique IDentification Listing (UIDL) list.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2460 was patched at 2024-05-15

7469. Denial of Service - Unknown Product (CVE-2004-2654) - Low [184]

Description: {'vulners_cve_data_all': 'The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2654 was patched at 2024-05-15

7470. Denial of Service - Unknown Product (CVE-2005-0038) - Low [184]

Description: {'vulners_cve_data_all': 'The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0038 was patched at 2024-05-15

7471. Denial of Service - Unknown Product (CVE-2005-0079) - Low [184]

Description: {'vulners_cve_data_all': 'Buffer overflow in xtrlock 2.0 allows local users to cause a denial of service (application crash) and hijack the desktop session.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0079 was patched at 2024-05-15

7472. Denial of Service - Unknown Product (CVE-2005-0094) - Low [184]

Description: {'vulners_cve_data_all': 'Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0094 was patched at 2024-05-15

7473. Denial of Service - Unknown Product (CVE-2005-0095) - Low [184]

Description: {'vulners_cve_data_all': 'The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0095 was patched at 2024-05-15

7474. Denial of Service - Unknown Product (CVE-2005-0096) - Low [184]

Description: {'vulners_cve_data_all': 'Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0096 was patched at 2024-05-15

7475. Denial of Service - Unknown Product (CVE-2005-0097) - Low [184]

Description: {'vulners_cve_data_all': 'The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0097 was patched at 2024-05-15

7476. Denial of Service - Unknown Product (CVE-2005-0108) - Low [184]

Description: {'vulners_cve_data_all': 'Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0108 was patched at 2024-05-15

7477. Denial of Service - Unknown Product (CVE-2005-0133) - Low [184]

Description: {'vulners_cve_data_all': 'ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0133 was patched at 2024-05-15

7478. Denial of Service - Unknown Product (CVE-2005-0428) - Low [184]

Description: {'vulners_cve_data_all': 'The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0428 was patched at 2024-05-15

7479. Denial of Service - Unknown Product (CVE-2005-0446) - Low [184]

Description: {'vulners_cve_data_all': 'Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0446 was patched at 2024-05-15

7480. Denial of Service - Unknown Product (CVE-2005-0718) - Low [184]

Description: {'vulners_cve_data_all': 'Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0718 was patched at 2024-05-15

7481. Denial of Service - Unknown Product (CVE-2005-0806) - Low [184]

Description: {'vulners_cve_data_all': 'Evolution 2.0.3 allows remote attackers to cause a denial of service (application crash or hang) via crafted messages, possibly involving charsets in attachment filenames.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0806 was patched at 2024-05-15

7482. Denial of Service - Unknown Product (CVE-2005-0814) - Low [184]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 allows remote attackers to cause a denial of service via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0814 was patched at 2024-05-15

7483. Denial of Service - Unknown Product (CVE-2005-1061) - Low [184]

Description: {'vulners_cve_data_all': 'The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1061 was patched at 2024-05-15

7484. Denial of Service - Unknown Product (CVE-2005-1260) - Low [184]

Description: {'vulners_cve_data_all': 'bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1260 was patched at 2024-05-15

7485. Denial of Service - Unknown Product (CVE-2005-1266) - Low [184]

Description: {'vulners_cve_data_all': 'Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1266 was patched at 2024-05-15

7486. Denial of Service - Unknown Product (CVE-2005-1268) - Low [184]

Description: {'vulners_cve_data_all': 'Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1268 was patched at 2024-05-15

7487. Denial of Service - Unknown Product (CVE-2005-1278) - Low [184]

Description: {'vulners_cve_data_all': 'The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1278 was patched at 2024-05-15

7488. Denial of Service - Unknown Product (CVE-2005-1280) - Low [184]

Description: {'vulners_cve_data_all': 'The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1280 was patched at 2024-05-15

7489. Denial of Service - Unknown Product (CVE-2005-1453) - Low [184]

Description: {'vulners_cve_data_all': 'fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body, which also prevents fetchnews from querying other servers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1453 was patched at 2024-05-15

7490. Denial of Service - Unknown Product (CVE-2005-1522) - Low [184]

Description: {'vulners_cve_data_all': 'The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1522 was patched at 2024-05-15

7491. Denial of Service - Unknown Product (CVE-2005-1849) - Low [184]

Description: {'vulners_cve_data_all': 'inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1849 was patched at 2024-05-15

7492. Denial of Service - Unknown Product (CVE-2005-1911) - Low [184]

Description: {'vulners_cve_data_all': 'The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang while waiting for input that never arrives, which allows remote NNTP servers to cause a denial of service (news loss).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1911 was patched at 2024-05-15

7493. Denial of Service - Unknown Product (CVE-2005-1922) - Low [184]

Description: {'vulners_cve_data_all': 'The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1922 was patched at 2024-05-15

7494. Denial of Service - Unknown Product (CVE-2005-2024) - Low [184]

Description: {'vulners_cve_data_all': 'Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers to cause a denial of service via (1) certain "unusual HTML messages" or (2) "certain malformed headers" such as Content-Type.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2024 was patched at 2024-05-15

7495. Denial of Service - Unknown Product (CVE-2005-2070) - Low [184]

Description: {'vulners_cve_data_all': 'The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2070 was patched at 2024-05-15

7496. Denial of Service - Unknown Product (CVE-2005-2177) - Low [184]

Description: {'vulners_cve_data_all': 'Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a TCP packet of length 1, which triggers an infinite loop.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2177 was patched at 2024-05-15

7497. Denial of Service - Unknown Product (CVE-2005-2295) - Low [184]

Description: {'vulners_cve_data_all': 'NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (infinite loop) via a packet with a zero datablock size.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2295 was patched at 2024-05-15

7498. Denial of Service - Unknown Product (CVE-2005-2452) - Low [184]

Description: {'vulners_cve_data_all': 'libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2452 was patched at 2024-05-15

7499. Denial of Service - Unknown Product (CVE-2005-2728) - Low [184]

Description: {'vulners_cve_data_all': 'The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2728 was patched at 2024-05-15

7500. Denial of Service - Unknown Product (CVE-2005-2794) - Low [184]

Description: {'vulners_cve_data_all': 'store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2794 was patched at 2024-05-15

7501. Denial of Service - Unknown Product (CVE-2005-2796) - Low [184]

Description: {'vulners_cve_data_all': 'The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2796 was patched at 2024-05-15

7502. Denial of Service - Unknown Product (CVE-2005-2874) - Low [184]

Description: {'vulners_cve_data_all': 'The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\\.." URL in an HTTP request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2874 was patched at 2024-05-15

7503. Denial of Service - Unknown Product (CVE-2005-2919) - Low [184]

Description: {'vulners_cve_data_all': 'libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to cause a denial of service (infinite loop) via a crafted FSG packed executable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2919 was patched at 2024-05-15

7504. Denial of Service - Unknown Product (CVE-2005-2970) - Low [184]

Description: {'vulners_cve_data_all': 'Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2970 was patched at 2024-05-15

7505. Denial of Service - Unknown Product (CVE-2005-3409) - Low [184]

Description: {'vulners_cve_data_all': 'OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3409 was patched at 2024-05-15

7506. Denial of Service - Unknown Product (CVE-2005-3500) - Low [184]

Description: {'vulners_cve_data_all': 'The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3500 was patched at 2024-05-15

7507. Denial of Service - Unknown Product (CVE-2005-3626) - Low [184]

Description: {'vulners_cve_data_all': 'Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3626 was patched at 2024-05-15

7508. Denial of Service - Unknown Product (CVE-2005-4584) - Low [184]

Description: {'vulners_cve_data_all': 'BZFlag server 2.0.4 and earlier allows remote attackers to cause a denial of service (application crash) via a callsign that is not followed by a NULL (\\0) character.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4584 was patched at 2024-05-15

7509. Denial of Service - Unknown Product (CVE-2005-4676) - Low [184]

Description: {'vulners_cve_data_all': 'Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4676 was patched at 2024-05-15

7510. Denial of Service - Unknown Product (CVE-2005-4713) - Low [184]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors, probably involving the pam_mysql_sql_log function when being used in vsftpd, which does not include the IP address argument to an sprintf call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4713 was patched at 2024-05-15

7511. Denial of Service - Unknown Product (CVE-2006-0042) - Low [184]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers to cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0042 was patched at 2024-05-15

7512. Denial of Service - Unknown Product (CVE-2006-0047) - Low [184]

Description: {'vulners_cve_data_all': 'packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service (server crash) via crafted packets with negative compressed size values.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0047 was patched at 2024-05-15

7513. Denial of Service - Unknown Product (CVE-2006-0048) - Low [184]

Description: {'vulners_cve_data_all': 'Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a denial of service (segmentation fault) via certain fragmented packets, possibly involving invalid headers and an attacker-controlled payload length. NOTE: this issue might be a buffer overflow or overread.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0048 was patched at 2024-05-15

7514. Denial of Service - Unknown Product (CVE-2006-0300) - Low [184]

Description: {'vulners_cve_data_all': 'Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0300 was patched at 2024-05-15

7515. Denial of Service - Unknown Product (CVE-2006-0321) - Low [184]

Description: {'vulners_cve_data_all': 'fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0321 was patched at 2024-05-15

7516. Denial of Service - Unknown Product (CVE-2006-0405) - Low [184]

Description: {'vulners_cve_data_all': 'The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0405 was patched at 2024-05-15

7517. Denial of Service - Unknown Product (CVE-2006-0467) - Low [184]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Pioneers (formerly gnocatan) before 0.9.49 allows remote attackers to cause a denial of service (application crash) via long chat messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0467 was patched at 2024-05-15

7518. Denial of Service - Unknown Product (CVE-2006-0730) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0730 was patched at 2024-05-15

7519. Denial of Service - Unknown Product (CVE-2006-0747) - Low [184]

Description: {'vulners_cve_data_all': 'Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0747 was patched at 2024-05-15

7520. Denial of Service - Unknown Product (CVE-2006-1046) - Low [184]

Description: {'vulners_cve_data_all': 'server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a string containing a large number of characters that are escaped when Monopd produces XML output.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1046 was patched at 2024-05-15

7521. Denial of Service - Unknown Product (CVE-2006-1173) - Low [184]

Description: {'vulners_cve_data_all': 'Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1173 was patched at 2024-05-15

7522. Denial of Service - Unknown Product (CVE-2006-1206) - Low [184]

Description: {'vulners_cve_data_all': 'Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service (connection slot exhaustion) via a large number of connection attempts that exceeds the MAX_UNAUTH_CLIENTS defined value of 30.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1206 was patched at 2024-05-15

7523. Denial of Service - Unknown Product (CVE-2006-1329) - Low [184]

Description: {'vulners_cve_data_all': 'The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service ("c2s segfault") by sending a "response stanza before an auth stanza".', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1329 was patched at 2024-05-15

7524. Denial of Service - Unknown Product (CVE-2006-1630) - Low [184]

Description: {'vulners_cve_data_all': 'The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1630 was patched at 2024-05-15

7525. Denial of Service - Unknown Product (CVE-2006-2017) - Low [184]

Description: {'vulners_cve_data_all': 'Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2017 was patched at 2024-05-15

7526. Denial of Service - Unknown Product (CVE-2006-2069) - Low [184]

Description: {'vulners_cve_data_all': 'The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2069 was patched at 2024-05-15

7527. Denial of Service - Unknown Product (CVE-2006-2230) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2230 was patched at 2024-05-15

7528. Denial of Service - Unknown Product (CVE-2006-2276) - Low [184]

Description: {'vulners_cve_data_all': 'bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2276 was patched at 2024-05-15

7529. Denial of Service - Unknown Product (CVE-2006-2413) - Low [184]

Description: {'vulners_cve_data_all': 'GNUnet before SVN revision 2781 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an empty UDP datagram, possibly involving FIONREAD errors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2413 was patched at 2024-05-15

7530. Denial of Service - Unknown Product (CVE-2006-2441) - Low [184]

Description: {'vulners_cve_data_all': 'Pioneers meta-server before 0.9.55, when the server-console is not installed, allows remote attackers to cause a denial of service (crash) via certain requests from an older gnocatan client to create a new game.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2441 was patched at 2024-05-15

7531. Denial of Service - Unknown Product (CVE-2006-2575) - Low [184]

Description: {'vulners_cve_data_all': 'The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (crash) via a client flag (frameNum) that is greater than 41, which triggers an assert error.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2575 was patched at 2024-05-15

7532. Denial of Service - Unknown Product (CVE-2006-2661) - Low [184]

Description: {'vulners_cve_data_all': 'ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2661 was patched at 2024-05-15

7533. Denial of Service - Unknown Product (CVE-2006-2906) - Low [184]

Description: {'vulners_cve_data_all': 'The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2906 was patched at 2024-05-15

7534. Denial of Service - Unknown Product (CVE-2006-3082) - Low [184]

Description: {'vulners_cve_data_all': 'parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long user ID string), which could lead to an integer overflow, as demonstrated using the --no-armor option.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3082 was patched at 2024-05-15

7535. Denial of Service - Unknown Product (CVE-2006-3121) - Low [184]

Description: {'vulners_cve_data_all': 'The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3121 was patched at 2024-05-15

7536. Denial of Service - Unknown Product (CVE-2006-3379) - Low [184]

Description: {'vulners_cve_data_all': 'Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3379 was patched at 2024-05-15

7537. Denial of Service - Unknown Product (CVE-2006-3408) - Low [184]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the directory server (dirserver) in Tor before 0.1.1.20 allows remote attackers to cause an unspecified denial of service via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3408 was patched at 2024-05-15

7538. Denial of Service - Unknown Product (CVE-2006-3416) - Low [184]

Description: {'vulners_cve_data_all': 'Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded. NOTE: while this item is listed under the "Security fixes" section of the developer changelog, the developer clarified on 20060707 that this is only a self-DoS. Therefore this issue should not be included in CVE', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3416 was patched at 2024-05-15

7539. Denial of Service - Unknown Product (CVE-2006-3746) - Low [184]

Description: {'vulners_cve_data_all': 'Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3746 was patched at 2024-05-15

7540. Denial of Service - Unknown Product (CVE-2006-3804) - Low [184]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3804 was patched at 2024-05-15

7541. Denial of Service - Unknown Product (CVE-2006-4005) - Low [184]

Description: {'vulners_cve_data_all': 'BomberClone 0.11.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) a certain malformed PKGF_ackreq packet, which triggers a crash in the rscache_add() function in pkgcache.c; and (2) an error packet, which is intended to be received by clients and force client shutdown, but also triggers server shutdown.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4005 was patched at 2024-05-15

7542. Denial of Service - Unknown Product (CVE-2006-4089) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4089 was patched at 2024-05-15

7543. Denial of Service - Unknown Product (CVE-2006-4252) - Low [184]

Description: {'vulners_cve_data_all': 'PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4252 was patched at 2024-05-15

7544. Denial of Service - Unknown Product (CVE-2006-5111) - Low [184]

Description: {'vulners_cve_data_all': 'The libksba library 0.9.12 and possibly other versions, as used by gpgsm in the newpg package on SUSE LINUX, allows attackers to cause a denial of service (application crash) via a malformed X.509 certificate in a signature.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5111 was patched at 2024-05-15

7545. Denial of Service - Unknown Product (CVE-2006-5295) - Low [184]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5295 was patched at 2024-05-15

7546. Denial of Service - Unknown Product (CVE-2006-5874) - Low [184]

Description: {'vulners_cve_data_all': 'Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5874 was patched at 2024-05-15

7547. Denial of Service - Unknown Product (CVE-2006-5973) - Low [184]

Description: {'vulners_cve_data_all': 'Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5973 was patched at 2024-05-15

7548. Denial of Service - Unknown Product (CVE-2006-6481) - Low [184]

Description: {'vulners_cve_data_all': 'Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6481 was patched at 2024-05-15

7549. Denial of Service - Unknown Product (CVE-2006-6609) - Low [184]

Description: {'vulners_cve_data_all': 'Nexuiz before 2.2.1 allows remote attackers to cause a denial of service (resource exhaustion or crash) via unspecified vectors related to "fake players." NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6609 was patched at 2024-05-15

7550. Denial of Service - Unknown Product (CVE-2006-6719) - Low [184]

Description: {'vulners_cve_data_all': 'The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6719 was patched at 2024-05-15

7551. Denial of Service - Unknown Product (CVE-2006-6870) - Low [184]

Description: {'vulners_cve_data_all': 'The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6870 was patched at 2024-05-15

7552. Denial of Service - Unknown Product (CVE-2006-6931) - Low [184]

Description: {'vulners_cve_data_all': 'Algorithmic complexity vulnerability in Snort before 2.6.1, during predicate evaluation in rule matching for certain rules, allows remote attackers to cause a denial of service (CPU consumption and detection outage) via crafted network traffic, aka a "backtracking attack."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6931 was patched at 2024-05-15

7553. Denial of Service - Unknown Product (CVE-2006-7221) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the (1) name and (2) d_name entry attributes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-7221 was patched at 2024-05-15

7554. Denial of Service - Unknown Product (CVE-2007-0247) - Low [184]

Description: {'vulners_cve_data_all': 'squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0247 was patched at 2024-05-15

7555. Denial of Service - Unknown Product (CVE-2007-0248) - Low [184]

Description: {'vulners_cve_data_all': 'The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0248 was patched at 2024-05-15

7556. Denial of Service - Unknown Product (CVE-2007-0540) - Low [184]

Description: {'vulners_cve_data_all': 'WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0540 was patched at 2024-05-15

7557. Denial of Service - Unknown Product (CVE-2007-1545) - Low [184]

Description: {'vulners_cve_data_all': 'The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1545 was patched at 2024-05-15

7558. Denial of Service - Unknown Product (CVE-2007-1546) - Low [184]

Description: {'vulners_cve_data_all': 'Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs function in server/dia/auutil.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1546 was patched at 2024-05-15

7559. Denial of Service - Unknown Product (CVE-2007-1869) - Low [184]

Description: {'vulners_cve_data_all': 'lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1869 was patched at 2024-05-15

7560. Denial of Service - Unknown Product (CVE-2007-1958) - Low [184]

Description: {'vulners_cve_data_all': 'Buffer overflow in TinyMUX before 2.4 allows attackers to cause a denial of service via unspecified vectors related to "too many substring matches in a regexp $-command." NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1958 was patched at 2024-05-15

7561. Denial of Service - Unknown Product (CVE-2007-3114) - Low [184]

Description: {'vulners_cve_data_all': 'Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and 1.3.x before 1.3.03, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, a different set of affected versions than CVE-2007-3115 and CVE-2007-3116.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3114 was patched at 2024-05-15

7562. Denial of Service - Unknown Product (CVE-2007-3116) - Low [184]

Description: {'vulners_cve_data_all': 'Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, a different set of affected versions than CVE-2007-3114 and CVE-2007-3115.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3116 was patched at 2024-05-15

7563. Denial of Service - Unknown Product (CVE-2007-3123) - Low [184]

Description: {'vulners_cve_data_all': 'unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3123 was patched at 2024-05-15

7564. Denial of Service - Unknown Product (CVE-2007-3303) - Low [184]

Description: {'vulners_cve_data_all': 'Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes. NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3303 was patched at 2024-05-15

7565. Denial of Service - Unknown Product (CVE-2007-3477) - Low [184]

Description: {'vulners_cve_data_all': 'The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3477 was patched at 2024-05-15

7566. Denial of Service - Unknown Product (CVE-2007-4045) - Low [184]

Description: {'vulners_cve_data_all': 'The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4045 was patched at 2024-05-15

7567. Denial of Service - Unknown Product (CVE-2007-4626) - Low [184]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Polipo before 1.0.2 allows remote attackers to cause a denial of service (daemon crash) via certain network traffic associated with entities larger than 2 Gb.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4626 was patched at 2024-05-15

7568. Denial of Service - Unknown Product (CVE-2007-4755) - Low [184]

Description: {'vulners_cve_data_all': 'Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (client disconnect) by sending a client_connect command in a forged packet from the server to a client. NOTE: client IP addresses are available via product-specific queries.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4755 was patched at 2024-05-15

7569. Denial of Service - Unknown Product (CVE-2007-5029) - Low [184]

Description: {'vulners_cve_data_all': 'Dibbler 0.6.0 does not verify that certain length parameters are appropriate for buffer sizes, which allows remote attackers to trigger a buffer over-read and cause a denial of service (daemon crash), as demonstrated by incorrect behavior of the TSrvMsg constructor in SrvMessages/SrvMsg.cpp when (1) reading the option code and option length and (2) parsing options.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5029 was patched at 2024-05-15

7570. Denial of Service - Unknown Product (CVE-2007-5030) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to cause a denial of service (daemon crash) via packets containing options with large lengths, which trigger attempts at excessive memory allocation, as demonstrated by (1) the TSrvMsg constructor in SrvMessages/SrvMsg.cpp; the (2) TClntMsg, (3) TClntOptIAAddress, (4) TClntOptIAPrefix, (5) TOptVendorSpecInfo, and (6) TOptOptionRequest constructors; and the (7) TRelIfaceMgr::decodeRelayRepl, (8) TRelMsg::decodeOpts, and (9) TSrvIfaceMgr::decodeRelayForw methods.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5030 was patched at 2024-05-15

7571. Denial of Service - Unknown Product (CVE-2007-5226) - Low [184]

Description: {'vulners_cve_data_all': 'irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via an ACTION command without a parameter, which triggers a NULL pointer dereference, as demonstrated using a blank /me message from irssi.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5226 was patched at 2024-05-15

7572. Denial of Service - Unknown Product (CVE-2007-6061) - Low [184]

Description: {'vulners_cve_data_all': 'Audacity 1.3.2 creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service (recording deadlock) by creating the directory before Audacity is run. NOTE: this issue can be leveraged to delete arbitrary files or directories via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6061 was patched at 2024-05-15

7573. Denial of Service - Unknown Product (CVE-2007-6062) - Low [184]

Description: {'vulners_cve_data_all': 'irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6062 was patched at 2024-05-15

7574. Denial of Service - Unknown Product (CVE-2007-6220) - Low [184]

Description: {'vulners_cve_data_all': 'typespeed before 0.6.4 allows remote attackers to cause a denial of service (application crash) via unspecified network behavior that triggers a divide-by-zero error.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6220 was patched at 2024-05-15

7575. Denial of Service - Unknown Product (CVE-2007-6356) - Low [184]

Description: {'vulners_cve_data_all': 'exiftags before 1.01 allows attackers to cause a denial of service (infinite loop) via recursive IFD references in the EXIF data in a JPEG image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6356 was patched at 2024-05-15

7576. Denial of Service - Unknown Product (CVE-2007-6437) - Low [184]

Description: {'vulners_cve_data_all': 'Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows remote attackers to cause a denial of service (crash) via a message with a timestamp that does not contain a trailing space, which triggers a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6437 was patched at 2024-05-15

7577. Denial of Service - Unknown Product (CVE-2007-6562) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in the use of FD_SET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the (1) SocketAddress::Connect function in libsolve/sockprot.cpp and (2) monitor_bridge function in src/bridge.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6562 was patched at 2024-05-15

7578. Denial of Service - Unknown Product (CVE-2007-6684) - Low [184]

Description: {'vulners_cve_data_all': 'The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to cause a denial of service (crash) via a request without a Transport parameter, which triggers a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6684 was patched at 2024-05-15

7579. Denial of Service - Unknown Product (CVE-2008-0061) - Low [184]

Description: {'vulners_cve_data_all': 'MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name (CNAME) record from resolving, aka "improper rotation of resource records."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0061 was patched at 2024-05-15

7580. Denial of Service - Unknown Product (CVE-2008-0285) - Low [184]

Description: {'vulners_cve_data_all': 'ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows remote attackers to cause a denial of service (crash) via crafted IRC PART message, which triggers an invalid dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0285 was patched at 2024-05-15

7581. Denial of Service - Unknown Product (CVE-2008-0672) - Low [184]

Description: {'vulners_cve_data_all': 'The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to cause a denial of service (application crash) via a YES message without a newline character, which triggers a NULL dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0672 was patched at 2024-05-15

7582. Denial of Service - Unknown Product (CVE-2008-1648) - Low [184]

Description: {'vulners_cve_data_all': 'Sympa before 5.4 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1648 was patched at 2024-05-15

7583. Denial of Service - Unknown Product (CVE-2008-1925) - Low [184]

Description: {'vulners_cve_data_all': 'Buffer overflow in InspIRCd before 1.1.18, when using the namesx and uhnames modules, allows remote attackers to cause a denial of service (daemon crash) via a large number of channel users with crafted nicknames, idents, and long hostnames.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1925 was patched at 2024-05-15

7584. Denial of Service - Unknown Product (CVE-2008-2382) - Low [184]

Description: {'vulners_cve_data_all': 'The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2382 was patched at 2024-05-15

7585. Denial of Service - Unknown Product (CVE-2008-2956) - Low [184]

Description: {'vulners_cve_data_all': 'Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents. NOTE: this issue has been disputed by the upstream vendor, who states: "I was never able to identify a scenario under which a problem occurred and the original reporter wasn't able to supply any sort of reproduction details."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2956 was patched at 2024-05-15

7586. Denial of Service - Unknown Product (CVE-2008-3134) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3134 was patched at 2024-05-15

7587. Denial of Service - Unknown Product (CVE-2008-4298) - Low [184]

Description: {'vulners_cve_data_all': 'Memory leak in the http_request_parse function in request.c in lighttpd before 1.4.20 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests with duplicate request headers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4298 was patched at 2024-05-15

7588. Denial of Service - Unknown Product (CVE-2008-4551) - Low [184]

Description: {'vulners_cve_data_all': 'strongSwan 4.2.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via an IKE_SA_INIT message with a large number of NULL values in a Key Exchange payload, which triggers a NULL pointer dereference for the return value of the mpz_export function in the GNU Multiprecision Library (GMP).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4551 was patched at 2024-05-15

7589. Denial of Service - Unknown Product (CVE-2008-4575) - Low [184]

Description: {'vulners_cve_data_all': 'Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4575 was patched at 2024-05-15

7590. Denial of Service - Unknown Product (CVE-2008-4610) - Low [184]

Description: {'vulners_cve_data_all': 'MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4610 was patched at 2024-05-15

7591. Denial of Service - Unknown Product (CVE-2008-5006) - Low [184]

Description: {'vulners_cve_data_all': 'smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5006 was patched at 2024-05-15

7592. Denial of Service - Unknown Product (CVE-2008-5618) - Low [184]

Description: {'vulners_cve_data_all': 'imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of spurious messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5618 was patched at 2024-05-15

7593. Denial of Service - Unknown Product (CVE-2008-6072) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allow remote attackers to cause a denial of service (crash) via unspecified vectors in (1) XCF and (2) CINEON images.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6072 was patched at 2024-05-15

7594. Denial of Service - Unknown Product (CVE-2008-6680) - Low [184]

Description: {'vulners_cve_data_all': 'libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6680 was patched at 2024-05-15

7595. Denial of Service - Unknown Product (CVE-2008-6845) - Low [184]

Description: {'vulners_cve_data_all': 'The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6845 was patched at 2024-05-15

7596. Denial of Service - Unknown Product (CVE-2008-7191) - Low [184]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Polipo before 1.0.4 allows remote attackers to cause a denial of service (crash) via a long request URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7191 was patched at 2024-05-15

7597. Denial of Service - Unknown Product (CVE-2009-0755) - Low [184]

Description: {'vulners_cve_data_all': 'The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0755 was patched at 2024-05-15

7598. Denial of Service - Unknown Product (CVE-2009-0936) - Low [184]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to cause a denial of service (infinite loop) via "corrupt votes."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0936 was patched at 2024-05-15

7599. Denial of Service - Unknown Product (CVE-2009-0937) - Low [184]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0937 was patched at 2024-05-15

7600. Denial of Service - Unknown Product (CVE-2009-0938) - Low [184]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service (exit node crash) via "malformed input."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0938 was patched at 2024-05-15

7601. Denial of Service - Unknown Product (CVE-2009-1045) - Low [184]

Description: {'vulners_cve_data_all': 'requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1045 was patched at 2024-05-15

7602. Denial of Service - Unknown Product (CVE-2009-1284) - Low [184]

Description: {'vulners_cve_data_all': 'Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1284 was patched at 2024-05-15

7603. Denial of Service - Unknown Product (CVE-2009-1572) - Low [184]

Description: {'vulners_cve_data_all': 'The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1572 was patched at 2024-05-15

7604. Denial of Service - Unknown Product (CVE-2009-1957) - Low [184]

Description: {'vulners_cve_data_all': 'charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid IKE_SA_INIT request that triggers "an incomplete state," followed by a CREATE_CHILD_SA request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1957 was patched at 2024-05-15

7605. Denial of Service - Unknown Product (CVE-2009-1958) - Low [184]

Description: {'vulners_cve_data_all': 'charon/sa/tasks/child_create.c in the charon daemon in strongSWAN before 4.3.1 switches the NULL checks for TSi and TSr payloads, which allows remote attackers to cause a denial of service via an IKE_AUTH request without a (1) TSi or (2) TSr traffic selector.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1958 was patched at 2024-05-15

7606. Denial of Service - Unknown Product (CVE-2009-1959) - Low [184]

Description: {'vulners_cve_data_all': 'Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1959 was patched at 2024-05-15

7607. Denial of Service - Unknown Product (CVE-2009-2174) - Low [184]

Description: {'vulners_cve_data_all': 'GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2174 was patched at 2024-05-15

7608. Denial of Service - Unknown Product (CVE-2009-2425) - Low [184]

Description: {'vulners_cve_data_all': 'Tor before 0.2.0.35 allows remote attackers to cause a denial of service (application crash) via a malformed router descriptor.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2425 was patched at 2024-05-15

7609. Denial of Service - Unknown Product (CVE-2009-2651) - Low [184]

Description: {'vulners_cve_data_all': 'main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2651 was patched at 2024-05-15

7610. Denial of Service - Unknown Product (CVE-2009-3083) - Low [184]

Description: {'vulners_cve_data_all': 'The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3083 was patched at 2024-05-15

7611. Denial of Service - Unknown Product (CVE-2009-3084) - Low [184]

Description: {'vulners_cve_data_all': 'The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3084 was patched at 2024-05-15

7612. Denial of Service - Unknown Product (CVE-2009-3305) - Low [184]

Description: {'vulners_cve_data_all': 'Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and possibly other unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3305 was patched at 2024-05-15

7613. Denial of Service - Unknown Product (CVE-2009-3591) - Low [184]

Description: {'vulners_cve_data_all': 'Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3591 was patched at 2024-05-15

7614. Denial of Service - Unknown Product (CVE-2009-3695) - Low [184]

Description: {'vulners_cve_data_all': 'Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3695 was patched at 2024-05-15

7615. Denial of Service - Unknown Product (CVE-2009-3700) - Low [184]

Description: {'vulners_cve_data_all': 'Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to "emergency mode."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3700 was patched at 2024-05-15

7616. Denial of Service - Unknown Product (CVE-2009-4007) - Low [184]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the NormaliseTrainConsist function in src/train_cmd.cpp in OpenTTD before 0.7.5-RC1 allows remote attackers to cause a denial of service (daemon crash) via certain game actions involving a wagon and a dual-headed engine.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4007 was patched at 2024-05-15

7617. Denial of Service - Unknown Product (CVE-2009-4055) - Low [184]

Description: {'vulners_cve_data_all': 'rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before 1.4.27.1, 1.6.0.x before 1.6.0.19, and 1.6.1.x before 1.6.1.11; Business Edition B.x.x before B.2.5.13, C.2.x.x before C.2.4.6, and C.3.x.x before C.3.2.3; and s800i 1.3.x before 1.3.0.6 allows remote attackers to cause a denial of service (daemon crash) via an RTP comfort noise payload with a long data length.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4055 was patched at 2024-05-15

7618. Denial of Service - Unknown Product (CVE-2009-4413) - Low [184]

Description: {'vulners_cve_data_all': 'The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4413 was patched at 2024-05-15

7619. Denial of Service - Unknown Product (CVE-2009-4500) - Low [184]

Description: {'vulners_cve_data_all': 'The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service (crash) via a crafted request with data that lacks an expected : (colon) separator, which triggers a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4500 was patched at 2024-05-15

7620. Denial of Service - Unknown Product (CVE-2009-4501) - Low [184]

Description: {'vulners_cve_data_all': 'The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4501 was patched at 2024-05-15

7621. Denial of Service - Unknown Product (CVE-2010-0293) - Low [184]

Description: {'vulners_cve_data_all': 'The client logging functionality in chronyd in Chrony before 1.23.1 does not restrict the amount of memory used for storage of client information, which allows remote attackers to cause a denial of service (memory consumption) via spoofed (1) NTP or (2) cmdmon packets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0293 was patched at 2024-05-15

7622. Denial of Service - Unknown Product (CVE-2010-0294) - Low [184]

Description: {'vulners_cve_data_all': 'chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a syslog message for each unauthorized cmdmon packet, which allows remote attackers to cause a denial of service (disk consumption) via a large number of invalid packets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0294 was patched at 2024-05-15

7623. Denial of Service - Unknown Product (CVE-2010-0300) - Low [184]

Description: {'vulners_cve_data_all': 'cache.c in ircd-ratbox before 2.2.9 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a HELP command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0300 was patched at 2024-05-15

7624. Denial of Service - Unknown Product (CVE-2010-0305) - Low [184]

Description: {'vulners_cve_data_all': 'ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to cause a denial of service (daemon crash) via a large number of c2s (aka client2server) messages that trigger a queue overload.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0305 was patched at 2024-05-15

7625. Denial of Service - Unknown Product (CVE-2010-0441) - Low [184]

Description: {'vulners_cve_data_all': 'Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, and 1.6.2.x before 1.6.2.2, and Business Edition C.3 before C.3.3.2, allows remote attackers to cause a denial of service (daemon crash) via an SIP T.38 negotiation with an SDP FaxMaxDatagram field that is (1) missing, (2) modified to contain a negative number, or (3) modified to contain a large number.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0441 was patched at 2024-05-15

7626. Denial of Service - Unknown Product (CVE-2010-0745) - Low [184]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0745 was patched at 2024-05-15

7627. Denial of Service - Unknown Product (CVE-2010-0751) - Low [184]

Description: {'vulners_cve_data_all': 'The ip_evictor function in ip_fragment.c in libnids before 1.24, as used in dsniff and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via crafted fragmented packets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0751 was patched at 2024-05-15

7628. Denial of Service - Unknown Product (CVE-2010-1152) - Low [184]

Description: {'vulners_cve_data_all': 'memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line that triggers excessive memory allocation. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1152 was patched at 2024-05-15

7629. Denial of Service - Unknown Product (CVE-2010-1311) - Low [184]

Description: {'vulners_cve_data_all': 'The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1311 was patched at 2024-05-15

7630. Denial of Service - Unknown Product (CVE-2010-1443) - Low [184]

Description: {'vulners_cve_data_all': 'The parse_track_node function in modules/demux/playlist/xspf.c in the XSPF playlist parser in VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty location element in an XML Shareable Playlist Format (XSPF) document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1443 was patched at 2024-05-15

7631. Denial of Service - Unknown Product (CVE-2010-1624) - Low [184]

Description: {'vulners_cve_data_all': 'The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a custom emoticon in a malformed SLP message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1624 was patched at 2024-05-15

7632. Denial of Service - Unknown Product (CVE-2010-1677) - Low [184]

Description: {'vulners_cve_data_all': 'MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1677 was patched at 2024-05-15

7633. Denial of Service - Unknown Product (CVE-2010-2262) - Low [184]

Description: {'vulners_cve_data_all': 'Galileo Students Team Weborf before 0.12.1 allows remote attackers to cause a denial of service (crash) via a crafted Range header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2262 was patched at 2024-05-15

7634. Denial of Service - Unknown Product (CVE-2010-2435) - Low [184]

Description: {'vulners_cve_data_all': 'Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause a denial of service (crash) via Unicode characters in a Connection HTTP header, and possibly other headers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2435 was patched at 2024-05-15

7635. Denial of Service - Unknown Product (CVE-2010-2443) - Low [184]

Description: {'vulners_cve_data_all': 'The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before 3.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an OJPEG image with undefined strip offsets, related to the TIFFVGetField function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2443 was patched at 2024-05-15

7636. Denial of Service - Unknown Product (CVE-2010-2494) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple buffer underflows in the base64 decoder in base64.c in (1) bogofilter and (2) bogolexer in bogofilter before 1.2.2 allow remote attackers to cause a denial of service (heap memory corruption and application crash) via an e-mail message with invalid base64 data that begins with an = (equals) character.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2494 was patched at 2024-05-15

7637. Denial of Service - Unknown Product (CVE-2010-2529) - Low [184]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in ping.c in iputils 20020927, 20070202, 20071127, and 20100214 on Mandriva Linux allows remote attackers to cause a denial of service (hang) via a crafted echo response.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2529 was patched at 2024-05-15

7638. Denial of Service - Unknown Product (CVE-2010-2812) - Low [184]

Description: {'vulners_cve_data_all': 'Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of service (exception and daemon crash) via a PING command that lacks an argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2812 was patched at 2024-05-15

7639. Denial of Service - Unknown Product (CVE-2010-2934) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in ZNC 0.092 allow remote attackers to cause a denial of service (exception and daemon crash) via unknown vectors related to "unsafe substr() calls."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2934 was patched at 2024-05-15

7640. Denial of Service - Unknown Product (CVE-2010-3071) - Low [184]

Description: {'vulners_cve_data_all': 'bip before 0.8.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an empty USER command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3071 was patched at 2024-05-15

7641. Denial of Service - Unknown Product (CVE-2010-3443) - Low [184]

Description: {'vulners_cve_data_all': 'ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3443 was patched at 2024-05-15

7642. Denial of Service - Unknown Product (CVE-2010-3903) - Low [184]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service (application crash) via a 404 HTTP status code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3903 was patched at 2024-05-15

7643. Denial of Service - Unknown Product (CVE-2010-4336) - Low [184]

Description: {'vulners_cve_data_all': 'The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd 4.x before 4.9.4 and before 4.10.2 allow remote attackers to cause a denial of service (assertion failure) via a packet with a timestamp whose value is 10 or less, as demonstrated by creating RRD files using the (1) RRDtool and (2) RRDCacheD plugins.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4336 was patched at 2024-05-15

7644. Denial of Service - Unknown Product (CVE-2010-4535) - Low [184]

Description: {'vulners_cve_data_all': 'The password reset functionality in django.contrib.auth in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not validate the length of a string representing a base36 timestamp, which allows remote attackers to cause a denial of service (resource consumption) via a URL that specifies a large base36 integer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4535 was patched at 2024-05-15

7645. Denial of Service - Unknown Product (CVE-2011-0490) - Low [184]

Description: {'vulners_cve_data_all': 'Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to Libevent within Libevent log handlers, which might allow remote attackers to cause a denial of service (daemon crash) via vectors that trigger certain log messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0490 was patched at 2024-05-15

7646. Denial of Service - Unknown Product (CVE-2011-0491) - Low [184]

Description: {'vulners_cve_data_all': 'The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not validate a certain size value during memory allocation, which might allow remote attackers to cause a denial of service (daemon crash) via unspecified vectors, related to "underflow errors."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0491 was patched at 2024-05-15

7647. Denial of Service - Unknown Product (CVE-2011-0492) - Low [184]

Description: {'vulners_cve_data_all': 'Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote attackers to cause a denial of service (assertion failure and daemon exit) via blobs that trigger a certain file size, as demonstrated by the cached-descriptors.new file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0492 was patched at 2024-05-15

7648. Denial of Service - Unknown Product (CVE-2011-0493) - Low [184]

Description: {'vulners_cve_data_all': 'Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors related to malformed router caches and improper handling of integer values.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0493 was patched at 2024-05-15

7649. Denial of Service - Unknown Product (CVE-2011-1137) - Low [184]

Description: {'vulners_cve_data_all': 'Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1137 was patched at 2024-05-15

7650. Denial of Service - Unknown Product (CVE-2011-1174) - Low [184]

Description: {'vulners_cve_data_all': 'manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x before 1.6.2.17.2, and 1.8.x before 1.8.3.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a series of manager sessions involving invalid data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1174 was patched at 2024-05-15

7651. Denial of Service - Unknown Product (CVE-2011-1507) - Low [184]

Description: {'vulners_cve_data_all': 'Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1507 was patched at 2024-05-15

7652. Denial of Service - Unknown Product (CVE-2011-1924) - Low [184]

Description: {'vulners_cve_data_all': 'Buffer overflow in the policy_summarize function in or/policies.c in Tor before 0.2.1.30 allows remote attackers to cause a denial of service (directory authority crash) via a crafted policy that triggers creation of a long port list.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1924 was patched at 2024-05-15

7653. Denial of Service - Unknown Product (CVE-2011-1925) - Low [184]

Description: {'vulners_cve_data_all': 'nbd-server.c in Network Block Device (nbd-server) 2.9.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by causing a negotiation failure, as demonstrated by specifying a name for a non-existent export.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1925 was patched at 2024-05-15

7654. Denial of Service - Unknown Product (CVE-2011-2216) - Low [184]

Description: {'vulners_cve_data_all': 'reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.2 does not initialize certain strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed Contact header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2216 was patched at 2024-05-15

7655. Denial of Service - Unknown Product (CVE-2011-2516) - Low [184]

Description: {'vulners_cve_data_all': 'Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2516 was patched at 2024-05-15

7656. Denial of Service - Unknown Product (CVE-2011-2532) - Low [184]

Description: {'vulners_cve_data_all': 'The json.decode function in util/json.lua in Prosody 0.8.x before 0.8.1 might allow remote attackers to cause a denial of service (infinite loop) via invalid JSON data, as demonstrated by truncated data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2532 was patched at 2024-05-15

7657. Denial of Service - Unknown Product (CVE-2011-2535) - Low [184]

Description: {'vulners_cve_data_all': 'chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x before 1.4.41.1, 1.6.2.x before 1.6.2.18.1, and 1.8.x before 1.8.4.3, and Asterisk Business Edition C.3 before C.3.7.3, accesses a memory address contained in an option control frame, which allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a crafted frame.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2535 was patched at 2024-05-15

7658. Denial of Service - Unknown Product (CVE-2011-2665) - Low [184]

Description: {'vulners_cve_data_all': 'reqresp_parser.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.4.3 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a SIP packet with a Contact header that lacks a < (less than) character.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2665 was patched at 2024-05-15

7659. Denial of Service - Unknown Product (CVE-2011-3263) - Low [184]

Description: {'vulners_cve_data_all': 'zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows context-dependent attackers to cause a denial of service (CPU consumption) by executing the vfs.file.cksum command for a special device, as demonstrated by the /dev/urandom device.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3263 was patched at 2024-05-15

7660. Denial of Service - Unknown Product (CVE-2011-3343) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3343 was patched at 2024-05-15

7661. Denial of Service - Unknown Product (CVE-2011-3354) - Low [184]

Description: {'vulners_cve_data_all': 'The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3354 was patched at 2024-05-15

7662. Denial of Service - Unknown Product (CVE-2011-3605) - Low [184]

Description: {'vulners_cve_data_all': 'The process_rs function in the router advertisement daemon (radvd) before 1.8.2, when UnicastOnly is enabled, allows remote attackers to cause a denial of service (temporary service hang) via a large number of ND_ROUTER_SOLICIT requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3605 was patched at 2024-05-15

7663. Denial of Service - Unknown Product (CVE-2011-4528) - Low [184]

Description: {'vulners_cve_data_all': 'Unbound before 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4528 was patched at 2024-05-15

7664. Denial of Service - Unknown Product (CVE-2011-5036) - Low [184]

Description: {'vulners_cve_data_all': 'Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-5036 was patched at 2024-05-15

7665. Denial of Service - Unknown Product (CVE-2011-5280) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in BOINC 6.13.x allow remote attackers to cause a denial of service (crash) via a long trickle-up to (1) client/cs_trickle.cpp or (2) db/db_base.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-5280 was patched at 2024-05-15

7666. Denial of Service - Unknown Product (CVE-2012-0033) - Low [184]

Description: {'vulners_cve_data_all': 'The CBounceDCCMod::OnPrivCTCP function in bouncedcc.cpp in the bouncedcc module in ZNC 0.200 and 0.202 allows remote attackers to cause a denial of service (crash) via a crafted DCC RESUME request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0033 was patched at 2024-05-15

7667. Denial of Service - Unknown Product (CVE-2012-0039) - Low [184]

Description: {'vulners_cve_data_all': 'GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this issue may be disputed by the vendor; the existence of the g_str_hash function is not a vulnerability in the library, because callers of g_hash_table_new and g_hash_table_new_full can specify an arbitrary hash function that is appropriate for the application.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0039 was patched at 2024-05-15

7668. Denial of Service - Unknown Product (CVE-2012-0206) - Low [184]

Description: {'vulners_cve_data_all': 'common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0206 was patched at 2024-05-15

7669. Denial of Service - Unknown Product (CVE-2012-0839) - Low [184]

Description: {'vulners_cve_data_all': 'OCaml 3.12.1 and earlier computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0839 was patched at 2024-05-15

7670. Denial of Service - Unknown Product (CVE-2012-0840) - Low [184]

Description: {'vulners_cve_data_all': 'tables/apr_hash.c in the Apache Portable Runtime (APR) library through 1.4.5 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0840 was patched at 2024-05-15

7671. Denial of Service - Unknown Product (CVE-2012-1176) - Low [184]

Description: {'vulners_cve_data_all': 'Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi before 0.11.0 allows remote attackers to cause a denial of service (application crash) via a 4-byte utf-8 sequence.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1176 was patched at 2024-05-15

7672. Denial of Service - Unknown Product (CVE-2012-2147) - Low [184]

Description: {'vulners_cve_data_all': 'munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2147 was patched at 2024-05-15

7673. Denial of Service - Unknown Product (CVE-2012-2249) - Low [184]

Description: {'vulners_cve_data_all': 'Tor before 0.2.3.23-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a renegotiation attempt that occurs after the initiation of the V3 link protocol.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2249 was patched at 2024-05-15

7674. Denial of Service - Unknown Product (CVE-2012-2250) - Low [184]

Description: {'vulners_cve_data_all': 'Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2250 was patched at 2024-05-15

7675. Denial of Service - Unknown Product (CVE-2012-2322) - Low [184]

Description: {'vulners_cve_data_all': 'Integer overflow in the dhcpv6_get_option function in gdhcp/client.c in ConnMan before 0.85 allows remote attackers to cause a denial of service (infinite loop and crash) via an invalid length value in a DHCP packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2322 was patched at 2024-05-15

7676. Denial of Service - Unknown Product (CVE-2012-3420) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3420 was patched at 2024-05-15

7677. Denial of Service - Unknown Product (CVE-2012-3433) - Low [184]

Description: {'vulners_cve_data_all': 'Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of service (domain 0 VCPU hang and kernel panic) by modifying the physical address space in a way that triggers excessive shared page search time during the p2m teardown.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3433 was patched at 2024-05-15

7678. Denial of Service - Unknown Product (CVE-2012-3496) - Low [184]

Description: {'vulners_cve_data_all': 'XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3496 was patched at 2024-05-15

7679. Denial of Service - Unknown Product (CVE-2012-3505) - Low [184]

Description: {'vulners_cve_data_all': 'Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3505 was patched at 2024-05-15

7680. Denial of Service - Unknown Product (CVE-2012-3514) - Low [184]

Description: {'vulners_cve_data_all': 'OCaml Xml-Light Library before r234 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3514 was patched at 2024-05-15

7681. Denial of Service - Unknown Product (CVE-2012-3517) - Low [184]

Description: {'vulners_cve_data_all': 'Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3517 was patched at 2024-05-15

7682. Denial of Service - Unknown Product (CVE-2012-4507) - Low [184]

Description: {'vulners_cve_data_all': 'The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4507 was patched at 2024-05-15

7683. Denial of Service - Unknown Product (CVE-2012-4561) - Low [184]

Description: {'vulners_cve_data_all': 'The (1) publickey_make_dss, (2) publickey_make_rsa, (3) signature_from_string, (4) ssh_do_sign, and (5) ssh_sign_session_id functions in keys.c in libssh before 0.5.3 free "an invalid pointer on an error path," which might allow remote attackers to cause a denial of service (crash) via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4561 was patched at 2024-05-15

7684. Denial of Service - Unknown Product (CVE-2012-4575) - Low [184]

Description: {'vulners_cve_data_all': 'The add_database function in objects.c in the pgbouncer pooler 1.5.2 for PostgreSQL allows remote attackers to cause a denial of service (daemon outage) via a long database name in a request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4575 was patched at 2024-05-15

7685. Denial of Service - Unknown Product (CVE-2012-4678) - Low [184]

Description: {'vulners_cve_data_all': 'munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4678 was patched at 2024-05-15

7686. Denial of Service - Unknown Product (CVE-2012-5511) - Low [184]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the dirty video RAM tracking functionality in Xen 3.4 through 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) via a large bitmap image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5511 was patched at 2024-05-15

7687. Denial of Service - Unknown Product (CVE-2012-5573) - Low [184]

Description: {'vulners_cve_data_all': 'The connection_edge_process_relay_cell function in or/relay.c in Tor before 0.2.3.25 maintains circuits even if an unexpected SENDME cell arrives, which might allow remote attackers to cause a denial of service (memory consumption or excessive cell reception rate) or bypass intended flow-control restrictions via a RELAY_COMMAND_SENDME command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5573 was patched at 2024-05-15

7688. Denial of Service - Unknown Product (CVE-2012-5976) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple stack consumption vulnerabilities in Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones allow remote attackers to cause a denial of service (daemon crash) via TCP data using the (1) SIP, (2) HTTP, or (3) XMPP protocol.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5976 was patched at 2024-05-15

7689. Denial of Service - Unknown Product (CVE-2012-6031) - Low [184]

Description: {'vulners_cve_data_all': 'The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (CPU hang and host crash) via unspecified vectors related to a spinlock being held in the "bad_copy error path." NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6031 was patched at 2024-05-15

7690. Denial of Service - Unknown Product (CVE-2012-6032) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in the (1) tmh_copy_from_client and (2) tmh_copy_to_client functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 allow local guest OS users to cause a denial of service (memory corruption and host crash) via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6032 was patched at 2024-05-15

7691. Denial of Service - Unknown Product (CVE-2012-6128) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6128 was patched at 2024-05-15

7692. Denial of Service - Unknown Product (CVE-2012-6139) - Low [184]

Description: {'vulners_cve_data_all': 'libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6139 was patched at 2024-05-15

7693. Denial of Service - Unknown Product (CVE-2012-6333) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM guest OS administrators to cause a denial of service (physical CPU consumption) via a large input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6333 was patched at 2024-05-15

7694. Denial of Service - Unknown Product (CVE-2013-0183) - Low [184]

Description: {'vulners_cve_data_all': 'multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0183 was patched at 2024-05-15

7695. Denial of Service - Unknown Product (CVE-2013-0198) - Low [184]

Description: {'vulners_cve_data_all': 'Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0198 was patched at 2024-05-15

7696. Denial of Service - Unknown Product (CVE-2013-0270) - Low [184]

Description: {'vulners_cve_data_all': 'OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0270 was patched at 2024-05-15

7697. Denial of Service - Unknown Product (CVE-2013-1769) - Low [184]

Description: {'vulners_cve_data_all': 'A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 and 0.17.x before 0.17.3 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1769 was patched at 2024-05-15

7698. Denial of Service - Unknown Product (CVE-2013-1854) - Low [184]

Description: {'vulners_cve_data_all': 'The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attackers to cause a denial of service via crafted input to a where method.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1854 was patched at 2024-05-15

7699. Denial of Service - Unknown Product (CVE-2013-1884) - Low [184]

Description: {'vulners_cve_data_all': 'The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (segmentation fault and crash) via a log REPORT request with an invalid limit, which triggers an access of an uninitialized variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1884 was patched at 2024-05-15

7700. Denial of Service - Unknown Product (CVE-2013-2014) - Low [184]

Description: {'vulners_cve_data_all': 'OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2014 was patched at 2024-05-15

7701. Denial of Service - Unknown Product (CVE-2013-2020) - Low [184]

Description: {'vulners_cve_data_all': 'Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2020 was patched at 2024-05-15

7702. Denial of Service - Unknown Product (CVE-2013-2218) - Low [184]

Description: {'vulners_cve_data_all': 'Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2218 was patched at 2024-05-15

7703. Denial of Service - Unknown Product (CVE-2013-3495) - Low [184]

Description: {'vulners_cve_data_all': 'The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-3495 was patched at 2024-05-15

7704. Denial of Service - Unknown Product (CVE-2013-4160) - Low [184]

Description: {'vulners_cve_data_all': 'Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4160 was patched at 2024-05-15

7705. Denial of Service - Unknown Product (CVE-2013-4356) - Low [184]

Description: {'vulners_cve_data_all': 'Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4356 was patched at 2024-05-15

7706. Denial of Service - Unknown Product (CVE-2013-4421) - Low [184]

Description: {'vulners_cve_data_all': 'The buf_decompress function in packet.c in Dropbear SSH Server before 2013.59 allows remote attackers to cause a denial of service (memory consumption) via a compressed packet that has a large size when it is decompressed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4421 was patched at 2024-05-15

7707. Denial of Service - Unknown Product (CVE-2013-4549) - Low [184]

Description: {'vulners_cve_data_all': 'QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4549 was patched at 2024-05-15

7708. Denial of Service - Unknown Product (CVE-2013-5651) - Low [184]

Description: {'vulners_cve_data_all': 'The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-5651 was patched at 2024-05-15

7709. Denial of Service - Unknown Product (CVE-2013-5919) - Low [184]

Description: {'vulners_cve_data_all': 'Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-5919 was patched at 2024-05-15

7710. Denial of Service - Unknown Product (CVE-2013-6076) - Low [184]

Description: {'vulners_cve_data_all': 'strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a denial of service (NULL pointer dereference and charon daemon crash) via a crafted IKEv1 fragmentation packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6076 was patched at 2024-05-15

7711. Denial of Service - Unknown Product (CVE-2013-6401) - Low [184]

Description: {'vulners_cve_data_all': 'Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6401 was patched at 2024-05-15

7712. Denial of Service - Unknown Product (CVE-2013-6411) - Low [184]

Description: {'vulners_cve_data_all': 'The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft outside of the map.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6411 was patched at 2024-05-15

7713. Denial of Service - Unknown Product (CVE-2013-7298) - Low [184]

Description: {'vulners_cve_data_all': 'query_params.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service (infinite recursion and crash) via an HTTP query that contains %% (double percent) characters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7298 was patched at 2024-05-15

7714. Denial of Service - Unknown Product (CVE-2013-7353) - Low [184]

Description: {'vulners_cve_data_all': 'Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7353 was patched at 2024-05-15

7715. Denial of Service - Unknown Product (CVE-2013-7354) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7354 was patched at 2024-05-15

7716. Denial of Service - Unknown Product (CVE-2014-1474) - Low [184]

Description: {'vulners_cve_data_all': 'Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string without an address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1474 was patched at 2024-05-15

7717. Denial of Service - Unknown Product (CVE-2014-1896) - Low [184]

Description: {'vulners_cve_data_all': 'The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore ring indexes, which triggers a "read or write past the end of the ring."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1896 was patched at 2024-05-15

7718. Denial of Service - Unknown Product (CVE-2014-2310) - Low [184]

Description: {'vulners_cve_data_all': 'The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers to cause a denial of service (hang) by sending a multi-object request with an Object ID (OID) containing more subids than previous requests, a different vulnerability than CVE-2012-6151.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2310 was patched at 2024-05-15

7719. Denial of Service - Unknown Product (CVE-2014-3598) - Low [184]

Description: {'vulners_cve_data_all': 'The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3598 was patched at 2024-05-15

7720. Denial of Service - Unknown Product (CVE-2014-3614) - Low [184]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3614 was patched at 2024-05-15

7721. Denial of Service - Unknown Product (CVE-2014-3755) - Low [184]

Description: {'vulners_cve_data_all': 'The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3755 was patched at 2024-05-15

7722. Denial of Service - Unknown Product (CVE-2014-3756) - Low [184]

Description: {'vulners_cve_data_all': 'The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3756 was patched at 2024-05-15

7723. Denial of Service - Unknown Product (CVE-2014-4047) - Low [184]

Description: {'vulners_cve_data_all': 'Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a large number of (1) inactive or (2) incomplete HTTP connections.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4047 was patched at 2024-05-15

7724. Denial of Service - Unknown Product (CVE-2014-5146) - Low [184]

Description: {'vulners_cve_data_all': 'Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5146 was patched at 2024-05-15

7725. Denial of Service - Unknown Product (CVE-2014-5148) - Low [184]

Description: {'vulners_cve_data_all': 'Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5148 was patched at 2024-05-15

7726. Denial of Service - Unknown Product (CVE-2014-5149) - Low [184]

Description: {'vulners_cve_data_all': 'Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5146.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5149 was patched at 2024-05-15

7727. Denial of Service - Unknown Product (CVE-2014-6603) - Low [184]

Description: {'vulners_cve_data_all': 'The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other impact via a crafted banner, which triggers a large memory allocation or an out-of-bounds write.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-6603 was patched at 2024-05-15

7728. Denial of Service - Unknown Product (CVE-2014-8123) - Low [184]

Description: {'vulners_cve_data_all': 'Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37 allows remote attackers to cause a denial of service (crash) via a crafted document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8123 was patched at 2024-05-15

7729. Denial of Service - Unknown Product (CVE-2014-8415) - Low [184]

Description: {'vulners_cve_data_all': 'Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8415 was patched at 2024-05-15

7730. Denial of Service - Unknown Product (CVE-2014-8416) - Low [184]

Description: {'vulners_cve_data_all': 'Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8416 was patched at 2024-05-15

7731. Denial of Service - Unknown Product (CVE-2014-9319) - Low [184]

Description: {'vulners_cve_data_all': 'The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted .bit file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9319 was patched at 2024-05-15

7732. Denial of Service - Unknown Product (CVE-2014-9374) - Low [184]

Description: {'vulners_cve_data_all': 'Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9374 was patched at 2024-05-15

7733. Denial of Service - Unknown Product (CVE-2014-9449) - Low [184]

Description: {'vulners_cve_data_all': 'Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an AVI file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9449 was patched at 2024-05-15

7734. Denial of Service - Unknown Product (CVE-2014-9527) - Low [184]

Description: {'vulners_cve_data_all': 'HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9527 was patched at 2024-05-15

7735. Denial of Service - Unknown Product (CVE-2015-1030) - Low [184]

Description: {'vulners_cve_data_all': 'Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1030 was patched at 2024-05-15

7736. Denial of Service - Unknown Product (CVE-2015-1380) - Low [184]

Description: {'vulners_cve_data_all': 'jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1380 was patched at 2024-05-15

7737. Denial of Service - Unknown Product (CVE-2015-2778) - Low [184]

Description: {'vulners_cve_data_all': 'Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2778 was patched at 2024-05-15

7738. Denial of Service - Unknown Product (CVE-2015-2779) - Low [184]

Description: {'vulners_cve_data_all': 'Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2779 was patched at 2024-05-15

7739. Denial of Service - Unknown Product (CVE-2015-5311) - Low [184]

Description: {'vulners_cve_data_all': 'PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5311 was patched at 2024-05-15

7740. Denial of Service - Unknown Product (CVE-2016-2517) - Low [184]

Description: {'vulners_cve_data_all': 'NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to cause a denial of service (prevent subsequent authentication) by leveraging knowledge of the controlkey or requestkey and sending a crafted packet to ntpd, which changes the value of trustedkey, controlkey, or requestkey. NOTE: this vulnerability exists because of a CVE-2016-2516 regression.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2517 was patched at 2024-05-15

7741. Denial of Service - Unknown Product (CVE-2017-15185) - Low [184]

Description: {'vulners_cve_data_all': 'plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (application crash) via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15185 was patched at 2024-05-15

7742. Denial of Service - Unknown Product (CVE-2017-6437) - Low [184]

Description: {'vulners_cve_data_all': 'The base64encode function in base64.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds read) via a crafted plist file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6437 was patched at 2024-05-15

7743. Denial of Service - Unknown Product (CVE-2017-6440) - Low [184]

Description: {'vulners_cve_data_all': 'The parse_data_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory allocation error) via a crafted plist file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6440 was patched at 2024-05-15

7744. Denial of Service - Unknown Product (CVE-2018-1000532) - Low [184]

Description: {'vulners_cve_data_all': 'beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to run beep.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000532 was patched at 2024-05-15

7745. Denial of Service - Unknown Product (CVE-2018-6459) - Low [184]

Description: {'vulners_cve_data_all': 'The rsa_pss_params_parse function in libstrongswan/credentials/keys/signature_params.c in strongSwan 5.6.1 allows remote attackers to cause a denial of service via a crafted RSASSA-PSS signature that lacks a mask generation function parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6459 was patched at 2024-05-15

7746. Denial of Service - Unknown Product (CVE-2018-6922) - Low [184]

Description: {'vulners_cve_data_all': 'One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6922 was patched at 2024-05-15

7747. Denial of Service - Unknown Product (CVE-2019-11387) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a denial of service (ReDOS) by entering a specially crafted string with nested repetition operators.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11387 was patched at 2024-05-15

7748. Denial of Service - Unknown Product (CVE-2020-13132) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in Yubico libykpiv before 2.1.0. An attacker can trigger an incorrect free() in the ykpiv_util_generate_key() function in lib/util.c through incorrect error handling code. This could be used to cause a denial of service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13132 was patched at 2024-05-15

7749. Denial of Service - Unknown Product (CVE-2020-15168) - Low [184]

Description: {'vulners_cve_data_all': 'node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the size option after following a redirect, which means that when a content size was over the limit, a FetchError would never get thrown and the process would end without failure. For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don't double-check the size of the data after fetch() has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15168 was patched at 2024-05-15

7750. Denial of Service - Unknown Product (CVE-2021-23364) - Low [184]

Description: {'vulners_cve_data_all': 'The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-23364 was patched at 2024-05-15

7751. Denial of Service - Unknown Product (CVE-2021-23368) - Low [184]

Description: {'vulners_cve_data_all': 'The package postcss from 7.0.0 and before 8.2.10 are vulnerable to Regular Expression Denial of Service (ReDoS) during source map parsing.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-23368 was patched at 2024-05-15

7752. Denial of Service - Unknown Product (CVE-2021-35525) - Low [184]

Description: {'vulners_cve_data_all': 'PostSRSd before 1.11 allows a denial of service (subprocess hang) if Postfix sends certain long data fields such as multiple concatenated email addresses. NOTE: the PostSRSd maintainer acknowledges "theoretically, this error should never occur ... I'm not sure if there's a reliable way to trigger this condition by an external attacker, but it is a security bug in PostSRSd nevertheless."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-35525 was patched at 2024-05-15

7753. Denial of Service - Unknown Product (CVE-2023-1894) - Low [184]

Description: {'vulners_cve_data_all': 'A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-1894 was patched at 2024-05-15

7754. Denial of Service - Unknown Product (CVE-2023-23082) - Low [184]

Description: {'vulners_cve_data_all': 'A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-23082 was patched at 2024-05-15

7755. Denial of Service - Unknown Product (CVE-2023-26116) - Low [184]

Description: {'vulners_cve_data_all': 'Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26116 was patched at 2024-05-15

7756. Denial of Service - Unknown Product (CVE-2023-26117) - Low [184]

Description: {'vulners_cve_data_all': 'Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26117 was patched at 2024-05-15

7757. Denial of Service - Unknown Product (CVE-2023-26118) - Low [184]

Description: {'vulners_cve_data_all': 'Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26118 was patched at 2024-05-15

7758. Denial of Service - Unknown Product (CVE-2023-26144) - Low [184]

Description: {'vulners_cve_data_all': 'Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.\r\r**Note:** It was not proven that this vulnerability can crash the process.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26144 was patched at 2024-05-15

7759. Denial of Service - Unknown Product (CVE-2023-6681) - Low [184]

Description: {'vulners_cve_data_all': 'A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-6681 was patched at 2024-05-15

oraclelinux: CVE-2023-6681 was patched at 2024-05-29

redhat: CVE-2023-6681 was patched at 2024-05-22

7760. Denial of Service - Unknown Product (CVE-2024-23323) - Low [184]

Description: {'vulners_cve_data_all': 'Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

redos: CVE-2024-23323 was patched at 2024-04-23

7761. Denial of Service - Unknown Product (CVE-2024-4067) - Low [184]

Description: {'vulners_cve_data_all': 'The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-4067 was patched at 2024-05-15

7762. Incorrect Calculation - Unknown Product (CVE-2000-1219) - Low [184]

Description: {'vulners_cve_data_all': 'The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not handle all types of integer overflows, which may leave applications vulnerable to vulnerabilities related to overflows.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2000-1219 was patched at 2024-05-15

7763. Incorrect Calculation - Unknown Product (CVE-2005-0206) - Low [184]

Description: {'vulners_cve_data_all': 'The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0206 was patched at 2024-05-15

7764. Incorrect Calculation - Unknown Product (CVE-2005-2450) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2450 was patched at 2024-05-15

7765. Incorrect Calculation - Unknown Product (CVE-2015-7848) - Low [184]

Description: {'vulners_cve_data_all': 'An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7848 was patched at 2024-05-15

7766. Incorrect Calculation - Unknown Product (CVE-2018-6917) - Low [184]

Description: {'vulners_cve_data_all': 'In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, insufficient validation of user-provided font parameters can result in an integer overflow, leading to the use of arbitrary kernel memory as glyph data. Unprivileged users may be able to access privileged kernel data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6917 was patched at 2024-05-15

7767. Incorrect Calculation - Unknown Product (CVE-2022-44030) - Low [184]

Description: {'vulners_cve_data_all': 'Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-44030 was patched at 2024-05-15

7768. Memory Corruption - Unknown Product (CVE-2003-0681) - Low [184]

Description: {'vulners_cve_data_all': 'A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0681 was patched at 2024-05-15

7769. Memory Corruption - Unknown Product (CVE-2004-1005) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1005 was patched at 2024-05-15

7770. Memory Corruption - Unknown Product (CVE-2006-1061) - Low [184]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1061 was patched at 2024-05-15

7771. Memory Corruption - Unknown Product (CVE-2006-1539) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in the checkscores function in scores.c in tetris-bsd in bsd-games before 2.17-r1 in Gentoo Linux might allow local users with games group membership to gain privileges by modifying tetris-bsd.scores to contain crafted executable content, which is executed when another user launches tetris-bsd.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1539 was patched at 2024-05-15

7772. Memory Corruption - Unknown Product (CVE-2006-1550) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of points, or (3) depth.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1550 was patched at 2024-05-15

7773. Memory Corruption - Unknown Product (CVE-2006-4245) - Low [184]

Description: {'vulners_cve_data_all': 'archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4245 was patched at 2024-05-15

7774. Memory Corruption - Unknown Product (CVE-2006-6122) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in TIN before 1.8.2 have unspecified impact and attack vectors, a different vulnerability than CVE-2006-0804.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6122 was patched at 2024-05-15

7775. Memory Corruption - Unknown Product (CVE-2009-4011) - Low [184]

Description: {'vulners_cve_data_all': 'dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4011 was patched at 2024-05-15

7776. Memory Corruption - Unknown Product (CVE-2010-3843) - Low [184]

Description: {'vulners_cve_data_all': 'The GTK version of ettercap uses a global settings file at /tmp/.ettercap_gtk and does not verify ownership of this file. When parsing this file for settings in gtkui_conf_read() (src/interfacesgtk/ec_gtk_conf.c), an unchecked sscanf() call allows a maliciously placed settings file to overflow a statically-sized buffer on the stack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3843 was patched at 2024-05-15

7777. Memory Corruption - Unknown Product (CVE-2011-1145) - Low [184]

Description: {'vulners_cve_data_all': 'The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1145 was patched at 2024-05-15

7778. Memory Corruption - Unknown Product (CVE-2012-0951) - Low [184]

Description: {'vulners_cve_data_all': 'A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29549 due to an unknown function in the file proc/driver/nvidia/registry.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0951 was patched at 2024-05-15

7779. Memory Corruption - Unknown Product (CVE-2014-7272) - Low [184]

Description: {'vulners_cve_data_all': 'Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-7272 was patched at 2024-05-15

7780. Memory Corruption - Unknown Product (CVE-2016-3758) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in libdex/OptInvocation.cpp in DexClassLoader in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides a long filename, aka internal bug 27840771.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3758 was patched at 2024-05-15

7781. Memory Corruption - Unknown Product (CVE-2016-4973) - Low [184]

Description: {'vulners_cve_data_all': 'Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4973 was patched at 2024-05-15

7782. Memory Corruption - Unknown Product (CVE-2016-9917) - Low [184]

Description: {'vulners_cve_data_all': 'In BlueZ 5.42, a buffer overflow was observed in "read_n" function in "tools/hcidump.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9917 was patched at 2024-05-15

7783. Memory Corruption - Unknown Product (CVE-2016-9918) - Low [184]

Description: {'vulners_cve_data_all': 'In BlueZ 5.42, an out-of-bounds read was identified in "packet_hexdump" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9918 was patched at 2024-05-15

7784. Memory Corruption - Unknown Product (CVE-2017-11695) - Low [184]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11695 was patched at 2024-05-15

7785. Memory Corruption - Unknown Product (CVE-2017-11696) - Low [184]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11696 was patched at 2024-05-15

7786. Memory Corruption - Unknown Product (CVE-2017-11698) - Low [184]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11698 was patched at 2024-05-15

7787. Memory Corruption - Unknown Product (CVE-2017-15037) - Low [184]

Description: {'vulners_cve_data_all': 'In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\\0' character.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15037 was patched at 2024-05-15

7788. Memory Corruption - Unknown Product (CVE-2017-7572) - Low [184]

Description: {'vulners_cve_data_all': 'The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7572 was patched at 2024-05-15

7789. Memory Corruption - Unknown Product (CVE-2017-8854) - Low [184]

Description: {'vulners_cve_data_all': 'wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8854 was patched at 2024-05-15

7790. Memory Corruption - Unknown Product (CVE-2018-11364) - Low [184]

Description: {'vulners_cve_data_all': 'sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11364 was patched at 2024-05-15

7791. Memory Corruption - Unknown Product (CVE-2018-11803) - Low [184]

Description: {'vulners_cve_data_all': 'Subversion's mod_dav_svn Apache HTTPD module versions 1.11.0 and 1.10.0 to 1.10.3 will crash after dereferencing an uninitialized pointer if the client omits the root path in a recursive directory listing operation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11803 was patched at 2024-05-15

7792. Memory Corruption - Unknown Product (CVE-2018-12034) - Low [184]

Description: {'vulners_cve_data_all': 'In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yr_execute_code in libyara/exec.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12034 was patched at 2024-05-15

7793. Memory Corruption - Unknown Product (CVE-2018-12035) - Low [184]

Description: {'vulners_cve_data_all': 'In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yr_execute_code in libyara/exec.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12035 was patched at 2024-05-15

7794. Memory Corruption - Unknown Product (CVE-2018-13420) - Low [184]

Description: {'vulners_cve_data_all': 'Google gperftools 2.7 has a memory leak in malloc_extension.cc, related to MallocExtension::Register and InitModule. NOTE: the software maintainer indicates that this is not a bug; it is only a false-positive report from the LeakSanitizer program', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-13420 was patched at 2024-05-15

7795. Memory Corruption - Unknown Product (CVE-2018-13843) - Low [184]

Description: {'vulners_cve_data_all': 'An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library (such as test/test_bgzf.c in the original report) and is not a library issue', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-13843 was patched at 2024-05-15

7796. Memory Corruption - Unknown Product (CVE-2018-13844) - Low [184]

Description: {'vulners_cve_data_all': 'An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in their own code', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-13844 was patched at 2024-05-15

7797. Memory Corruption - Unknown Product (CVE-2018-14072) - Low [184]

Description: {'vulners_cve_data_all': 'libsixel 1.8.1 has a memory leak in sixel_decoder_decode in decoder.c, image_buffer_resize in fromsixel.c, and sixel_decode_raw in fromsixel.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14072 was patched at 2024-05-15

7798. Memory Corruption - Unknown Product (CVE-2018-14073) - Low [184]

Description: {'vulners_cve_data_all': 'libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14073 was patched at 2024-05-15

7799. Memory Corruption - Unknown Product (CVE-2018-18440) - Low [184]

Description: {'vulners_cve_data_all': 'DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18440 was patched at 2024-05-15

7800. Memory Corruption - Unknown Product (CVE-2018-19216) - Low [184]

Description: {'vulners_cve_data_all': 'Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19216 was patched at 2024-05-15

7801. Memory Corruption - Unknown Product (CVE-2018-19416) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19416 was patched at 2024-05-15

7802. Memory Corruption - Unknown Product (CVE-2019-10094) - Low [184]

Description: {'vulners_cve_data_all': 'A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10094 was patched at 2024-05-15

7803. Memory Corruption - Unknown Product (CVE-2019-13178) - Low [184]

Description: {'vulners_cve_data_all': 'modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-13178 was patched at 2024-05-15

7804. Memory Corruption - Unknown Product (CVE-2019-14465) - Low [184]

Description: {'vulners_cve_data_all': 'fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14465 was patched at 2024-05-15

7805. Memory Corruption - Unknown Product (CVE-2019-14468) - Low [184]

Description: {'vulners_cve_data_all': 'GnuCOBOL 2.2 has a buffer overflow in cb_push_op in cobc/field.c via crafted COBOL source code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14468 was patched at 2024-05-15

7806. Memory Corruption - Unknown Product (CVE-2019-14486) - Low [184]

Description: {'vulners_cve_data_all': 'GnuCOBOL 2.2 has a buffer overflow in cb_evaluate_expr in cobc/field.c via crafted COBOL source code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14486 was patched at 2024-05-15

7807. Memory Corruption - Unknown Product (CVE-2019-14524) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14524 was patched at 2024-05-15

7808. Memory Corruption - Unknown Product (CVE-2019-14528) - Low [184]

Description: {'vulners_cve_data_all': 'GnuCOBOL 2.2 has a heap-based buffer overflow in read_literal in cobc/scanner.l via crafted COBOL source code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14528 was patched at 2024-05-15

7809. Memory Corruption - Unknown Product (CVE-2019-14541) - Low [184]

Description: {'vulners_cve_data_all': 'GnuCOBOL 2.2 has a stack-based buffer overflow in cb_encode_program_id in cobc/typeck.c via crafted COBOL source code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14541 was patched at 2024-05-15

7810. Memory Corruption - Unknown Product (CVE-2019-15767) - Low [184]

Description: {'vulners_cve_data_all': 'In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_load function in frontend/cmd.cc via a crafted chess position in an EPD file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15767 was patched at 2024-05-15

7811. Memory Corruption - Unknown Product (CVE-2019-16058) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16058 was patched at 2024-05-15

7812. Memory Corruption - Unknown Product (CVE-2019-16159) - Low [184]

Description: {'vulners_cve_data_all': 'BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16159 was patched at 2024-05-15

7813. Memory Corruption - Unknown Product (CVE-2019-16395) - Low [184]

Description: {'vulners_cve_data_all': 'GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16395 was patched at 2024-05-15

7814. Memory Corruption - Unknown Product (CVE-2019-16396) - Low [184]

Description: {'vulners_cve_data_all': 'GnuCOBOL 2.2 has a use-after-free in the end_scope_of_program_name() function in cobc/parser.y via crafted COBOL source code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16396 was patched at 2024-05-15

7815. Memory Corruption - Unknown Product (CVE-2019-17543) - Low [184]

Description: {'vulners_cve_data_all': 'LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17543 was patched at 2024-05-15

7816. Memory Corruption - Unknown Product (CVE-2019-18840) - Low [184]

Description: {'vulners_cve_data_all': 'In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-18840 was patched at 2024-05-15

7817. Memory Corruption - Unknown Product (CVE-2019-19601) - Low [184]

Description: {'vulners_cve_data_all': 'OpenDetex 2.8.5 has a Buffer Overflow in TexOpen in detex.l because of an incorrect sprintf.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19601 was patched at 2024-05-15

7818. Memory Corruption - Unknown Product (CVE-2019-19796) - Low [184]

Description: {'vulners_cve_data_all': 'Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19796 was patched at 2024-05-15

7819. Memory Corruption - Unknown Product (CVE-2019-19847) - Low [184]

Description: {'vulners_cve_data_all': 'Libspiro through 20190731 has a stack-based buffer overflow in the spiro_to_bpath0() function in spiro.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19847 was patched at 2024-05-15

7820. Memory Corruption - Unknown Product (CVE-2019-19917) - Low [184]

Description: {'vulners_cve_data_all': 'Lout 3.40 has a buffer overflow in the StringQuotedWord() function in z39.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19917 was patched at 2024-05-15

7821. Memory Corruption - Unknown Product (CVE-2019-19918) - Low [184]

Description: {'vulners_cve_data_all': 'Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19918 was patched at 2024-05-15

7822. Memory Corruption - Unknown Product (CVE-2019-20006) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20006 was patched at 2024-05-15

7823. Memory Corruption - Unknown Product (CVE-2019-20797) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer overflow in client and server code responsible for handling received UDP packets, as demonstrated by I_SendPacket or I_SendPacketTo in i_network.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20797 was patched at 2024-05-15

7824. Memory Corruption - Unknown Product (CVE-2019-25078) - Low [184]

Description: {'vulners_cve_data_all': 'A vulnerability classified as problematic was found in pacparser up to 1.3.x. Affected by this vulnerability is the function pacparser_find_proxy of the file src/pacparser.c. The manipulation of the argument url leads to buffer overflow. Attacking locally is a requirement. Upgrading to version 1.4.0 is able to address this issue. The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215443.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-25078 was patched at 2024-05-15

7825. Memory Corruption - Unknown Product (CVE-2019-7733) - Low [184]

Description: {'vulners_cve_data_all': 'In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7733 was patched at 2024-05-15

7826. Memory Corruption - Unknown Product (CVE-2019-8343) - Low [184]

Description: {'vulners_cve_data_all': 'In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-8343 was patched at 2024-05-15

7827. Memory Corruption - Unknown Product (CVE-2019-9026) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function InflateVarName() in inflate.c when called from ReadNextCell in mat5.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9026 was patched at 2024-05-15

7828. Memory Corruption - Unknown Product (CVE-2019-9027) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow problem in the function ReadNextCell() in mat5.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9027 was patched at 2024-05-15

7829. Memory Corruption - Unknown Product (CVE-2019-9029) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read with a SEGV in the function Mat_VarReadNextInfo5() in mat5.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9029 was patched at 2024-05-15

7830. Memory Corruption - Unknown Product (CVE-2019-9032) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds write problem causing a SEGV in the function Mat_VarFree() in mat.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9032 was patched at 2024-05-15

7831. Memory Corruption - Unknown Product (CVE-2019-9036) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a heap-based buffer overflow in the function ReadNextFunctionHandle() in mat5.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9036 was patched at 2024-05-15

7832. Memory Corruption - Unknown Product (CVE-2019-9038) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is an out-of-bounds read problem with a SEGV in the function ReadNextCell() in mat5.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9038 was patched at 2024-05-15

7833. Memory Corruption - Unknown Product (CVE-2019-9578) - Low [184]

Description: {'vulners_cve_data_all': 'In devs.c in Yubico libu2f-host before 1.1.8, the response to init is misparsed, leaking uninitialized stack memory back to the device.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9578 was patched at 2024-05-15

7834. Memory Corruption - Unknown Product (CVE-2020-11866) - Low [184]

Description: {'vulners_cve_data_all': 'libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11866 was patched at 2024-05-15

7835. Memory Corruption - Unknown Product (CVE-2020-11940) - Low [184]

Description: {'vulners_cve_data_all': 'In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_string in ssh.c can be exploited by a network-positioned attacker that can send malformed SSH protocol messages on a network segment monitored by nDPI's library.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11940 was patched at 2024-05-15

7836. Memory Corruption - Unknown Product (CVE-2020-16600) - Low [184]

Description: {'vulners_cve_data_all': 'A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-16600 was patched at 2024-05-15

7837. Memory Corruption - Unknown Product (CVE-2020-24372) - Low [184]

Description: {'vulners_cve_data_all': 'LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24372 was patched at 2024-05-15

7838. Memory Corruption - Unknown Product (CVE-2020-25581) - Low [184]

Description: {'vulners_cve_data_all': 'In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jail_remove(2) implementation, it may fail to kill some of the processes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25581 was patched at 2024-05-15

7839. Memory Corruption - Unknown Product (CVE-2020-35679) - Low [184]

Description: {'vulners_cve_data_all': 'smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35679 was patched at 2024-05-15

7840. Memory Corruption - Unknown Product (CVE-2020-36325) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36325 was patched at 2024-05-15

7841. Memory Corruption - Unknown Product (CVE-2020-36430) - Low [184]

Description: {'vulners_cve_data_all': 'libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36430 was patched at 2024-05-15

7842. Memory Corruption - Unknown Product (CVE-2021-26220) - Low [184]

Description: {'vulners_cve_data_all': 'The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26220 was patched at 2024-05-15

7843. Memory Corruption - Unknown Product (CVE-2021-26221) - Low [184]

Description: {'vulners_cve_data_all': 'The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26221 was patched at 2024-05-15

7844. Memory Corruption - Unknown Product (CVE-2021-26222) - Low [184]

Description: {'vulners_cve_data_all': 'The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26222 was patched at 2024-05-15

7845. Memory Corruption - Unknown Product (CVE-2021-27799) - Low [184]

Description: {'vulners_cve_data_all': 'ean_leading_zeroes in backend/upcean.c in Zint Barcode Generator 2.9.1 has a stack-based buffer overflow that is reachable from the C API through an application that includes the Zint Barcode Generator library code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-27799 was patched at 2024-05-15

7846. Memory Corruption - Unknown Product (CVE-2021-28213) - Low [184]

Description: {'vulners_cve_data_all': 'Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28213 was patched at 2024-05-15

7847. Memory Corruption - Unknown Product (CVE-2021-30472) - Low [184]

Description: {'vulners_cve_data_all': 'A flaw was found in PoDoFo 0.9.7. A stack-based buffer overflow in PdfEncryptMD5Base::ComputeOwnerKey function in PdfEncrypt.cpp is possible because of a improper check of the keyLength value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30472 was patched at 2024-05-15

7848. Memory Corruption - Unknown Product (CVE-2021-32420) - Low [184]

Description: {'vulners_cve_data_all': 'dpic 2021.01.01 has a Heap-based Buffer Overflow in thestorestring function in dpic.y.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32420 was patched at 2024-05-15

7849. Memory Corruption - Unknown Product (CVE-2021-32422) - Low [184]

Description: {'vulners_cve_data_all': 'dpic 2021.01.01 has a Global buffer overflow in theyylex() function in main.c and reads out of the bound array.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32422 was patched at 2024-05-15

7850. Memory Corruption - Unknown Product (CVE-2021-32611) - Low [184]

Description: {'vulners_cve_data_all': 'A NULL pointer dereference vulnerability exists in eXcall_api.c in Antisip eXosip2 through 5.2.0 when handling certain 3xx redirect responses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32611 was patched at 2024-05-15

7851. Memory Corruption - Unknown Product (CVE-2021-33453) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread() in stream.c:1538.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33453 was patched at 2024-05-15

7852. Memory Corruption - Unknown Product (CVE-2021-33479) - Low [184]

Description: {'vulners_cve_data_all': 'A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in measure_pitch() in pgm2asc.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33479 was patched at 2024-05-15

7853. Memory Corruption - Unknown Product (CVE-2021-33481) - Low [184]

Description: {'vulners_cve_data_all': 'A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33481 was patched at 2024-05-15

7854. Memory Corruption - Unknown Product (CVE-2021-36081) - Low [184]

Description: {'vulners_cve_data_all': 'Tesseract OCR 5.0.0-alpha-20201231 has a one_ell_conflict use-after-free during a strpbrk call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-36081 was patched at 2024-05-15

7855. Memory Corruption - Unknown Product (CVE-2021-36089) - Low [184]

Description: {'vulners_cve_data_all': 'Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-36089 was patched at 2024-05-15

7856. Memory Corruption - Unknown Product (CVE-2021-37322) - Low [184]

Description: {'vulners_cve_data_all': 'GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37322 was patched at 2024-05-15

7857. Memory Corruption - Unknown Product (CVE-2021-38614) - Low [184]

Description: {'vulners_cve_data_all': 'Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38614 was patched at 2024-05-15

7858. Memory Corruption - Unknown Product (CVE-2021-39282) - Low [184]

Description: {'vulners_cve_data_all': 'Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39282 was patched at 2024-05-15

7859. Memory Corruption - Unknown Product (CVE-2021-41682) - Low [184]

Description: {'vulners_cve_data_all': 'There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41682 was patched at 2024-05-15

7860. Memory Corruption - Unknown Product (CVE-2021-42218) - Low [184]

Description: {'vulners_cve_data_all': 'OMPL v1.5.2 contains a memory leak in VFRRT.cpp', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42218 was patched at 2024-05-15

7861. Memory Corruption - Unknown Product (CVE-2021-43311) - Low [184]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43311 was patched at 2024-05-15

7862. Memory Corruption - Unknown Product (CVE-2021-43312) - Low [184]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43312 was patched at 2024-05-15

7863. Memory Corruption - Unknown Product (CVE-2021-43313) - Low [184]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43313 was patched at 2024-05-15

7864. Memory Corruption - Unknown Product (CVE-2021-43314) - Low [184]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43314 was patched at 2024-05-15

7865. Memory Corruption - Unknown Product (CVE-2021-43315) - Low [184]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43315 was patched at 2024-05-15

7866. Memory Corruption - Unknown Product (CVE-2021-43316) - Low [184]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43316 was patched at 2024-05-15

7867. Memory Corruption - Unknown Product (CVE-2021-43317) - Low [184]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43317 was patched at 2024-05-15

7868. Memory Corruption - Unknown Product (CVE-2021-44493) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44493 was patched at 2024-05-15

7869. Memory Corruption - Unknown Product (CVE-2021-44499) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a call to $Extract to force an signed integer holding the size of a buffer to take on a large negative number, which is then used as the length of a memcpy call that occurs on the stack, causing a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44499 was patched at 2024-05-15

7870. Memory Corruption - Unknown Product (CVE-2021-44542) - Low [184]

Description: {'vulners_cve_data_all': 'A memory leak vulnerability was found in Privoxy when handling errors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44542 was patched at 2024-05-15

7871. Memory Corruption - Unknown Product (CVE-2021-45710) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45710 was patched at 2024-05-15

7872. Memory Corruption - Unknown Product (CVE-2021-45907) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a for loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45907 was patched at 2024-05-15

7873. Memory Corruption - Unknown Product (CVE-2021-45908) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in gif2apng 1.9. There is a stack-based buffer overflow involving a while loop. An attacker has little influence over the data written to the stack, making it unlikely that the flow of control can be subverted.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45908 was patched at 2024-05-15

7874. Memory Corruption - Unknown Product (CVE-2022-0137) - Low [184]

Description: {'vulners_cve_data_all': 'A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-0137 was patched at 2024-05-15

7875. Memory Corruption - Unknown Product (CVE-2022-1350) - Low [184]

Description: {'vulners_cve_data_all': 'A vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1350 was patched at 2024-05-15

7876. Memory Corruption - Unknown Product (CVE-2022-27418) - Low [184]

Description: {'vulners_cve_data_all': 'Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-27418 was patched at 2024-05-15

7877. Memory Corruption - Unknown Product (CVE-2022-2831) - Low [184]

Description: {'vulners_cve_data_all': 'A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2831 was patched at 2024-05-15

7878. Memory Corruption - Unknown Product (CVE-2022-36139) - Low [184]

Description: {'vulners_cve_data_all': 'SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via SWF::Writer::writeByte(unsigned char).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-36139 was patched at 2024-05-15

7879. Memory Corruption - Unknown Product (CVE-2022-36142) - Low [184]

Description: {'vulners_cve_data_all': 'SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via SWF::Reader::getU30().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-36142 was patched at 2024-05-15

7880. Memory Corruption - Unknown Product (CVE-2022-36143) - Low [184]

Description: {'vulners_cve_data_all': 'SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via __interceptor_strlen.part at /sanitizer_common/sanitizer_common_interceptors.inc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-36143 was patched at 2024-05-15

7881. Memory Corruption - Unknown Product (CVE-2022-36144) - Low [184]

Description: {'vulners_cve_data_all': 'SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via base64_encode.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-36144 was patched at 2024-05-15

7882. Memory Corruption - Unknown Product (CVE-2022-36788) - Low [184]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflow vulnerability exists in the TriangleMesh clone functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially-crafted STL file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-36788 was patched at 2024-05-15

7883. Memory Corruption - Unknown Product (CVE-2022-37047) - Low [184]

Description: {'vulners_cve_data_all': 'The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-37047 was patched at 2024-05-15

7884. Memory Corruption - Unknown Product (CVE-2022-37048) - Low [184]

Description: {'vulners_cve_data_all': 'The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-37048 was patched at 2024-05-15

7885. Memory Corruption - Unknown Product (CVE-2022-37049) - Low [184]

Description: {'vulners_cve_data_all': 'The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-37049 was patched at 2024-05-15

7886. Memory Corruption - Unknown Product (CVE-2022-37781) - Low [184]

Description: {'vulners_cve_data_all': 'fdkaac v1.0.3 was discovered to contain a heap buffer overflow via __interceptor_memcpy.part.46 at /sanitizer_common/sanitizer_common_interceptors.inc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-37781 was patched at 2024-05-15

7887. Memory Corruption - Unknown Product (CVE-2022-38529) - Low [184]

Description: {'vulners_cve_data_all': 'tinyexr commit 0647fb3 was discovered to contain a heap-buffer overflow via the component rleUncompress.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-38529 was patched at 2024-05-15

7888. Memory Corruption - Unknown Product (CVE-2022-44010) - Low [184]

Description: {'vulners_cve_data_all': 'An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-44010 was patched at 2024-05-15

7889. Memory Corruption - Unknown Product (CVE-2022-44370) - Low [184]

Description: {'vulners_cve_data_all': 'NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-44370 was patched at 2024-05-15

7890. Memory Corruption - Unknown Product (CVE-2023-26132) - Low [184]

Description: {'vulners_cve_data_all': 'Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26132 was patched at 2024-05-15

7891. Memory Corruption - Unknown Product (CVE-2023-2618) - Low [184]

Description: {'vulners_cve_data_all': 'A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-2618 was patched at 2024-05-15

7892. Memory Corruption - Unknown Product (CVE-2023-31979) - Low [184]

Description: {'vulners_cve_data_all': 'Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /src/reader.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31979 was patched at 2024-05-15

7893. Memory Corruption - Unknown Product (CVE-2023-31981) - Low [184]

Description: {'vulners_cve_data_all': 'Sngrep v1.6.0 was discovered to contain a stack buffer overflow via the function packet_set_payload at /src/packet.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31981 was patched at 2024-05-15

7894. Memory Corruption - Unknown Product (CVE-2023-34325) - Low [184]

Description: {'vulners_cve_data_all': '\n[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nlibfsimage contains parsing code for several filesystems, most of them based on\ngrub-legacy code. libfsimage is used by pygrub to inspect guest disks.\n\nPygrub runs as the same user as the toolstack (root in a priviledged domain).\n\nAt least one issue has been reported to the Xen Security Team that allows an\nattacker to trigger a stack buffer overflow in libfsimage. After further\nanalisys the Xen Security Team is no longer confident in the suitability of\nlibfsimage when run against guest controlled input with super user priviledges.\n\nIn order to not affect current deployments that rely on pygrub patches are\nprovided in the resolution section of the advisory that allow running pygrub in\ndeprivileged mode.\n\nCVE-2023-4949 refers to the original issue in the upstream grub\nproject ("An attacker with local access to a system (either through a\ndisk or external drive) can present a modified XFS partition to\ngrub-legacy in such a way to exploit a memory corruption in grub’s XFS\nfile system implementation.") CVE-2023-34325 refers specifically to\nthe vulnerabilities in Xen's copy of libfsimage, which is decended\nfrom a very old version of grub.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34325 was patched at 2024-05-15

7895. Memory Corruption - Unknown Product (CVE-2023-36193) - Low [184]

Description: {'vulners_cve_data_all': 'Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-36193 was patched at 2024-05-15

7896. Memory Corruption - Unknown Product (CVE-2023-36243) - Low [184]

Description: {'vulners_cve_data_all': 'FLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml_on_metadata_tag_only function at dump_xml.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-36243 was patched at 2024-05-15

7897. Memory Corruption - Unknown Product (CVE-2023-45662) - Low [184]

Description: {'vulners_cve_data_all': 'stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions. ', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45662 was patched at 2024-05-15

7898. Memory Corruption - Unknown Product (CVE-2023-48298) - Low [184]

Description: {'vulners_cve_data_all': 'ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-48298 was patched at 2024-05-15

7899. Memory Corruption - Unknown Product (CVE-2023-48704) - Low [184]

Description: {'vulners_cve_data_all': 'ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on port 9000/tcp, triggering a bug in the decompression logic of Gorilla codec that crashes the ClickHouse server process. This attack does not require authentication. This issue has been addressed in ClickHouse Cloud version 23.9.2.47551 and ClickHouse versions 23.10.5.20, 23.3.18.15, 23.8.8.20, and 23.9.6.20.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-48704 was patched at 2024-05-15

7900. Memory Corruption - Unknown Product (CVE-2023-4949) - Low [184]

Description: {'vulners_cve_data_all': 'An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-4949 was patched at 2024-05-15

7901. Memory Corruption - Unknown Product (CVE-2023-50671) - Low [184]

Description: {'vulners_cve_data_all': 'In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because snprintf can write to an unexpected address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50671 was patched at 2024-05-15

7902. Memory Corruption - Unknown Product (CVE-2024-22373) - Low [184]

Description: {'vulners_cve_data_all': 'An out-of-bounds write vulnerability exists in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22373 was patched at 2024-05-15

7903. Memory Corruption - Unknown Product (CVE-2024-22391) - Low [184]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflow vulnerability exists in the LookupTable::SetLUT functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22391 was patched at 2024-05-15

7904. Memory Corruption - Unknown Product (CVE-2024-23322) - Low [184]

Description: {'vulners_cve_data_all': 'Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

redos: CVE-2024-23322 was patched at 2024-04-23

7905. Memory Corruption - Unknown Product (CVE-2024-24258) - Low [184]

Description: {'vulners_cve_data_all': 'freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-24258 was patched at 2024-04-30, 2024-05-22

debian: CVE-2024-24258 was patched at 2024-05-15

oraclelinux: CVE-2024-24258 was patched at 2024-05-02, 2024-05-23

redhat: CVE-2024-24258 was patched at 2024-04-30, 2024-05-22

7906. Memory Corruption - Unknown Product (CVE-2024-24259) - Low [184]

Description: {'vulners_cve_data_all': 'freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-24259 was patched at 2024-04-30, 2024-05-22

debian: CVE-2024-24259 was patched at 2024-05-15

oraclelinux: CVE-2024-24259 was patched at 2024-05-02, 2024-05-23

redhat: CVE-2024-24259 was patched at 2024-04-30, 2024-05-22

7907. Memory Corruption - Unknown Product (CVE-2024-25442) - Low [184]

Description: {'vulners_cve_data_all': 'An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25442 was patched at 2024-05-15

7908. Memory Corruption - Unknown Product (CVE-2024-25443) - Low [184]

Description: {'vulners_cve_data_all': 'An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25443 was patched at 2024-05-15

7909. Memory Corruption - Unknown Product (CVE-2024-25446) - Low [184]

Description: {'vulners_cve_data_all': 'An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25446 was patched at 2024-05-15

7910. Memory Corruption - Unknown Product (CVE-2024-30259) - Low [184]

Description: {'vulners_cve_data_all': 'FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves malformed `RTPS` packet, heap buffer overflow occurs on the subscriber. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-30259 was patched at 2024-05-15

7911. Path Traversal - Unknown Product (CVE-2002-1344) - Low [184]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1344 was patched at 2024-05-15

7912. Path Traversal - Unknown Product (CVE-2005-1228) - Low [184]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1228 was patched at 2024-05-15

7913. Path Traversal - Unknown Product (CVE-2005-1229) - Low [184]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1229 was patched at 2024-05-15

7914. Path Traversal - Unknown Product (CVE-2005-3559) - Low [184]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3559 was patched at 2024-05-15

7915. Path Traversal - Unknown Product (CVE-2006-2414) - Low [184]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2414 was patched at 2024-05-15

7916. Path Traversal - Unknown Product (CVE-2011-3848) - Low [184]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and 2.7.x before 2.7.4 allows remote attackers to write X.509 Certificate Signing Request (CSR) to arbitrary locations via (1) a double-encoded key parameter in the URI in 2.7.x, (2) the CN in the Subject of a CSR in 2.6 and 0.25.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3848 was patched at 2024-05-15

7917. Path Traversal - Unknown Product (CVE-2013-4173) - Low [184]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4173 was patched at 2024-05-15

7918. Path Traversal - Unknown Product (CVE-2014-7819) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3, 2.12.x before 2.12.3, and 3.x before 3.0.0.beta.3, as distributed with Ruby on Rails 3.x and 4.x, allow remote attackers to determine the existence of files outside the application root via a ../ (dot dot slash) sequence with (1) double slashes or (2) URL encoding.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-7819 was patched at 2024-05-15

7919. Path Traversal - Unknown Product (CVE-2014-7829) - Low [184]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.21, 4.0.x before 4.0.12, 4.1.x before 4.1.8, and 4.2.x before 4.2.0.beta4, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via vectors involving a \\ (backslash) character, a similar issue to CVE-2014-7818.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-7829 was patched at 2024-05-15

7920. Path Traversal - Unknown Product (CVE-2015-1191) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1191 was patched at 2024-05-15

7921. Path Traversal - Unknown Product (CVE-2015-1192) - Low [184]

Description: {'vulners_cve_data_all': 'Absolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary files via a full pathname in a crafted archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1192 was patched at 2024-05-15

7922. Path Traversal - Unknown Product (CVE-2015-1193) - Low [184]

Description: {'vulners_cve_data_all': 'Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1193 was patched at 2024-05-15

7923. Path Traversal - Unknown Product (CVE-2015-1589) - Low [184]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in arCHMage 0.2.4 allows remote attackers to write to arbitrary files via a .. (dot dot) in a CHM file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1589 was patched at 2024-05-15

7924. Path Traversal - Unknown Product (CVE-2015-9275) - Low [184]

Description: {'vulners_cve_data_all': 'ARC 5.21q allows directory traversal via a full pathname in an archive file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-9275 was patched at 2024-05-15

7925. Path Traversal - Unknown Product (CVE-2018-18586) - Low [184]

Description: {'vulners_cve_data_all': 'chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended as a source-code example, not a supported application', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18586 was patched at 2024-05-15

7926. Path Traversal - Unknown Product (CVE-2021-33896) - Low [184]

Description: {'vulners_cve_data_all': 'Dino before 0.1.2 and 0.2.x before 0.2.1 allows Directory Traversal (only for creation of new files) via URI-encoded path separators.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33896 was patched at 2024-05-15

7927. Path Traversal - Unknown Product (CVE-2024-1459) - Low [184]

Description: {'vulners_cve_data_all': 'A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

redhat: CVE-2024-1459 was patched at 2024-05-08

7928. Unknown Vulnerability Type - DNSSEC (CVE-2023-7008) - Low [184]

Description: {'vulners_cve_data_all': 'A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists0.517The existence of a private exploit is mentioned on BDU:PrivateExploit website
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-7008 was patched at 2024-04-30, 2024-05-22

debian: CVE-2023-7008 was patched at 2024-05-15

oraclelinux: CVE-2023-7008 was patched at 2024-05-03, 2024-05-23

redhat: CVE-2023-7008 was patched at 2024-04-30, 2024-05-22

redos: CVE-2023-7008 was patched at 2024-04-25

7929. Information Disclosure - Unknown Product (CVE-2012-3368) - Low [183]

Description: {'vulners_cve_data_all': 'Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3368 was patched at 2024-05-15

7930. Information Disclosure - Unknown Product (CVE-2012-4730) - Low [183]

Description: {'vulners_cve_data_all': 'Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4730 was patched at 2024-05-15

7931. Information Disclosure - Unknown Product (CVE-2012-5512) - Low [183]

Description: {'vulners_cve_data_all': 'Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5512 was patched at 2024-05-15

7932. Information Disclosure - Unknown Product (CVE-2013-2061) - Low [183]

Description: {'vulners_cve_data_all': 'The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2061 was patched at 2024-05-15

7933. Information Disclosure - Unknown Product (CVE-2014-1948) - Low [183]

Description: {'vulners_cve_data_all': 'OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading the log.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1948 was patched at 2024-05-15

7934. Information Disclosure - Unknown Product (CVE-2014-9770) - Low [183]

Description: {'vulners_cve_data_all': 'tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9770 was patched at 2024-05-15

7935. Information Disclosure - Unknown Product (CVE-2015-8034) - Low [183]

Description: {'vulners_cve_data_all': 'The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8034 was patched at 2024-05-15

7936. Information Disclosure - Unknown Product (CVE-2015-8842) - Low [183]

Description: {'vulners_cve_data_all': 'tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8842 was patched at 2024-05-15

7937. Information Disclosure - Unknown Product (CVE-2015-8946) - Low [183]

Description: {'vulners_cve_data_all': 'ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8946 was patched at 2024-05-15

7938. Information Disclosure - Unknown Product (CVE-2022-0987) - Low [183]

Description: {'vulners_cve_data_all': 'A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-0987 was patched at 2024-05-15

7939. Unknown Vulnerability Type - Eclipse Mosquitto (CVE-2021-28166) - Low [183]

Description: {'vulners_cve_data_all': 'In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Eclipse Mosquitto provides a lightweight server implementation of the MQTT protocol that is suitable for all situations from full power machines to embedded and low power machines
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28166 was patched at 2024-05-15

7940. Unknown Vulnerability Type - Exim (CVE-2011-0017) - Low [183]

Description: {'vulners_cve_data_all': 'The open_log function in log.c in Exim 4.72 and earlier does not check the return value from (1) setuid or (2) setgid system calls, which allows local users to append log data to arbitrary files via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Exim is a mail transfer agent (MTA) used on Unix-like operating systems
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0017 was patched at 2024-05-15

7941. Unknown Vulnerability Type - ImageMagick (CVE-2014-8561) - Low [183]

Description: {'vulners_cve_data_all': 'imagemagick 6.8.9.6 has remote DOS via infinite loop', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8561 was patched at 2024-05-15

7942. Unknown Vulnerability Type - ImageMagick (CVE-2017-11536) - Low [183]

Description: {'vulners_cve_data_all': 'When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11536 was patched at 2024-05-15

7943. Unknown Vulnerability Type - ImageMagick (CVE-2020-13902) - Low [183]

Description: {'vulners_cve_data_all': 'ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13902 was patched at 2024-05-15

7944. Unknown Vulnerability Type - Perl (CVE-2002-0851) - Low [183]

Description: {'vulners_cve_data_all': 'Format string vulnerability in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to gain root privileges via format strings in the device name command line argument, which is not properly handled in a call to syslog.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0851 was patched at 2024-05-15

7945. Unknown Vulnerability Type - Perl (CVE-2004-0395) - Low [183]

Description: {'vulners_cve_data_all': 'The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0395 was patched at 2024-05-15

7946. Unknown Vulnerability Type - Perl (CVE-2004-2768) - Low [183]

Description: {'vulners_cve_data_all': 'dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2768 was patched at 2024-05-15

7947. Unknown Vulnerability Type - Perl (CVE-2005-0393) - Low [183]

Description: {'vulners_cve_data_all': 'The helper scripts for crip 3.5 do not properly use temporary files, which allows local users to have an unknown impact with unknown attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0393 was patched at 2024-05-15

7948. Unknown Vulnerability Type - Perl (CVE-2005-1853) - Low [183]

Description: {'vulners_cve_data_all': 'gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1853 was patched at 2024-05-15

7949. Unknown Vulnerability Type - Perl (CVE-2005-4889) - Low [183]

Description: {'vulners_cve_data_all': 'lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4889 was patched at 2024-05-15

7950. Unknown Vulnerability Type - Perl (CVE-2006-6858) - Low [183]

Description: {'vulners_cve_data_all': 'Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6858 was patched at 2024-05-15

7951. Unknown Vulnerability Type - Perl (CVE-2007-0405) - Low [183]

Description: {'vulners_cve_data_all': 'The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0405 was patched at 2024-05-15

7952. Unknown Vulnerability Type - Perl (CVE-2008-1937) - Low [183]

Description: {'vulners_cve_data_all': 'The user form processing (userform.py) in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1937 was patched at 2024-05-15

7953. Unknown Vulnerability Type - Perl (CVE-2008-2420) - Low [183]

Description: {'vulners_cve_data_all': 'The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2420 was patched at 2024-05-15

7954. Unknown Vulnerability Type - Perl (CVE-2008-5397) - Low [183]

Description: {'vulners_cve_data_all': 'Tor before 0.2.0.32 does not properly process the (1) User and (2) Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5397 was patched at 2024-05-15

7955. Unknown Vulnerability Type - Perl (CVE-2008-6603) - Low [183]

Description: {'vulners_cve_data_all': 'MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when acl_hierarchic is set to True, which might allow remote attackers to bypass intended access restrictions, a different vulnerability than CVE-2008-1937.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6603 was patched at 2024-05-15

7956. Unknown Vulnerability Type - Perl (CVE-2009-0543) - Low [183]

Description: {'vulners_cve_data_all': 'ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0543 was patched at 2024-05-15

7957. Unknown Vulnerability Type - Perl (CVE-2009-2084) - Low [183]

Description: {'vulners_cve_data_all': 'Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 before 1.3.14 does not properly set supplementary groups before invoking (1) sbcast from the slurmd daemon or (2) strigger from the slurmctld daemon, which might allow local SLURM users to modify files and gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2084 was patched at 2024-05-15

7958. Unknown Vulnerability Type - Perl (CVE-2010-2198) - Low [183]

Description: {'vulners_cve_data_all': 'lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2198 was patched at 2024-05-15

7959. Unknown Vulnerability Type - Perl (CVE-2010-2199) - Low [183]

Description: {'vulners_cve_data_all': 'lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2199 was patched at 2024-05-15

7960. Unknown Vulnerability Type - Perl (CVE-2010-2785) - Low [183]

Description: {'vulners_cve_data_all': 'The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \\ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \\r and \\40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2785 was patched at 2024-05-15

7961. Unknown Vulnerability Type - Perl (CVE-2011-0343) - Low [183]

Description: {'vulners_cve_data_all': 'Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0343 was patched at 2024-05-15

7962. Unknown Vulnerability Type - Perl (CVE-2011-0987) - Low [183]

Description: {'vulners_cve_data_all': 'The PMA_Bookmark_get function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0987 was patched at 2024-05-15

7963. Unknown Vulnerability Type - Perl (CVE-2011-4140) - Low [183]

Description: {'vulners_cve_data_all': 'The CSRF protection mechanism in Django through 1.2.7 and 1.3.x through 1.3.1 does not properly handle web-server configurations supporting arbitrary HTTP Host headers, which allows remote attackers to trigger unauthenticated forged requests via vectors involving a DNS CNAME record and a web page containing JavaScript code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4140 was patched at 2024-05-15

7964. Unknown Vulnerability Type - Perl (CVE-2012-1053) - Low [183]

Description: {'vulners_cve_data_all': 'The change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1053 was patched at 2024-05-15

7965. Unknown Vulnerability Type - Perl (CVE-2012-2242) - Low [183]

Description: {'vulners_cve_data_all': 'scripts/dget.pl in devscripts before 2.10.73 allows remote attackers to execute arbitrary commands via a crafted (1) .dsc or (2) .changes file, related to "arguments to external commands" that are not properly escaped, a different vulnerability than CVE-2012-2240.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2242 was patched at 2024-05-15

7966. Unknown Vulnerability Type - Perl (CVE-2012-2414) - Low [183]

Description: {'vulners_cve_data_all': 'main/manager.c in the Manager Interface in Asterisk Open Source 1.6.2.x before 1.6.2.24, 1.8.x before 1.8.11.1, and 10.x before 10.3.1 and Asterisk Business Edition C.3.x before C.3.7.4 does not properly enforce System class authorization requirements, which allows remote authenticated users to execute arbitrary commands via (1) the originate action in the MixMonitor application, (2) the SHELL and EVAL functions in the GetVar manager action, or (3) the SHELL and EVAL functions in the Status manager action.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2414 was patched at 2024-05-15

7967. Unknown Vulnerability Type - Perl (CVE-2012-6123) - Low [183]

Description: {'vulners_cve_data_all': 'Chicken before 4.8.0 does not properly handle NUL bytes in certain strings, which allows an attacker to conduct "poisoned NUL byte attack."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6123 was patched at 2024-05-15

7968. Unknown Vulnerability Type - Perl (CVE-2013-0233) - Low [183]

Description: {'vulners_cve_data_all': 'Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, and 1.5.x before 1.5.4 for Ruby, when using certain databases, does not properly perform type conversion when performing database queries, which might allow remote attackers to cause incorrect results to be returned and bypass security checks via unknown vectors, as demonstrated by resetting passwords of arbitrary accounts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0233 was patched at 2024-05-15

7969. Unknown Vulnerability Type - Perl (CVE-2013-4222) - Low [183]

Description: {'vulners_cve_data_all': 'OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4222 was patched at 2024-05-15

7970. Unknown Vulnerability Type - Perl (CVE-2013-4291) - Low [183]

Description: {'vulners_cve_data_all': 'The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4291 was patched at 2024-05-15

7971. Unknown Vulnerability Type - Perl (CVE-2013-7135) - Low [183]

Description: {'vulners_cve_data_all': 'The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7135 was patched at 2024-05-15

7972. Unknown Vulnerability Type - Perl (CVE-2014-0204) - Low [183]

Description: {'vulners_cve_data_all': 'OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0204 was patched at 2024-05-15

7973. Unknown Vulnerability Type - Perl (CVE-2014-2528) - Low [183]

Description: {'vulners_cve_data_all': 'kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory name, a different vulnerability than CVE-2014-2527.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2528 was patched at 2024-05-15

7974. Unknown Vulnerability Type - Perl (CVE-2014-2905) - Low [183]

Description: {'vulners_cve_data_all': 'fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2905 was patched at 2024-05-15

7975. Unknown Vulnerability Type - Perl (CVE-2014-2906) - Low [183]

Description: {'vulners_cve_data_all': 'The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2906 was patched at 2024-05-15

7976. Unknown Vulnerability Type - Perl (CVE-2014-3856) - Low [183]

Description: {'vulners_cve_data_all': 'The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3856 was patched at 2024-05-15

7977. Unknown Vulnerability Type - Perl (CVE-2017-0373) - Low [183]

Description: {'vulners_cve_data_all': 'The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous "use lib" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 7.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0373 was patched at 2024-05-15

7978. Unknown Vulnerability Type - Perl (CVE-2019-20016) - Low [183]

Description: {'vulners_cve_data_all': 'libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c. NOTE: a download of v0.9 after 2019-12-06 should fully remediate this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20016 was patched at 2024-05-15

7979. Unknown Vulnerability Type - Perl (CVE-2020-14387) - Low [183]

Description: {'vulners_cve_data_all': 'A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A remote, unauthenticated attacker could exploit the flaw by performing a man-in-the-middle attack using a valid certificate for another hostname which could compromise confidentiality and integrity of data transmitted using rsync-ssl. The highest threat from this vulnerability is to data confidentiality and integrity. This flaw affects rsync versions before 3.2.4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-14387 was patched at 2024-05-15

7980. Unknown Vulnerability Type - Perl (CVE-2020-16155) - Low [183]

Description: {'vulners_cve_data_all': 'The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-16155 was patched at 2024-05-15

7981. Unknown Vulnerability Type - Perl (CVE-2021-38381) - Low [183]

Description: {'vulners_cve_data_all': 'Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38381 was patched at 2024-05-15

7982. Unknown Vulnerability Type - Perl (CVE-2021-38382) - Low [183]

Description: {'vulners_cve_data_all': 'Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38382 was patched at 2024-05-15

7983. Unknown Vulnerability Type - Perl (CVE-2023-44387) - Low [183]

Description: {'vulners_cve_data_all': 'Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-44387 was patched at 2024-05-15

7984. Unknown Vulnerability Type - Python (CVE-2006-0151) - Low [183]

Description: {'vulners_cve_data_all': 'sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0151 was patched at 2024-05-15

7985. Unknown Vulnerability Type - Python (CVE-2009-0668) - Low [183]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0668 was patched at 2024-05-15

7986. Unknown Vulnerability Type - Python (CVE-2012-0955) - Low [183]

Description: {'vulners_cve_data_all': 'software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0955 was patched at 2024-05-15

7987. Unknown Vulnerability Type - Python (CVE-2012-4245) - Low [183]

Description: {'vulners_cve_data_all': 'The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4245 was patched at 2024-05-15

7988. Unknown Vulnerability Type - Python (CVE-2022-31015) - Low [183]

Description: {'vulners_cve_data_all': 'Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-31015 was patched at 2024-05-15

7989. Unknown Vulnerability Type - Python (CVE-2024-23342) - Low [183]

Description: {'vulners_cve_data_all': 'The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23342 was patched at 2024-05-15

7990. Unknown Vulnerability Type - Redis (CVE-2016-10517) - Low [183]

Description: {'vulners_cve_data_all': 'networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10517 was patched at 2024-05-15

7991. Unknown Vulnerability Type - Roundcube (CVE-2009-4076) - Low [183]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4076 was patched at 2024-05-15

7992. Unknown Vulnerability Type - Roundcube (CVE-2009-4077) - Low [183]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4077 was patched at 2024-05-15

7993. Unknown Vulnerability Type - Roundcube (CVE-2019-15237) - Low [183]

Description: {'vulners_cve_data_all': 'Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15237 was patched at 2024-05-15

7994. Arbitrary File Writing - Unknown Product (CVE-2003-0120) - Low [181]

Description: {'vulners_cve_data_all': 'adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0120 was patched at 2024-05-15

7995. Arbitrary File Writing - Unknown Product (CVE-2003-0438) - Low [181]

Description: {'vulners_cve_data_all': 'eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0438 was patched at 2024-05-15

7996. Arbitrary File Writing - Unknown Product (CVE-2004-0404) - Low [181]

Description: {'vulners_cve_data_all': 'logcheck before 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary directory in /var/tmp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0404 was patched at 2024-05-15

7997. Arbitrary File Writing - Unknown Product (CVE-2004-0880) - Low [181]

Description: {'vulners_cve_data_all': 'getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0880 was patched at 2024-05-15

7998. Arbitrary File Writing - Unknown Product (CVE-2005-3342) - Low [181]

Description: {'vulners_cve_data_all': 'noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in (1) lib/toascii.nw and (2) shell/roff.mm.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3342 was patched at 2024-05-15

7999. Arbitrary File Writing - Unknown Product (CVE-2006-0050) - Low [181]

Description: {'vulners_cve_data_all': 'snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0050 was patched at 2024-05-15

8000. Arbitrary File Writing - Unknown Product (CVE-2006-1695) - Low [181]

Description: {'vulners_cve_data_all': 'The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/fbps-[PID].', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1695 was patched at 2024-05-15

8001. Arbitrary File Writing - Unknown Product (CVE-2011-4617) - Low [181]

Description: {'vulners_cve_data_all': 'virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4617 was patched at 2024-05-15

8002. Arbitrary File Writing - Unknown Product (CVE-2012-2103) - Low [181]

Description: {'vulners_cve_data_all': 'The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9515Arbitrary File Writing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2103 was patched at 2024-05-15

8003. Open Redirect - Unknown Product (CVE-2010-2274) - Low [181]

Description: {'vulners_cve_data_all': 'Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.7515Open Redirect
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2274 was patched at 2024-05-15

8004. Open Redirect - Unknown Product (CVE-2012-3542) - Low [181]

Description: {'vulners_cve_data_all': 'OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.7515Open Redirect
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3542 was patched at 2024-05-15

8005. Unknown Vulnerability Type - APT (CVE-2011-1829) - Low [180]

Description: {'vulners_cve_data_all': 'APT before 0.8.15.2 does not properly validate inline GPG signatures, which allows man-in-the-middle attackers to install modified packages via vectors involving lack of an initial clearsigned message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1829 was patched at 2024-05-15

8006. Unknown Vulnerability Type - APT (CVE-2011-3374) - Low [180]

Description: {'vulners_cve_data_all': 'It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3374 was patched at 2024-05-15

8007. Unknown Vulnerability Type - APT (CVE-2012-0214) - Low [180]

Description: {'vulners_cve_data_all': 'The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user from downloading the new InRelease file, which leaves the original InRelease file active and makes it more difficult to detect that the Packages file is modified and unsigned.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0214 was patched at 2024-05-15

8008. Unknown Vulnerability Type - APT (CVE-2013-1051) - Low [180]

Description: {'vulners_cve_data_all': 'apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly related to integrity checking and the use of third-party repositories.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1051 was patched at 2024-05-15

8009. Unknown Vulnerability Type - APT (CVE-2013-7436) - Low [180]

Description: {'vulners_cve_data_all': 'noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7436 was patched at 2024-05-15

8010. Unknown Vulnerability Type - APT (CVE-2014-1875) - Low [180]

Description: {'vulners_cve_data_all': 'The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1875 was patched at 2024-05-15

8011. Unknown Vulnerability Type - FreeIPA (CVE-2019-14826) - Low [180]

Description: {'vulners_cve_data_all': 'A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814FreeIPA is a free and open source identity management system
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14826 was patched at 2024-05-15

8012. Unknown Vulnerability Type - GNOME desktop (CVE-2010-0422) - Low [180]

Description: {'vulners_cve_data_all': 'gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0422 was patched at 2024-05-15

8013. Unknown Vulnerability Type - GNOME desktop (CVE-2012-3466) - Low [180]

Description: {'vulners_cve_data_all': 'GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3466 was patched at 2024-05-15

8014. Unknown Vulnerability Type - Mozilla Firefox (CVE-2006-1741) - Low [180]

Description: {'vulners_cve_data_all': 'Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection".', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1741 was patched at 2024-05-15

8015. Unknown Vulnerability Type - Mozilla Firefox (CVE-2006-4340) - Low [180]

Description: {'vulners_cve_data_all': 'Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4340 was patched at 2024-05-15

8016. Unknown Vulnerability Type - Mozilla Firefox (CVE-2007-0801) - Low [180]

Description: {'vulners_cve_data_all': 'The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0801 was patched at 2024-05-15

8017. Unknown Vulnerability Type - Node.js (CVE-2015-1164) - Low [180]

Description: {'vulners_cve_data_all': 'Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1164 was patched at 2024-05-15

8018. Unknown Vulnerability Type - Node.js (CVE-2024-24758) - Low [180]

Description: {'vulners_cve_data_all': 'Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.410CVSS Base Score is 3.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-24758 was patched at 2024-05-15

8019. Unknown Vulnerability Type - Node.js (CVE-2024-30260) - Low [180]

Description: {'vulners_cve_data_all': 'Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.410CVSS Base Score is 3.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-30260 was patched at 2024-05-15

8020. Unknown Vulnerability Type - OpenSSL (CVE-2005-2995) - Low [180]

Description: {'vulners_cve_data_all': 'bacula 1.36.3 and earlier allows local users to modify or read sensitive files via symlink attacks on (1) the temporary file used by autoconf/randpass when openssl is not available, or (2) the mtx.[PID] temporary file in mtx-changer.in.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2995 was patched at 2024-05-15

8021. Unknown Vulnerability Type - OpenSSL (CVE-2006-4339) - Low [180]

Description: {'vulners_cve_data_all': 'OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4339 was patched at 2024-05-15

8022. Unknown Vulnerability Type - OpenSSL (CVE-2011-5095) - Low [180]

Description: {'vulners_cve_data_all': 'The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when FIPS mode is enabled, does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-1923.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-5095 was patched at 2024-05-15

8023. Unknown Vulnerability Type - OpenSSL (CVE-2013-7295) - Low [180]

Description: {'vulners_cve_data_all': 'Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a certain HardwareAccel setting on Intel Sandy Bridge and Ivy Bridge platforms, does not properly generate random numbers for (1) relay identity keys and (2) hidden-service identity keys, which might make it easier for remote attackers to bypass cryptographic protection mechanisms via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7295 was patched at 2024-05-15

8024. Unknown Vulnerability Type - OpenSSL (CVE-2021-23839) - Low [180]

Description: {'vulners_cve_data_all': 'OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is present, because this indicates that a version rollback has occurred (i.e. both client and server support greater than SSLv2, and yet this is the version that is being requested). The implementation of this padding check inverted the logic so that the connection attempt is accepted if the padding is present, and rejected if it is absent. This means that such as server will accept a connection if a version rollback attack has occurred. Further the server will erroneously reject a connection if a normal SSLv2 connection attempt is made. Only OpenSSL 1.0.2 servers from version 1.0.2s to 1.0.2x are affected by this issue. In order to be vulnerable a 1.0.2 server must: 1) have configured SSLv2 support at compile time (this is off by default), 2) have configured SSLv2 support at runtime (this is off by default), 3) have configured SSLv2 ciphersuites (these are not in the default ciphersuite list) OpenSSL 1.1.1 does not have SSLv2 support and therefore is not vulnerable to this issue. The underlying error is in the implementation of the RSA_padding_check_SSLv23() function. This also affects the RSA_SSLV23_PADDING padding mode used by various other functions. Although 1.1.1 does not support SSLv2 the RSA_padding_check_SSLv23() function still exists, as does the RSA_SSLV23_PADDING padding mode. Applications that directly call that function or use that padding mode will encounter this issue. However since there is no support for the SSLv2 protocol in 1.1.1 this is considered a bug and not a security issue in that version. OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.0.2y (Affected 1.0.2s-1.0.2x).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-23839 was patched at 2024-05-15

8025. Unknown Vulnerability Type - PHP (CVE-2006-6016) - Low [180]

Description: {'vulners_cve_data_all': 'wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6016 was patched at 2024-05-15

8026. Unknown Vulnerability Type - PHP (CVE-2008-6762) - Low [180]

Description: {'vulners_cve_data_all': 'Open redirect vulnerability in wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backto parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6762 was patched at 2024-05-15

8027. Unknown Vulnerability Type - PHP (CVE-2011-0701) - Low [180]

Description: {'vulners_cve_data_all': 'wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0701 was patched at 2024-05-15

8028. Unknown Vulnerability Type - PHP (CVE-2011-1941) - Low [180]

Description: {'vulners_cve_data_all': 'Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1941 was patched at 2024-05-15

8029. Unknown Vulnerability Type - PHP (CVE-2011-5270) - Low [180]

Description: {'vulners_cve_data_all': 'wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-5270 was patched at 2024-05-15

8030. Unknown Vulnerability Type - PHP (CVE-2012-4421) - Low [180]

Description: {'vulners_cve_data_all': 'The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4421 was patched at 2024-05-15

8031. Unknown Vulnerability Type - PHP (CVE-2013-5029) - Low [180]

Description: {'vulners_cve_data_all': 'phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-5029 was patched at 2024-05-15

8032. Unknown Vulnerability Type - PHP (CVE-2014-4987) - Low [180]

Description: {'vulners_cve_data_all': 'server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4987 was patched at 2024-05-15

8033. Unknown Vulnerability Type - PHP (CVE-2014-9253) - Low [180]

Description: {'vulners_cve_data_all': 'The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9253 was patched at 2024-05-15

8034. Unknown Vulnerability Type - PHP (CVE-2016-5702) - Low [180]

Description: {'vulners_cve_data_all': 'phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5702 was patched at 2024-05-15

8035. Unknown Vulnerability Type - PHP (CVE-2016-6610) - Low [180]

Description: {'vulners_cve_data_all': 'A full path disclosure vulnerability was discovered in phpMyAdmin where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6610 was patched at 2024-05-15

8036. Unknown Vulnerability Type - PHP (CVE-2016-6625) - Low [180]

Description: {'vulners_cve_data_all': 'An issue was discovered in phpMyAdmin. An attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6625 was patched at 2024-05-15

8037. Unknown Vulnerability Type - PHP (CVE-2022-23807) - Low [180]

Description: {'vulners_cve_data_all': 'An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-23807 was patched at 2024-05-15

8038. Unknown Vulnerability Type - Samba (CVE-2013-0454) - Low [180]

Description: {'vulners_cve_data_all': 'The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0454 was patched at 2024-05-15

8039. Unknown Vulnerability Type - Samba (CVE-2018-14628) - Low [180]

Description: {'vulners_cve_data_all': 'An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14628 was patched at 2024-05-15

8040. Unknown Vulnerability Type - Samba (CVE-2023-0225) - Low [180]

Description: {'vulners_cve_data_all': 'A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0225 was patched at 2024-05-15

8041. Unknown Vulnerability Type - Visual Basic for Applications (CVE-2012-1457) - Low [180]

Description: {'vulners_cve_data_all': 'The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Visual Basic for Applications is a computer programming language developed and owned by Microsoft
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1457 was patched at 2024-05-15

8042. Unknown Vulnerability Type - Visual Basic for Applications (CVE-2012-1459) - Low [180]

Description: {'vulners_cve_data_all': 'The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Visual Basic for Applications is a computer programming language developed and owned by Microsoft
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1459 was patched at 2024-05-15

8043. Cross Site Scripting - Unknown Product (CVE-2006-0733) - Low [178]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0733 was patched at 2024-05-15

8044. Cross Site Scripting - Unknown Product (CVE-2006-1064) - Low [178]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1064 was patched at 2024-05-15

8045. Cross Site Scripting - Unknown Product (CVE-2006-1712) - Low [178]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1712 was patched at 2024-05-15

8046. Cross Site Scripting - Unknown Product (CVE-2006-1945) - Low [178]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1945 was patched at 2024-05-15

8047. Cross Site Scripting - Unknown Product (CVE-2006-3681) - Low [178]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3681 was patched at 2024-05-15

8048. Cross Site Scripting - Unknown Product (CVE-2006-3848) - Low [178]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calculator (IPCalc) 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI environment variable), which is used in the actionurl variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3848 was patched at 2024-05-15

8049. Cross Site Scripting - Unknown Product (CVE-2009-3300) - Low [178]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3300 was patched at 2024-05-15

8050. Cross Site Scripting - Unknown Product (CVE-2010-0132) - Low [178]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0132 was patched at 2024-05-15

8051. Cross Site Scripting - Unknown Product (CVE-2010-0828) - Low [178]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0828 was patched at 2024-05-15

8052. Cross Site Scripting - Unknown Product (CVE-2010-2080) - Low [178]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2080 was patched at 2024-05-15

8053. Cross Site Scripting - Unknown Product (CVE-2010-4762) - Low [178]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or HTML by using the "source code" feature in the customer interface.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4762 was patched at 2024-05-15

8054. Cross Site Scripting - Unknown Product (CVE-2011-0700) - Low [178]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0700 was patched at 2024-05-15

8055. Cross Site Scripting - Unknown Product (CVE-2011-2477) - Low [178]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in Icinga before 1.4.1, when escape_html_tags is disabled, allow remote attackers to inject arbitrary web script or HTML via a JavaScript expression, as demonstrated by the onload attribute of a BODY element located after a check-host-alive! sequence, a different vulnerability than CVE-2011-2179.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2477 was patched at 2024-05-15

8056. Cross Site Scripting - Unknown Product (CVE-2014-8578) - Low [178]

Description: {'vulners_cve_data_all': 'Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8578 was patched at 2024-05-15

8057. Cross Site Scripting - Unknown Product (CVE-2015-3988) - Low [178]

Description: {'vulners_cve_data_all': 'Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-3988 was patched at 2024-05-15

8058. Cross Site Scripting - Unknown Product (CVE-2020-5283) - Low [178]

Description: {'vulners_cve_data_all': 'ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the `show_subdir_lastmod` feature enabled. The attack vector involves files with unsafe names (names that, when embedded into an HTML stream, would cause the browser to run unwanted code), which themselves can be challenging to create. This vulnerability is patched in versions 1.2.1 and 1.1.28.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5283 was patched at 2024-05-15

8059. Remote Code Execution - Unknown Product (CVE-2023-46047) - Low [178]

Description: {'vulners_cve_data_all': 'An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46047 was patched at 2024-05-15

8060. Remote Code Execution - Unknown Product (CVE-2023-49501) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the config_eq_output function in the libavfilter/asrc_afirsrc.c:495:30 component.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49501 was patched at 2024-05-15

ubuntu: CVE-2023-49501 was patched at 2024-05-30

8061. Remote Code Execution - Unknown Product (CVE-2023-49502) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_bwdif_filter_intra_c function in the libavfilter/bwdifdsp.c:125:5 component.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49502 was patched at 2024-05-15

ubuntu: CVE-2023-49502 was patched at 2024-05-30

8062. Remote Code Execution - Unknown Product (CVE-2023-50007) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via theav_samples_set_silence function in thelibavutil/samplefmt.c:260:9 component.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50007 was patched at 2024-05-15

ubuntu: CVE-2023-50007 was patched at 2024-05-30

8063. Remote Code Execution - Unknown Product (CVE-2023-50008) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the av_malloc function in libavutil/mem.c:105:9 component.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50008 was patched at 2024-05-15

ubuntu: CVE-2023-50008 was patched at 2024-05-30

8064. Remote Code Execution - Unknown Product (CVE-2023-50009) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker to execute arbitrary code via the ff_gaussian_blur_8 function in libavfilter/edge_template.c:116:5 component.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50009 was patched at 2024-05-15

ubuntu: CVE-2023-50009 was patched at 2024-05-30

8065. Remote Code Execution - Unknown Product (CVE-2023-51791) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxl_parser.c in gen_alias_map.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51791 was patched at 2024-05-15

8066. Remote Code Execution - Unknown Product (CVE-2023-51793) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51793 was patched at 2024-05-15

ubuntu: CVE-2023-51793 was patched at 2024-05-30

8067. Remote Code Execution - Unknown Product (CVE-2023-51794) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51794 was patched at 2024-05-15

ubuntu: CVE-2023-51794 was patched at 2024-05-30

8068. Remote Code Execution - Unknown Product (CVE-2023-51795) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showspectrum.c:1789:52 component in showspectrumpic_request_frame', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51795 was patched at 2024-05-15

ubuntu: CVE-2023-51795 was patched at 2024-05-30

8069. Remote Code Execution - Unknown Product (CVE-2023-51796) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/f_reverse.c:269:26 in areverse_request_frame.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51796 was patched at 2024-05-15

ubuntu: CVE-2023-51796 was patched at 2024-05-30

8070. Remote Code Execution - Unknown Product (CVE-2023-51797) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/avf_showwaves.c:722:24 in showwaves_filter_frame', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51797 was patched at 2024-05-15

8071. Remote Code Execution - Unknown Product (CVE-2023-51798) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c:1078:60 in interpolate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51798 was patched at 2024-05-15

ubuntu: CVE-2023-51798 was patched at 2024-05-30

8072. Remote Code Execution - Unknown Product (CVE-2023-52159) - Low [178]

Description: {'vulners_cve_data_all': 'A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52159 was patched at 2024-05-15

8073. Remote Code Execution - Unknown Product (CVE-2024-27281) - Low [178]

Description: {'vulners_cve_data_all': 'An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdoc_options (used for configuration in RDoc) as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be restored. (When loading the documentation cache, object injection and resultant remote code execution are also possible if there were a crafted cache.) The main fixed version is 6.6.3.1. For Ruby 3.0 users, a fixed version is rdoc 6.3.4.1. For Ruby 3.1 users, a fixed version is rdoc 6.4.1.1. For Ruby 3.2 users, a fixed version is rdoc 6.5.1.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-27281 was patched at 2024-05-30, 2024-06-03, 2024-06-06, 2024-06-11

debian: CVE-2024-27281 was patched at 2024-05-03, 2024-05-15

oraclelinux: CVE-2024-27281 was patched at 2024-05-31, 2024-06-03, 2024-06-06, 2024-06-07, 2024-06-13

redhat: CVE-2024-27281 was patched at 2024-05-30, 2024-06-03, 2024-06-06, 2024-06-11

8074. Remote Code Execution - Unknown Product (CVE-2024-27758) - Low [178]

Description: {'vulners_cve_data_all': 'In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27758 was patched at 2024-05-15

8075. Remote Code Execution - Unknown Product (CVE-2024-28562) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28562 was patched at 2024-05-15

8076. Remote Code Execution - Unknown Product (CVE-2024-28566) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the AssignPixel() function when reading images in TIFF format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28566 was patched at 2024-05-15

8077. Remote Code Execution - Unknown Product (CVE-2024-28569) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::Xdr::read() function when reading images in EXR format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28569 was patched at 2024-05-15

8078. Remote Code Execution - Unknown Product (CVE-2024-28578) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Load() function when reading images in RAS format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28578 was patched at 2024-05-15

8079. Remote Code Execution - Unknown Product (CVE-2024-28580) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28580 was patched at 2024-05-15

8080. Remote Code Execution - Unknown Product (CVE-2024-28581) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28581 was patched at 2024-05-15

8081. Remote Code Execution - Unknown Product (CVE-2024-28582) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28582 was patched at 2024-05-15

8082. Remote Code Execution - Unknown Product (CVE-2024-28583) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28583 was patched at 2024-05-15

8083. Remote Code Execution - Unknown Product (CVE-2024-29157) - Low [178]

Description: {'vulners_cve_data_all': 'HDF5 through 1.14.3 contains a heap buffer overflow in H5HG_read, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29157 was patched at 2024-05-15

8084. Remote Code Execution - Unknown Product (CVE-2024-29158) - Low [178]

Description: {'vulners_cve_data_all': 'HDF5 through 1.14.3 contains a stack buffer overflow in H5FL_arr_malloc, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29158 was patched at 2024-05-15

8085. Remote Code Execution - Unknown Product (CVE-2024-29159) - Low [178]

Description: {'vulners_cve_data_all': 'HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_scaleoffset, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29159 was patched at 2024-05-15

8086. Remote Code Execution - Unknown Product (CVE-2024-29160) - Low [178]

Description: {'vulners_cve_data_all': 'HDF5 through 1.14.3 contains a heap buffer overflow in H5HG__cache_heap_deserialize, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29160 was patched at 2024-05-15

8087. Remote Code Execution - Unknown Product (CVE-2024-29161) - Low [178]

Description: {'vulners_cve_data_all': 'HDF5 through 1.14.3 contains a heap buffer overflow in H5A__attr_release_table, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29161 was patched at 2024-05-15

8088. Remote Code Execution - Unknown Product (CVE-2024-29162) - Low [178]

Description: {'vulners_cve_data_all': 'HDF5 through 1.13.3 and/or 1.14.2 contains a stack buffer overflow in H5HG_read, resulting in denial of service or potential code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29162 was patched at 2024-05-15

8089. Remote Code Execution - Unknown Product (CVE-2024-29163) - Low [178]

Description: {'vulners_cve_data_all': 'HDF5 through 1.14.3 contains a heap buffer overflow in H5T__bit_find, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29163 was patched at 2024-05-15

8090. Remote Code Execution - Unknown Product (CVE-2024-29164) - Low [178]

Description: {'vulners_cve_data_all': 'HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29164 was patched at 2024-05-15

8091. Remote Code Execution - Unknown Product (CVE-2024-29165) - Low [178]

Description: {'vulners_cve_data_all': 'HDF5 through 1.14.3 contains a buffer overflow in H5Z__filter_fletcher32, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29165 was patched at 2024-05-15

8092. Remote Code Execution - Unknown Product (CVE-2024-29166) - Low [178]

Description: {'vulners_cve_data_all': 'HDF5 through 1.14.3 contains a buffer overflow in H5O__linfo_decode, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29166 was patched at 2024-05-15

8093. Remote Code Execution - Unknown Product (CVE-2024-29864) - Low [178]

Description: {'vulners_cve_data_all': 'Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29864 was patched at 2024-05-15

8094. Remote Code Execution - Unknown Product (CVE-2024-33103) - Low [178]

Description: {'vulners_cve_data_all': 'An arbitrary file upload vulnerability in the Media Manager component of DokuWiki 2024-02-06a allows attackers to execute arbitrary code by uploading a crafted SVG file. NOTE: as noted in the 4267 issue reference, there is a position that exploitability can only occur with a misconfiguration of the product.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type1.015Remote Code Execution
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-33103 was patched at 2024-05-15

8095. Unknown Vulnerability Type - Cacti (CVE-2002-1477) - Low [178]

Description: {'vulners_cve_data_all': 'graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1477 was patched at 2024-05-15

8096. Unknown Vulnerability Type - Cacti (CVE-2005-1525) - Low [178]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1525 was patched at 2024-05-15

8097. Unknown Vulnerability Type - Cacti (CVE-2005-1526) - Low [178]

Description: {'vulners_cve_data_all': 'PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the config[include_path] parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1526 was patched at 2024-05-15

8098. Unknown Vulnerability Type - Cacti (CVE-2005-2148) - Low [178]

Description: {'vulners_cve_data_all': 'Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the get_request_var function to return the wrong value in the $_REQUEST variable, which is cleansed while the original malicious $_GET value remains unmodified, as demonstrated in (1) graph_image.php and (2) graph.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2148 was patched at 2024-05-15

8099. Unknown Vulnerability Type - Cacti (CVE-2006-0146) - Low [178]

Description: {'vulners_cve_data_all': 'The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0146 was patched at 2024-05-15

8100. Unknown Vulnerability Type - Cacti (CVE-2006-0147) - Low [178]

Description: {'vulners_cve_data_all': 'Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0147 was patched at 2024-05-15

8101. Unknown Vulnerability Type - Cacti (CVE-2006-6799) - Low [178]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6799 was patched at 2024-05-15

8102. Unknown Vulnerability Type - Cacti (CVE-2007-6035) - Low [178]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6035 was patched at 2024-05-15

8103. Unknown Vulnerability Type - Cacti (CVE-2008-0785) - Low [178]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0785 was patched at 2024-05-15

8104. Unknown Vulnerability Type - Cacti (CVE-2010-1431) - Low [178]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1431 was patched at 2024-05-15

8105. Unknown Vulnerability Type - Cacti (CVE-2010-2092) - Low [178]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2092 was patched at 2024-05-15

8106. Unknown Vulnerability Type - Cacti (CVE-2011-4824) - Low [178]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4824 was patched at 2024-05-15

8107. Unknown Vulnerability Type - Cacti (CVE-2024-27082) - Low [178]

Description: {'vulners_cve_data_all': 'Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27082 was patched at 2024-05-15

8108. Unknown Vulnerability Type - DNSSEC (CVE-2019-10190) - Low [178]

Description: {'vulners_cve_data_all': 'A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation failed, instead of sending a SERVFAIL packet. Caching is not affected by this particular bug but see CVE-2019-10191.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10190 was patched at 2024-05-15

8109. Unknown Vulnerability Type - Docker (CVE-2014-0047) - Low [178]

Description: {'vulners_cve_data_all': 'Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Docker
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0047 was patched at 2024-05-15

8110. Unknown Vulnerability Type - Docker (CVE-2014-5282) - Low [178]

Description: {'vulners_cve_data_all': 'Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Docker
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5282 was patched at 2024-05-15

8111. Unknown Vulnerability Type - Docker (CVE-2015-9258) - Low [178]

Description: {'vulners_cve_data_all': 'In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Docker
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-9258 was patched at 2024-05-15

8112. Unknown Vulnerability Type - Docker (CVE-2018-12608) - Low [178]

Description: {'vulners_cve_data_all': 'An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Docker
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12608 was patched at 2024-05-15

8113. Unknown Vulnerability Type - FRRouting (CVE-2022-26126) - Low [178]

Description: {'vulners_cve_data_all': 'Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Free Range Routing or FRRouting or FRR is a network routing software suite running on Unix-like platforms, particularly Linux, Solaris, OpenBSD, FreeBSD and NetBSD
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-26126 was patched at 2024-05-15

ubuntu: CVE-2022-26126 was patched at 2024-06-05

8114. Unknown Vulnerability Type - GDI (CVE-2010-4367) - Low [178]

Description: {'vulners_cve_data_all': 'awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514GDI
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4367 was patched at 2024-05-15

8115. Unknown Vulnerability Type - HID (CVE-2009-3287) - Low [178]

Description: {'vulners_cve_data_all': 'lib/thin/connection.rb in Thin web server before 1.2.4 relies on the X-Forwarded-For header to determine the IP address of the client, which allows remote attackers to spoof the IP address and hide activities via a modified X-Forwarded-For header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514HID
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3287 was patched at 2024-05-15

8116. Unknown Vulnerability Type - HID (CVE-2018-12088) - Low [178]

Description: {'vulners_cve_data_all': 'S3QL before 2.27 mishandles checksumming, and consequently allows replay attacks in which an attacker who controls the backend can present old versions of the filesystem metadata database as up-to-date, temporarily inject zero-valued bytes into files, or temporarily hide parts of files. This is related to the checksum_basic_mapping function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514HID
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12088 was patched at 2024-05-15

8117. Unknown Vulnerability Type - KeePass (CVE-2019-20184) - Low [178]

Description: {'vulners_cve_data_all': 'KeePass 2.4.1 allows CSV injection in the title field of a CSV export.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.5147-Zip is a file archiver with a high compression ratio
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20184 was patched at 2024-05-15

8118. Unknown Vulnerability Type - TLS (CVE-2009-5144) - Low [178]

Description: {'vulners_cve_data_all': 'mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5144 was patched at 2024-05-15

8119. Unknown Vulnerability Type - TLS (CVE-2014-10375) - Low [178]

Description: {'vulners_cve_data_all': 'handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-10375 was patched at 2024-05-15

8120. Unknown Vulnerability Type - TLS (CVE-2016-4456) - Low [178]

Description: {'vulners_cve_data_all': 'The "GNUTLS_KEYLOGFILE" environment variable in gnutls 3.4.12 allows remote attackers to overwrite and corrupt arbitrary files in the filesystem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4456 was patched at 2024-05-15

8121. Unknown Vulnerability Type - TLS (CVE-2017-13099) - Low [178]

Description: {'vulners_cve_data_all': 'wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-13099 was patched at 2024-05-15

8122. Unknown Vulnerability Type - TLS (CVE-2017-2299) - Low [178]

Description: {'vulners_cve_data_all': 'Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2299 was patched at 2024-05-15

8123. Unknown Vulnerability Type - TLS (CVE-2018-1000520) - Low [178]

Description: {'vulners_cve_data_all': 'ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted..', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000520 was patched at 2024-05-15

8124. Unknown Vulnerability Type - TLS (CVE-2019-19270) - Low [178]

Description: {'vulners_cve_data_all': 'An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19270 was patched at 2024-05-15

8125. Unknown Vulnerability Type - TLS (CVE-2019-19271) - Low [178]

Description: {'vulners_cve_data_all': 'An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to proceed with a connection to the server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19271 was patched at 2024-05-15

8126. Unknown Vulnerability Type - TLS (CVE-2019-19272) - Low [178]

Description: {'vulners_cve_data_all': 'An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Direct dereference of a NULL pointer (a variable initialized to NULL) leads to a crash when validating the certificate of a client connecting to the server in a TLS client/server mutual-authentication setup.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19272 was patched at 2024-05-15

8127. Unknown Vulnerability Type - TLS (CVE-2021-3336) - Low [178]

Description: {'vulners_cve_data_all': 'DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3336 was patched at 2024-05-15

debian: CVE-2021-33362 was patched at 2024-05-15

8128. Unknown Vulnerability Type - TLS (CVE-2021-36377) - Low [178]

Description: {'vulners_cve_data_all': 'Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-36377 was patched at 2024-05-15

8129. Unknown Vulnerability Type - TLS (CVE-2021-38084) - Low [178]

Description: {'vulners_cve_data_all': 'An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38084 was patched at 2024-05-15

8130. Unknown Vulnerability Type - TLS (CVE-2022-29190) - Low [178]

Description: {'vulners_cve_data_all': 'Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29190 was patched at 2024-05-15

8131. Unknown Vulnerability Type - TLS (CVE-2022-29222) - Low [178]

Description: {'vulners_cve_data_all': 'Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can't be trusted when using a Pion DTLS server prior to version 2.1.5. Users should upgrade to version 2.1.5 to receive a patch. There are currently no known workarounds.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29222 was patched at 2024-05-15

8132. Unknown Vulnerability Type - TLS (CVE-2024-32650) - Low [178]

Description: {'vulners_cve_data_all': 'Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's `complete_io` will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32650 was patched at 2024-05-15

8133. Unknown Vulnerability Type - TRIE (CVE-2005-1454) - Low [178]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1454 was patched at 2024-05-15

8134. Unknown Vulnerability Type - TRIE (CVE-2017-7436) - Low [178]

Description: {'vulners_cve_data_all': 'In libzypp before 20170803 it was possible to retrieve unsigned packages without a warning to the user which could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7436 was patched at 2024-05-15

8135. Unknown Vulnerability Type - TRIE (CVE-2019-10052) - Low [178]

Description: {'vulners_cve_data_all': 'An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to access a part of a DHCP packet. At this point, the Rust environment runs into a panic in parse_clientid_option in the dhcp/parser.rs file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10052 was patched at 2024-05-15

8136. Unknown Vulnerability Type - TRIE (CVE-2020-28924) - Low [178]

Description: {'vulners_cve_data_all': 'An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28924 was patched at 2024-05-15

8137. Unknown Vulnerability Type - TRIE (CVE-2023-22617) - Low [178]

Description: {'vulners_cve_data_all': 'A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22617 was patched at 2024-05-15

8138. Unknown Vulnerability Type - libjpeg (CVE-2022-37768) - Low [178]

Description: {'vulners_cve_data_all': 'libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-37768 was patched at 2024-05-15

8139. Unknown Vulnerability Type - nginx (CVE-2016-10345) - Low [178]

Description: {'vulners_cve_data_all': 'In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Nginx is an open-source web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10345 was patched at 2024-05-15

8140. Unknown Vulnerability Type - ntopng (CVE-2017-7459) - Low [178]

Description: {'vulners_cve_data_all': 'ntopng before 3.0 allows HTTP Response Splitting.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514ntopng is an open-source computer software for monitoring traffic on a computer network
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7459 was patched at 2024-05-15

8141. Unknown Vulnerability Type - spip (CVE-2006-0626) - Low [178]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514SPIP is an open-source software content management system designed for web site publishing, oriented towards online collaborative editing
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0626 was patched at 2024-05-15

8142. Unknown Vulnerability Type - spip (CVE-2006-1702) - Low [178]

Description: {'vulners_cve_data_all': 'PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514SPIP is an open-source software content management system designed for web site publishing, oriented towards online collaborative editing
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1702 was patched at 2024-05-15

8143. Unknown Vulnerability Type - Apache Tomcat (CVE-2011-2729) - Low [176]

Description: {'vulners_cve_data_all': 'native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Apache Tomcat is a free and open-source implementation of the Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2729 was patched at 2024-05-15

8144. Unknown Vulnerability Type - BIND (CVE-2004-1224) - Low [176]

Description: {'vulners_cve_data_all': 'Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1224 was patched at 2024-05-15

8145. Unknown Vulnerability Type - BIND (CVE-2010-2940) - Low [176]

Description: {'vulners_cve_data_all': 'The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote attackers to bypass the authentication requirements of pam_authenticate via an empty password.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2940 was patched at 2024-05-15

8146. Unknown Vulnerability Type - BIND (CVE-2010-3615) - Low [176]

Description: {'vulners_cve_data_all': 'named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714BIND is a suite of software for interacting with the Domain Name System
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3615 was patched at 2024-05-15

8147. Unknown Vulnerability Type - Curl (CVE-2016-3739) - Low [176]

Description: {'vulners_cve_data_all': 'The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow remote attackers to spoof servers via an arbitrary valid certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3739 was patched at 2024-05-15

8148. Unknown Vulnerability Type - Curl (CVE-2016-9852) - Low [176]

Description: {'vulners_cve_data_all': 'An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the export functionality, the errors containing the full path of the directory of phpMyAdmin are written to the export file. All 4.6.x versions (prior to 4.6.5), and 4.4.x versions (prior to 4.4.15.9) are affected. This CVE is for the curl wrapper issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9852 was patched at 2024-05-15

8149. Unknown Vulnerability Type - MariaDB (CVE-2024-32879) - Low [176]

Description: {'vulners_cve_data_all': 'Python Social Auth is a social authentication/registration mechanism. Prior to version 5.4.1, due to default case-insensitive collation in MySQL or MariaDB databases, third-party authentication user IDs are not case-sensitive and could cause different IDs to match. This issue has been addressed by a fix released in version 5.4.1. An immediate workaround would be to change collation of the affected field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MariaDB is a community-developed, commercially supported fork of the MySQL relational database management system, intended to remain free and open-source software under the GNU General Public License
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32879 was patched at 2024-05-15

8150. Unknown Vulnerability Type - MediaWiki (CVE-2004-2187) - Low [176]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2187 was patched at 2024-05-15

8151. Unknown Vulnerability Type - MediaWiki (CVE-2008-1318) - Low [176]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation (JSON) formatted results.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1318 was patched at 2024-05-15

8152. Unknown Vulnerability Type - MediaWiki (CVE-2011-4360) - Low [176]

Description: {'vulners_cve_data_all': 'MediaWiki before 1.17.1 allows remote attackers to obtain the page titles of all restricted pages via a series of requests involving the (1) curid or (2) oldid parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4360 was patched at 2024-05-15

8153. Unknown Vulnerability Type - MediaWiki (CVE-2012-1581) - Low [176]

Description: {'vulners_cve_data_all': 'MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1581 was patched at 2024-05-15

8154. Unknown Vulnerability Type - MediaWiki (CVE-2012-4382) - Low [176]

Description: {'vulners_cve_data_all': 'MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4382 was patched at 2024-05-15

8155. Unknown Vulnerability Type - MediaWiki (CVE-2013-7444) - Low [176]

Description: {'vulners_cve_data_all': 'The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7444 was patched at 2024-05-15

8156. Unknown Vulnerability Type - MediaWiki (CVE-2015-2935) - Low [176]

Description: {'vulners_cve_data_all': 'MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2935 was patched at 2024-05-15

8157. Unknown Vulnerability Type - MediaWiki (CVE-2015-6727) - Low [176]

Description: {'vulners_cve_data_all': 'The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-6727 was patched at 2024-05-15

8158. Unknown Vulnerability Type - MediaWiki (CVE-2015-8005) - Low [176]

Description: {'vulners_cve_data_all': 'MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8005 was patched at 2024-05-15

8159. Unknown Vulnerability Type - MediaWiki (CVE-2015-8627) - Low [176]

Description: {'vulners_cve_data_all': 'MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8627 was patched at 2024-05-15

8160. Unknown Vulnerability Type - MediaWiki (CVE-2015-8628) - Low [176]

Description: {'vulners_cve_data_all': 'The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8628 was patched at 2024-05-15

8161. Unknown Vulnerability Type - MediaWiki (CVE-2017-0366) - Low [176]

Description: {'vulners_cve_data_all': 'Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0366 was patched at 2024-05-15

8162. Unknown Vulnerability Type - MediaWiki (CVE-2017-0368) - Low [176]

Description: {'vulners_cve_data_all': 'Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0368 was patched at 2024-05-15

8163. Unknown Vulnerability Type - MediaWiki (CVE-2017-0370) - Low [176]

Description: {'vulners_cve_data_all': 'Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-0370 was patched at 2024-05-15

8164. Unknown Vulnerability Type - QEMU (CVE-2012-4411) - Low [176]

Description: {'vulners_cve_data_all': 'The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4411 was patched at 2024-05-15

8165. Unknown Vulnerability Type - iOS (CVE-2020-13977) - Low [176]

Description: {'vulners_cve_data_all': 'Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of the archivejson.cgi, objectjson.cgi, and statusjson.cgi files. NOTE: this vulnerability has been mistakenly associated with CVE-2020-1408.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13977 was patched at 2024-05-15

8166. Unknown Vulnerability Type - iOS (CVE-2021-36769) - Low [176]

Description: {'vulners_cve_data_all': 'A reordering issue exists in Telegram before 7.8.1 for Android, Telegram before 7.8.3 for iOS, and Telegram Desktop before 2.8.8. An attacker can cause the server to receive messages in a different order than they were sent a client.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714iOS is an operating system developed and marketed by Apple Inc
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-36769 was patched at 2024-05-15

8167. Unknown Vulnerability Type - vim (CVE-2005-0069) - Low [176]

Description: {'vulners_cve_data_all': 'The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Vim is a free and open-source, screen-based text editor program
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0069 was patched at 2024-05-15

8168. Authentication Bypass - Unknown Product (CVE-2024-29156) - Low [175]

Description: {'vulners_cve_data_all': 'In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.9815Authentication Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29156 was patched at 2024-05-15

redhat: CVE-2024-29156 was patched at 2024-04-22

8169. Elevation of Privilege - Unknown Product (CVE-2020-8991) - Low [175]

Description: {'vulners_cve_data_all': 'vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s no apparent route to either privilege escalation or to denial of service through the bug', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-8991 was patched at 2024-05-15

8170. Unknown Vulnerability Type - Git (CVE-2020-15167) - Low [173]

Description: {'vulners_cve_data_all': 'In Miller (command line utility) using the configuration file support introduced in version 5.9.0, it is possible for an attacker to cause Miller to run arbitrary code by placing a malicious `.mlrrc` file in the working directory. See linked GitHub Security Advisory for complete details. A fix is ready and will be released as Miller 5.9.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.910CVSS Base Score is 8.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15167 was patched at 2024-05-15

8171. Unknown Vulnerability Type - Git (CVE-2021-4070) - Low [173]

Description: {'vulners_cve_data_all': 'Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4.44.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4070 was patched at 2024-05-15

8172. Unknown Vulnerability Type - Linux Kernel (CVE-2002-1976) - Low [173]

Description: {'vulners_cve_data_all': 'ifconfig, when used on the Linux kernel 2.2 and later, does not report when the network interface is in promiscuous mode if it was put in promiscuous mode using PACKET_MR_PROMISC, which could allow attackers to sniff the network without detection, as demonstrated using libpcap.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1976 was patched at 2024-05-15

8173. Unknown Vulnerability Type - Linux Kernel (CVE-2012-2669) - Low [173]

Description: {'vulners_cve_data_all': 'The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.4.5, does not validate the origin of Netlink messages, which allows local users to spoof Netlink communication via a crafted connector message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2669 was patched at 2024-05-15

8174. Unknown Vulnerability Type - Linux Kernel (CVE-2013-1956) - Low [173]

Description: {'vulners_cve_data_all': 'The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1956 was patched at 2024-05-15

8175. Unknown Vulnerability Type - Sudo (CVE-2005-1119) - Low [173]

Description: {'vulners_cve_data_all': 'Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1119 was patched at 2024-05-15

8176. Unknown Vulnerability Type - Sudo (CVE-2005-2851) - Low [173]

Description: {'vulners_cve_data_all': 'smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink attack on the (1) smb4k.tmp or (2) sudoers temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2851 was patched at 2024-05-15

8177. Unknown Vulnerability Type - Sudo (CVE-2008-3067) - Low [173]

Description: {'vulners_cve_data_all': 'sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Sudo is a program for Unix-like computer operating systems that allows users to run programs with the security privileges of another user
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3067 was patched at 2024-05-15

8178. Unknown Vulnerability Type - Windows Kernel (CVE-2014-6540) - Low [173]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, before 4.2.26, and before 4.3.14 allows local users to affect availability via vectors related to Graphics driver (WDDM) for Windows guests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-6540 was patched at 2024-05-15

8179. Unknown Vulnerability Type - Windows Kernel (CVE-2023-0195) - Low [173]

Description: {'vulners_cve_data_all': 'NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284,\nwhich may lead to hypothetical Information leak of unimportant data such as local variable data of the driver', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows Kernel
CVSS Base Score0.210CVSS Base Score is 2.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0195 was patched at 2024-05-15

8180. Unknown Vulnerability Type - Windows LDAP (CVE-2007-5373) - Low [173]

Description: {'vulners_cve_data_all': 'ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the _changepassword function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5373 was patched at 2024-05-15

8181. Unknown Vulnerability Type - Windows LDAP (CVE-2013-2006) - Low [173]

Description: {'vulners_cve_data_all': 'OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Windows LDAP (Lightweight Directory Access Protocol) is an open and cross platform protocol used for directory services authentication
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2006 was patched at 2024-05-15

8182. Arbitrary File Reading - Unknown Product (CVE-2002-1782) - Low [172]

Description: {'vulners_cve_data_all': 'The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1782 was patched at 2024-05-15

8183. Arbitrary File Reading - Unknown Product (CVE-2005-0017) - Low [172]

Description: {'vulners_cve_data_all': 'The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0017 was patched at 2024-05-15

8184. Arbitrary File Reading - Unknown Product (CVE-2005-0018) - Low [172]

Description: {'vulners_cve_data_all': 'The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0018 was patched at 2024-05-15

8185. Arbitrary File Reading - Unknown Product (CVE-2005-0072) - Low [172]

Description: {'vulners_cve_data_all': 'zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0072 was patched at 2024-05-15

8186. Arbitrary File Reading - Unknown Product (CVE-2011-3153) - Low [172]

Description: {'vulners_cve_data_all': 'dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3153 was patched at 2024-05-15

8187. Arbitrary File Reading - Unknown Product (CVE-2012-1986) - Low [172]

Description: {'vulners_cve_data_all': 'Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1986 was patched at 2024-05-15

8188. Arbitrary File Reading - Unknown Product (CVE-2012-3380) - Low [172]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Arbitrary File Reading
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3380 was patched at 2024-05-15

8189. Denial of Service - Unknown Product (CVE-2004-0804) - Low [172]

Description: {'vulners_cve_data_all': 'Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0804 was patched at 2024-05-15

8190. Denial of Service - Unknown Product (CVE-2005-3070) - Low [172]

Description: {'vulners_cve_data_all': 'HylaFax 4.2.1 and earlier does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3070 was patched at 2024-05-15

8191. Denial of Service - Unknown Product (CVE-2005-3501) - Low [172]

Description: {'vulners_cve_data_all': 'The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3501 was patched at 2024-05-15

8192. Denial of Service - Unknown Product (CVE-2006-0353) - Low [172]

Description: {'vulners_cve_data_all': 'unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0353 was patched at 2024-05-15

8193. Denial of Service - Unknown Product (CVE-2006-2024) - Low [172]

Description: {'vulners_cve_data_all': 'Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2024 was patched at 2024-05-15

8194. Denial of Service - Unknown Product (CVE-2006-2229) - Low [172]

Description: {'vulners_cve_data_all': 'OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2229 was patched at 2024-05-15

8195. Denial of Service - Unknown Product (CVE-2006-2288) - Low [172]

Description: {'vulners_cve_data_all': 'Avahi before 0.6.10 allows local users to cause a denial of service (mDNS/DNS-SD service disconnect) via unspecified mDNS name conflicts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2288 was patched at 2024-05-15

8196. Denial of Service - Unknown Product (CVE-2006-4508) - Low [172]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and 0.1.1.x before 0.1.1.23, and (2) ScatterChat before 1.0.2, allows remote attackers operating a Tor entry node to route arbitrary Tor traffic through clients or cause a denial of service (flood) via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4508 was patched at 2024-05-15

8197. Denial of Service - Unknown Product (CVE-2007-0451) - Low [172]

Description: {'vulners_cve_data_all': 'Apache SpamAssassin before 3.1.8 allows remote attackers to cause a denial of service via long URLs in malformed HTML, which triggers "massive memory usage."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0451 was patched at 2024-05-15

8198. Denial of Service - Unknown Product (CVE-2007-0578) - Low [172]

Description: {'vulners_cve_data_all': 'The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0578 was patched at 2024-05-15

8199. Denial of Service - Unknown Product (CVE-2007-2650) - Low [172]

Description: {'vulners_cve_data_all': 'The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2650 was patched at 2024-05-15

8200. Denial of Service - Unknown Product (CVE-2007-3478) - Low [172]

Description: {'vulners_cve_data_all': 'Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3478 was patched at 2024-05-15

8201. Denial of Service - Unknown Product (CVE-2007-3725) - Low [172]

Description: {'vulners_cve_data_all': 'The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3725 was patched at 2024-05-15

8202. Denial of Service - Unknown Product (CVE-2007-3948) - Low [172]

Description: {'vulners_cve_data_all': 'connections.c in lighttpd before 1.4.16 might accept more connections than the configured maximum, which allows remote attackers to cause a denial of service (failed assertion) via a large number of connection attempts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3948 was patched at 2024-05-15

8203. Denial of Service - Unknown Product (CVE-2007-4195) - Low [172]

Description: {'vulners_cve_data_all': 'Use-after-free vulnerability in ext2fs.c in Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain ext2fs files via a malformed ext2fs image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4195 was patched at 2024-05-15

8204. Denial of Service - Unknown Product (CVE-2007-4510) - Low [172]

Description: {'vulners_cve_data_all': 'ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4510 was patched at 2024-05-15

8205. Denial of Service - Unknown Product (CVE-2007-4625) - Low [172]

Description: {'vulners_cve_data_all': 'Polipo before 1.0.2 allows remote HTTP servers to cause a denial of service (daemon crash) by aborting the response to a POST request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4625 was patched at 2024-05-15

8206. Denial of Service - Unknown Product (CVE-2007-4999) - Low [172]

Description: {'vulners_cve_data_all': 'libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4999 was patched at 2024-05-15

8207. Denial of Service - Unknown Product (CVE-2007-5378) - Low [172]

Description: {'vulners_cve_data_all': 'Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5378 was patched at 2024-05-15

8208. Denial of Service - Unknown Product (CVE-2008-1353) - Low [172]

Description: {'vulners_cve_data_all': 'zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1353 was patched at 2024-05-15

8209. Denial of Service - Unknown Product (CVE-2008-2696) - Low [172]

Description: {'vulners_cve_data_all': 'Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to "pretty printing" and the RationalValue::toLong function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2696 was patched at 2024-05-15

8210. Denial of Service - Unknown Product (CVE-2008-2955) - Low [172]

Description: {'vulners_cve_data_all': 'Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2955 was patched at 2024-05-15

8211. Denial of Service - Unknown Product (CVE-2008-3746) - Low [172]

Description: {'vulners_cve_data_all': 'neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3746 was patched at 2024-05-15

8212. Denial of Service - Unknown Product (CVE-2008-4776) - Low [172]

Description: {'vulners_cve_data_all': 'libgadu before 1.8.2 allows remote servers to cause a denial of service (crash) via a contact description with a large length, which triggers a buffer over-read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4776 was patched at 2024-05-15

8213. Denial of Service - Unknown Product (CVE-2008-4907) - Low [172]

Description: {'vulners_cve_data_all': 'The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4907 was patched at 2024-05-15

8214. Denial of Service - Unknown Product (CVE-2008-5113) - Low [172]

Description: {'vulners_cve_data_all': 'WordPress 2.6.3 relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier for remote attackers to conduct delayed and persistent cross-site request forgery (CSRF) attacks via crafted cookies, as demonstrated by attacks that (1) delete user accounts or (2) cause a denial of service (loss of application access). NOTE: this issue relies on the presence of an independent vulnerability that allows cookie injection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5113 was patched at 2024-05-15

8215. Denial of Service - Unknown Product (CVE-2008-5277) - Low [172]

Description: {'vulners_cve_data_all': 'PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5277 was patched at 2024-05-15

8216. Denial of Service - Unknown Product (CVE-2008-5314) - Low [172]

Description: {'vulners_cve_data_all': 'Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5314 was patched at 2024-05-15

8217. Denial of Service - Unknown Product (CVE-2008-5558) - Low [172]

Description: {'vulners_cve_data_all': 'Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition B.2.3.5 through B.2.5.5, when realtime IAX2 users are enabled, allows remote attackers to cause a denial of service (crash) via authentication attempts involving (1) an unknown user or (2) a user using hostname matching.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5558 was patched at 2024-05-15

8218. Denial of Service - Unknown Product (CVE-2008-7265) - Low [172]

Description: {'vulners_cve_data_all': 'The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote authenticated users to cause a denial of service (CPU consumption) via an ABOR command during a data transfer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7265 was patched at 2024-05-15

8219. Denial of Service - Unknown Product (CVE-2009-0179) - Low [172]

Description: {'vulners_cve_data_all': 'libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0179 was patched at 2024-05-15

8220. Denial of Service - Unknown Product (CVE-2009-0362) - Low [172]

Description: {'vulners_cve_data_all': 'filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring that is interpreted as an IP address, a different vulnerability than CVE-2007-4321.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0362 was patched at 2024-05-15

8221. Denial of Service - Unknown Product (CVE-2009-1885) - Low [172]

Description: {'vulners_cve_data_all': 'Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1885 was patched at 2024-05-15

8222. Denial of Service - Unknown Product (CVE-2009-3025) - Low [172]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3025 was patched at 2024-05-15

8223. Denial of Service - Unknown Product (CVE-2009-4228) - Low [172]

Description: {'vulners_cve_data_all': 'Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfp_fig function in f_read.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4228 was patched at 2024-05-15

8224. Denial of Service - Unknown Product (CVE-2009-4404) - Low [172]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 allows remote attackers to cause a denial of service via unspecified vectors related to the "--maxlines" option and a crafted email message. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4404 was patched at 2024-05-15

8225. Denial of Service - Unknown Product (CVE-2009-4835) - Low [172]

Description: {'vulners_cve_data_all': 'The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted audio file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4835 was patched at 2024-05-15

8226. Denial of Service - Unknown Product (CVE-2009-5011) - Low [172]

Description: {'vulners_cve_data_all': 'Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5011 was patched at 2024-05-15

8227. Denial of Service - Unknown Product (CVE-2009-5013) - Low [172]

Description: {'vulners_cve_data_all': 'Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5013 was patched at 2024-05-15

8228. Denial of Service - Unknown Product (CVE-2010-0406) - Low [172]

Description: {'vulners_cve_data_all': 'OpenTTD before 1.0.1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and daemon crash) by performing incomplete downloads of the map.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0406 was patched at 2024-05-15

8229. Denial of Service - Unknown Product (CVE-2010-1156) - Low [172]

Description: {'vulners_cve_data_all': 'core/nicklist.c in Irssi before 0.8.15 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an attempted fuzzy nick match at the instant that a victim leaves a channel.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1156 was patched at 2024-05-15

8230. Denial of Service - Unknown Product (CVE-2010-1639) - Low [172]

Description: {'vulners_cve_data_all': 'The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1639 was patched at 2024-05-15

8231. Denial of Service - Unknown Product (CVE-2010-1640) - Low [172]

Description: {'vulners_cve_data_all': 'Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1640 was patched at 2024-05-15

8232. Denial of Service - Unknown Product (CVE-2010-2528) - Low [172]

Description: {'vulners_cve_data_all': 'The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2528 was patched at 2024-05-15

8233. Denial of Service - Unknown Product (CVE-2010-2598) - Low [172]

Description: {'vulners_cve_data_all': 'LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPEG input."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2598 was patched at 2024-05-15

8234. Denial of Service - Unknown Product (CVE-2010-2800) - Low [172]

Description: {'vulners_cve_data_all': 'The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a (1) test or (2) extract action, related to the libmspack library.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2800 was patched at 2024-05-15

8235. Denial of Service - Unknown Product (CVE-2010-3053) - Low [172]

Description: {'vulners_cve_data_all': 'bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) via a crafted BDF font file, related to an attempted modification of a value in a static string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3053 was patched at 2024-05-15

8236. Denial of Service - Unknown Product (CVE-2010-3494) - Low [172]

Description: {'vulners_cve_data_all': 'Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3494 was patched at 2024-05-15

8237. Denial of Service - Unknown Product (CVE-2010-3495) - Low [172]

Description: {'vulners_cve_data_all': 'Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) before 3.10.0 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3495 was patched at 2024-05-15

8238. Denial of Service - Unknown Product (CVE-2010-4528) - Low [172]

Description: {'vulners_cve_data_all': 'directconn.c in the MSN protocol plugin in libpurple 2.7.6 through 2.7.8 in Pidgin before 2.7.9 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a short p2pv2 packet in a DirectConnect (aka direct connection) session.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4528 was patched at 2024-05-15

8239. Denial of Service - Unknown Product (CVE-2010-5109) - Low [172]

Description: {'vulners_cve_data_all': 'Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-5109 was patched at 2024-05-15

8240. Denial of Service - Unknown Product (CVE-2011-1951) - Low [172]

Description: {'vulners_cve_data_all': 'lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global flag is set and when using PCRE 8.12 and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via a message that does not match a regular expression.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1951 was patched at 2024-05-15

8241. Denial of Service - Unknown Product (CVE-2011-2531) - Low [172]

Description: {'vulners_cve_data_all': 'Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect data type to the value column in certain tables, which might allow remote attackers to cause a denial of service (data truncation) by sending a large amount of data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2531 was patched at 2024-05-15

8242. Denial of Service - Unknown Product (CVE-2011-3627) - Low [172]

Description: {'vulners_cve_data_all': 'The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3627 was patched at 2024-05-15

8243. Denial of Service - Unknown Product (CVE-2011-4320) - Low [172]

Description: {'vulners_cve_data_all': 'The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4320 was patched at 2024-05-15

8244. Denial of Service - Unknown Product (CVE-2011-4598) - Low [172]

Description: {'vulners_cve_data_all': 'The handle_request_info function in channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4598 was patched at 2024-05-15

8245. Denial of Service - Unknown Product (CVE-2012-0049) - Low [172]

Description: {'vulners_cve_data_all': 'OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0049 was patched at 2024-05-15

8246. Denial of Service - Unknown Product (CVE-2012-1107) - Low [172]

Description: {'vulners_cve_data_all': 'The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted sampleRate in an ape file, which triggers a divide-by-zero error.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1107 was patched at 2024-05-15

8247. Denial of Service - Unknown Product (CVE-2012-1108) - Low [172]

Description: {'vulners_cve_data_all': 'The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1108 was patched at 2024-05-15

8248. Denial of Service - Unknown Product (CVE-2012-1183) - Low [172]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the milliwatt_generate function in the Miliwatt application in Asterisk 1.4.x before 1.4.44, 1.6.x before 1.6.2.23, 1.8.x before 1.8.10.1, and 10.x before 10.2.1, when the o option is used and the internal_timing option is off, allows remote attackers to cause a denial of service (application crash) via a large number of samples in an audio packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1183 was patched at 2024-05-15

8249. Denial of Service - Unknown Product (CVE-2012-1584) - Low [172]

Description: {'vulners_cve_data_all': 'Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1584 was patched at 2024-05-15

8250. Denial of Service - Unknown Product (CVE-2012-1585) - Low [172]

Description: {'vulners_cve_data_all': 'OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1585 was patched at 2024-05-15

8251. Denial of Service - Unknown Product (CVE-2012-2385) - Low [172]

Description: {'vulners_cve_data_all': 'The terminal dispatcher in mosh before 1.2.1 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2385 was patched at 2024-05-15

8252. Denial of Service - Unknown Product (CVE-2012-2396) - Low [172]

Description: {'vulners_cve_data_all': 'VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2396 was patched at 2024-05-15

8253. Denial of Service - Unknown Product (CVE-2012-2948) - Low [172]

Description: {'vulners_cve_data_all': 'chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2948 was patched at 2024-05-15

8254. Denial of Service - Unknown Product (CVE-2012-3438) - Low [172]

Description: {'vulners_cve_data_all': 'The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers incorrect memory allocation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3438 was patched at 2024-05-15

8255. Denial of Service - Unknown Product (CVE-2012-3461) - Low [172]

Description: {'vulners_cve_data_all': 'The (1) otrl_base64_otr_decode function in src/b64.c; (2) otrl_proto_data_read_flags and (3) otrl_proto_accept_data functions in src/proto.c; and (4) decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a denial of service (application crash) via a message with the value "?OTR:===.", which triggers a heap-based buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3461 was patched at 2024-05-15

8256. Denial of Service - Unknown Product (CVE-2012-3812) - Low [172]

Description: {'vulners_cve_data_all': 'Double free vulnerability in apps/app_voicemail.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones allows remote authenticated users to cause a denial of service (daemon crash) by establishing multiple voicemail sessions and accessing both the Urgent mailbox and the INBOX mailbox.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3812 was patched at 2024-05-15

8257. Denial of Service - Unknown Product (CVE-2012-4233) - Low [172]

Description: {'vulners_cve_data_all': 'LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.dll, (2) ODG (Drawing document) file to svxcorelo.dll, (3) PolyPolygon record in a .wmf (Window Meta File) file embedded in a ppt (PowerPoint) file to tllo.dll, or (4) xls (Excel) file to scfiltlo.dll.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4233 was patched at 2024-05-15

8258. Denial of Service - Unknown Product (CVE-2012-5668) - Low [172]

Description: {'vulners_cve_data_all': 'FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to BDF fonts and the improper handling of an "allocation error" in the bdf_free_font function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5668 was patched at 2024-05-15

8259. Denial of Service - Unknown Product (CVE-2012-5670) - Low [172]

Description: {'vulners_cve_data_all': 'The _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) via vectors related to BDF fonts and an ENCODING field with a negative value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5670 was patched at 2024-05-15

8260. Denial of Service - Unknown Product (CVE-2012-6109) - Low [172]

Description: {'vulners_cve_data_all': 'lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6109 was patched at 2024-05-15

8261. Denial of Service - Unknown Product (CVE-2013-0176) - Low [172]

Description: {'vulners_cve_data_all': 'The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a "Client: Diffie-Hellman Key Exchange Init" packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0176 was patched at 2024-05-15

8262. Denial of Service - Unknown Product (CVE-2013-0184) - Low [172]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0184 was patched at 2024-05-15

8263. Denial of Service - Unknown Product (CVE-2013-1439) - Low [172]

Description: {'vulners_cve_data_all': 'The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1439 was patched at 2024-05-15

8264. Denial of Service - Unknown Product (CVE-2013-1812) - Low [172]

Description: {'vulners_cve_data_all': 'The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1812 was patched at 2024-05-15

8265. Denial of Service - Unknown Product (CVE-2013-2021) - Low [172]

Description: {'vulners_cve_data_all': 'pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2021 was patched at 2024-05-15

8266. Denial of Service - Unknown Product (CVE-2013-2124) - Low [172]

Description: {'vulners_cve_data_all': 'Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2124 was patched at 2024-05-15

8267. Denial of Service - Unknown Product (CVE-2013-2130) - Low [172]

Description: {'vulners_cve_data_all': 'ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page in modules/webadmin.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2130 was patched at 2024-05-15

8268. Denial of Service - Unknown Product (CVE-2013-4131) - Low [172]

Description: {'vulners_cve_data_all': 'The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4131 was patched at 2024-05-15

8269. Denial of Service - Unknown Product (CVE-2013-4179) - Low [172]

Description: {'vulners_cve_data_all': 'The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4179 was patched at 2024-05-15

8270. Denial of Service - Unknown Product (CVE-2013-4202) - Low [172]

Description: {'vulners_cve_data_all': 'The (1) backup (api/contrib/backups.py) and (2) volume transfer (contrib/volume_transfer.py) APIs in OpenStack Cinder Grizzly 2013.1.3 and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4202 was patched at 2024-05-15

8271. Denial of Service - Unknown Product (CVE-2013-4239) - Low [172]

Description: {'vulners_cve_data_all': 'The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4239 was patched at 2024-05-15

8272. Denial of Service - Unknown Product (CVE-2013-4297) - Low [172]

Description: {'vulners_cve_data_all': 'The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4297 was patched at 2024-05-15

8273. Denial of Service - Unknown Product (CVE-2013-4363) - Low [172]

Description: {'vulners_cve_data_all': 'Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service (CPU consumption) via a crafted gem version that triggers a large amount of backtracking in a regular expression. NOTE: this issue is due to an incomplete fix for CVE-2013-4287.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4363 was patched at 2024-05-15

8274. Denial of Service - Unknown Product (CVE-2013-4399) - Low [172]

Description: {'vulners_cve_data_all': 'The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4399 was patched at 2024-05-15

8275. Denial of Service - Unknown Product (CVE-2013-4517) - Low [172]

Description: {'vulners_cve_data_all': 'Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4517 was patched at 2024-05-15

8276. Denial of Service - Unknown Product (CVE-2013-4589) - Low [172]

Description: {'vulners_cve_data_all': 'The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bit RGBA image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4589 was patched at 2024-05-15

8277. Denial of Service - Unknown Product (CVE-2013-6437) - Low [172]

Description: {'vulners_cve_data_all': 'The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and icehouse before icehouse-2 allows remote authenticated users to cause a denial of service (disk consumption) by creating and deleting instances with unique os_type settings, which triggers the creation of a new ephemeral disk backing file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6437 was patched at 2024-05-15

8278. Denial of Service - Unknown Product (CVE-2013-7340) - Low [172]

Description: {'vulners_cve_data_all': 'VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7340 was patched at 2024-05-15

8279. Denial of Service - Unknown Product (CVE-2014-3574) - Low [172]

Description: {'vulners_cve_data_all': 'Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3574 was patched at 2024-05-15

8280. Denial of Service - Unknown Product (CVE-2014-3708) - Low [172]

Description: {'vulners_cve_data_all': 'OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an IP filter in a list active servers API request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3708 was patched at 2024-05-15

8281. Denial of Service - Unknown Product (CVE-2014-7821) - Low [172]

Description: {'vulners_cve_data_all': 'OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-7821 was patched at 2024-05-15

8282. Denial of Service - Unknown Product (CVE-2014-8333) - Low [172]

Description: {'vulners_cve_data_all': 'The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8333 was patched at 2024-05-15

8283. Denial of Service - Unknown Product (CVE-2014-9403) - Low [172]

Description: {'vulners_cve_data_all': 'The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9403 was patched at 2024-05-15

8284. Denial of Service - Unknown Product (CVE-2014-9623) - Low [172]

Description: {'vulners_cve_data_all': 'OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9623 was patched at 2024-05-15

8285. Denial of Service - Unknown Product (CVE-2015-3221) - Low [172]

Description: {'vulners_cve_data_all': 'OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-3221 was patched at 2024-05-15

8286. Denial of Service - Unknown Product (CVE-2015-3289) - Low [172]

Description: {'vulners_cve_data_all': 'OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleting them.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-3289 was patched at 2024-05-15

8287. Denial of Service - Unknown Product (CVE-2015-4468) - Low [172]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-4468 was patched at 2024-05-15

8288. Denial of Service - Unknown Product (CVE-2015-4469) - Low [172]

Description: {'vulners_cve_data_all': 'The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-4469 was patched at 2024-05-15

8289. Denial of Service - Unknown Product (CVE-2015-4470) - Low [172]

Description: {'vulners_cve_data_all': 'Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-4470 was patched at 2024-05-15

8290. Denial of Service - Unknown Product (CVE-2015-4471) - Low [172]

Description: {'vulners_cve_data_all': 'Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-4471 was patched at 2024-05-15

8291. Denial of Service - Unknown Product (CVE-2019-10203) - Low [172]

Description: {'vulners_cve_data_all': 'PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10203 was patched at 2024-05-15

8292. Denial of Service - Unknown Product (CVE-2020-21469) - Low [172]

Description: {'vulners_cve_data_all': 'An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21469 was patched at 2024-05-15

8293. Denial of Service - Unknown Product (CVE-2022-22935) - Low [172]

Description: {'vulners_cve_data_all': 'An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-22935 was patched at 2024-05-15

8294. Denial of Service - Unknown Product (CVE-2022-28192) - Low [172]

Description: {'vulners_cve_data_all': 'NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where it may lead to a use-after-free, which in turn may cause denial of service. This attack is complex to carry out because the attacker needs to have control over freeing some host side resources out of sequence, which requires elevated privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-28192 was patched at 2024-05-15

8295. Denial of Service - Unknown Product (CVE-2022-34667) - Low [172]

Description: {'vulners_cve_data_all': 'NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of data integrity for the local user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-34667 was patched at 2024-05-15

8296. Denial of Service - Unknown Product (CVE-2023-28938) - Low [172]

Description: {'vulners_cve_data_all': 'Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-28938 was patched at 2024-05-15

8297. Denial of Service - Unknown Product (CVE-2023-32642) - Low [172]

Description: {'vulners_cve_data_all': 'Insufficient adherence to expected conventions for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-32642 was patched at 2024-05-15

8298. Denial of Service - Unknown Product (CVE-2023-32651) - Low [172]

Description: {'vulners_cve_data_all': 'Improper validation of specified type of input for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-32651 was patched at 2024-05-15

8299. Incorrect Calculation - Unknown Product (CVE-2010-4653) - Low [172]

Description: {'vulners_cve_data_all': 'An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4653 was patched at 2024-05-15

8300. Incorrect Calculation - Unknown Product (CVE-2011-1843) - Low [172]

Description: {'vulners_cve_data_all': 'Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow remote attackers to bypass intended access restrictions in opportunistic circumstances via a TCP connection, related to improper handling of invalid port numbers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1843 was patched at 2024-05-15

8301. Incorrect Calculation - Unknown Product (CVE-2014-4859) - Low [172]

Description: {'vulners_cve_data_all': 'Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4859 was patched at 2024-05-15

8302. Incorrect Calculation - Unknown Product (CVE-2022-41550) - Low [172]

Description: {'vulners_cve_data_all': 'GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-41550 was patched at 2024-05-15

8303. Information Disclosure - Unknown Product (CVE-2003-1399) - Low [172]

Description: {'vulners_cve_data_all': 'eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-1399 was patched at 2024-05-15

8304. Information Disclosure - Unknown Product (CVE-2004-1340) - Low [172]

Description: {'vulners_cve_data_all': 'Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1340 was patched at 2024-05-15

8305. Information Disclosure - Unknown Product (CVE-2005-0787) - Low [172]

Description: {'vulners_cve_data_all': 'Wine 20050211 and earlier creates temp files with world readable permissions and predictable file names, which allows local users to obtain sensitive information, such as passwords.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0787 was patched at 2024-05-15

8306. Information Disclosure - Unknown Product (CVE-2005-1855) - Low [172]

Description: {'vulners_cve_data_all': 'Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1855 was patched at 2024-05-15

8307. Information Disclosure - Unknown Product (CVE-2005-3088) - Low [172]

Description: {'vulners_cve_data_all': 'fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3088 was patched at 2024-05-15

8308. Information Disclosure - Unknown Product (CVE-2005-3147) - Low [172]

Description: {'vulners_cve_data_all': 'StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3147 was patched at 2024-05-15

8309. Information Disclosure - Unknown Product (CVE-2007-4656) - Low [172]

Description: {'vulners_cve_data_all': 'backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4656 was patched at 2024-05-15

8310. Information Disclosure - Unknown Product (CVE-2008-3895) - Low [172]

Description: {'vulners_cve_data_all': 'LILO 22.6.1 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3895 was patched at 2024-05-15

8311. Information Disclosure - Unknown Product (CVE-2008-3896) - Low [172]

Description: {'vulners_cve_data_all': 'Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3896 was patched at 2024-05-15

8312. Information Disclosure - Unknown Product (CVE-2009-1631) - Low [172]

Description: {'vulners_cve_data_all': 'The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1631 was patched at 2024-05-15

8313. Information Disclosure - Unknown Product (CVE-2010-3074) - Low [172]

Description: {'vulners_cve_data_all': 'SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3074 was patched at 2024-05-15

8314. Information Disclosure - Unknown Product (CVE-2010-3431) - Low [172]

Description: {'vulners_cve_data_all': 'The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on the .pam_environment file in a user's home directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-3435.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3431 was patched at 2024-05-15

8315. Information Disclosure - Unknown Product (CVE-2012-3818) - Low [172]

Description: {'vulners_cve_data_all': 'The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the version number but not the password when exporting a file, which might allow local users to obtain sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3818 was patched at 2024-05-15

8316. Information Disclosure - Unknown Product (CVE-2012-6120) - Low [172]

Description: {'vulners_cve_data_all': 'Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6120 was patched at 2024-05-15

8317. Information Disclosure - Unknown Product (CVE-2013-1853) - Low [172]

Description: {'vulners_cve_data_all': 'Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1853 was patched at 2024-05-15

8318. Information Disclosure - Unknown Product (CVE-2013-4331) - Low [172]

Description: {'vulners_cve_data_all': 'Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4331 was patched at 2024-05-15

8319. Information Disclosure - Unknown Product (CVE-2013-6384) - Low [172]

Description: {'vulners_cve_data_all': '(1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information (the DB2 or MongoDB password) by reading the log file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6384 was patched at 2024-05-15

8320. Memory Corruption - FRRouting (CVE-2024-31950) - Low [172]

Description: In FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ri for OSPF LSA packets during an attempt to read Segment Routing subTLVs (their size is not validated).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514Free Range Routing or FRRouting or FRR is a network routing software suite running on Unix-like platforms, particularly Linux, Solaris, OpenBSD, FreeBSD and NetBSD
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31950 was patched at 2024-05-15

ubuntu: CVE-2024-31950 was patched at 2024-05-28

8321. Memory Corruption - FRRouting (CVE-2024-31951) - Low [172]

Description: In the Opaque LSA Extended Link parser in FRRouting (FRR) through 9.1, there can be a buffer overflow and daemon crash in ospf_te_parse_ext_link for OSPF LSA packets during an attempt to read Segment Routing Adjacency SID subTLVs (lengths are not validated).

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common0.514Free Range Routing or FRRouting or FRR is a network routing software suite running on Unix-like platforms, particularly Linux, Solaris, OpenBSD, FreeBSD and NetBSD
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31951 was patched at 2024-05-15

ubuntu: CVE-2024-31951 was patched at 2024-05-28

8322. Memory Corruption - Unknown Product (CVE-2002-1124) - Low [172]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in purity 1-16 allow local users to gain privileges and modify high scores tables.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1124 was patched at 2024-05-15

8323. Memory Corruption - Unknown Product (CVE-2003-0441) - Low [172]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in Orville Write (orville-write) 2.53 and earlier allow local users to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0441 was patched at 2024-05-15

8324. Memory Corruption - Unknown Product (CVE-2003-0454) - Low [172]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local users to gain privileges via a long HOME environment variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0454 was patched at 2024-05-15

8325. Memory Corruption - Unknown Product (CVE-2003-0630) - Low [172]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in the atari800.svgalib setuid program of the Atari 800 emulator (atari800) before 1.2.2 allow local users to gain privileges via long command line arguments, as demonstrated with the -osa_rom argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0630 was patched at 2024-05-15

8326. Memory Corruption - Unknown Product (CVE-2007-2893) - Low [172]

Description: {'vulners_cve_data_all': 'Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operating system via vectors that cause TXCNT register values to exceed the device memory size, aka "RX Frame heap overflow."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2893 was patched at 2024-05-15

8327. Memory Corruption - Unknown Product (CVE-2009-1143) - Low [172]

Description: {'vulners_cve_data_all': 'An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1143 was patched at 2024-05-15

8328. Memory Corruption - Unknown Product (CVE-2013-1953) - Low [172]

Description: {'vulners_cve_data_all': 'Integer underflow in the input_bmp_reader function in input-bmp.c in AutoTrace 0.31.1 allows context-dependent attackers to have an unspecified impact via a small value in the biSize field in the header of a BMP file, which triggers a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1953 was patched at 2024-05-15

8329. Memory Corruption - Unknown Product (CVE-2017-13066) - Low [172]

Description: {'vulners_cve_data_all': 'GraphicsMagick 1.3.26 has a memory leak vulnerability in the function CloneImage in magick/image.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-13066 was patched at 2024-05-15

8330. Memory Corruption - Unknown Product (CVE-2017-13648) - Low [172]

Description: {'vulners_cve_data_all': 'In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-13648 was patched at 2024-05-15

8331. Memory Corruption - Unknown Product (CVE-2017-17507) - Low [172]

Description: {'vulners_cve_data_all': 'In HDF5 1.10.1, there is an out of bounds read vulnerability in the function H5T_conv_struct_opt in H5Tconv.c in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17507 was patched at 2024-05-15

8332. Memory Corruption - Unknown Product (CVE-2018-10801) - Low [172]

Description: {'vulners_cve_data_all': 'TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as demonstrated by bmp2tiff.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10801 was patched at 2024-05-15

8333. Memory Corruption - Unknown Product (CVE-2018-17439) - Low [172]

Description: {'vulners_cve_data_all': 'An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17439 was patched at 2024-05-15

8334. Memory Corruption - Unknown Product (CVE-2018-20540) - Low [172]

Description: {'vulners_cve_data_all': 'There is memory leak at liblas::Open (liblas/liblas.hpp) in libLAS 1.8.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20540 was patched at 2024-05-15

8335. Memory Corruption - Unknown Product (CVE-2019-11675) - Low [172]

Description: {'vulners_cve_data_all': 'The groonga-httpd package 6.1.5-1 for Debian sets the /var/log/groonga ownership to the groonga account, which might let local users obtain root access because of unsafe interaction with logrotate. For example, an attacker can exploit a race condition to insert a symlink from /var/log/groonga/httpd to /etc/bash_completion.d. NOTE: this is an issue in the Debian packaging of the Groonga HTTP server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11675 was patched at 2024-05-15

8336. Memory Corruption - Unknown Product (CVE-2019-19624) - Low [172]

Description: {'vulners_cve_data_all': 'An out-of-bounds read was discovered in OpenCV before 4.1.1. Specifically, variable coarsest_scale is assumed to be greater than or equal to finest_scale within the calc()/ocl_calc() functions in dis_flow.cpp. However, this is not true when dealing with small images, leading to an out-of-bounds read of the heap-allocated arrays Ux and Uy.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19624 was patched at 2024-05-15

8337. Memory Corruption - Unknown Product (CVE-2019-20007) - Low [172]

Description: {'vulners_cve_data_all': 'An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20007 was patched at 2024-05-15

8338. Memory Corruption - Unknown Product (CVE-2019-20023) - Low [172]

Description: {'vulners_cve_data_all': 'A memory leak was discovered in image_buffer_resize in fromsixel.c in libsixel 1.8.4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20023 was patched at 2024-05-15

8339. Memory Corruption - Unknown Product (CVE-2019-20024) - Low [172]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflow was discovered in image_buffer_resize in fromsixel.c in libsixel before 1.8.4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20024 was patched at 2024-05-15

8340. Memory Corruption - Unknown Product (CVE-2019-20200) - Low [172]

Description: {'vulners_cve_data_all': 'An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20200 was patched at 2024-05-15

8341. Memory Corruption - Unknown Product (CVE-2019-20352) - Low [172]

Description: {'vulners_cve_data_all': 'In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20352 was patched at 2024-05-15

8342. Memory Corruption - Unknown Product (CVE-2019-6457) - Low [172]

Description: {'vulners_cve_data_all': 'An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_aggregate_reg_new in rec-aggregate.c in librec.a.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6457 was patched at 2024-05-15

8343. Memory Corruption - Unknown Product (CVE-2019-6458) - Low [172]

Description: {'vulners_cve_data_all': 'An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_buf_new in rec-buf.c when called from rec_parse_rset in rec-parser.c in librec.a.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6458 was patched at 2024-05-15

8344. Memory Corruption - Unknown Product (CVE-2019-6459) - Low [172]

Description: {'vulners_cve_data_all': 'An issue was discovered in GNU Recutils 1.8. There is a memory leak in rec_extract_type in rec-utils.c in librec.a.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6459 was patched at 2024-05-15

8345. Memory Corruption - Unknown Product (CVE-2019-8397) - Low [172]

Description: {'vulners_cve_data_all': 'An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_close_real in H5T.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-8397 was patched at 2024-05-15

8346. Memory Corruption - Unknown Product (CVE-2019-8398) - Low [172]

Description: {'vulners_cve_data_all': 'An issue was discovered in the HDF HDF5 1.10.4 library. There is an out of bounds read in the function H5T_get_size in H5T.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-8398 was patched at 2024-05-15

8347. Memory Corruption - Unknown Product (CVE-2020-10174) - Low [172]

Description: {'vulners_cve_data_all': 'init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary directory in the predictable location /tmp/timeshift. It follows symlinks in this location or uses directories owned by unprivileged users. Because Timeshift also executes scripts under this location, an attacker can attempt to win a race condition to replace scripts created by Timeshift with attacker-controlled scripts. Upon success, an attacker-controlled script is executed with full root privileges. This logic is practically always triggered when Timeshift runs regardless of the command-line arguments used.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10174 was patched at 2024-05-15

8348. Memory Corruption - Unknown Product (CVE-2020-27545) - Low [172]

Description: {'vulners_cve_data_all': 'libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27545 was patched at 2024-05-15

8349. Memory Corruption - Unknown Product (CVE-2020-36150) - Low [172]

Description: {'vulners_cve_data_all': 'Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36150 was patched at 2024-05-15

8350. Memory Corruption - Unknown Product (CVE-2020-36151) - Low [172]

Description: {'vulners_cve_data_all': 'Incorrect handling of input data in mysofa_resampler_reset_mem function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and overwriting large memory block.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36151 was patched at 2024-05-15

8351. Memory Corruption - Unknown Product (CVE-2021-29939) - Low [172]

Description: {'vulners_cve_data_all': 'An issue was discovered in the stackvector crate through 2021-02-19 for Rust. There is an out-of-bounds write in StackVec::extend if size_hint provides certain anomalous data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29939 was patched at 2024-05-15

8352. Memory Corruption - Unknown Product (CVE-2021-40812) - Low [172]

Description: {'vulners_cve_data_all': 'The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40812 was patched at 2024-05-15

8353. Memory Corruption - Unknown Product (CVE-2021-45972) - Low [172]

Description: {'vulners_cve_data_all': 'The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45972 was patched at 2024-05-15

8354. Memory Corruption - Unknown Product (CVE-2022-0497) - Low [172]

Description: {'vulners_cve_data_all': 'A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-0497 was patched at 2024-05-15

8355. Memory Corruption - Unknown Product (CVE-2022-35021) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a global buffer overflow via /release-x64/otfccdump+0x718693.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35021 was patched at 2024-05-15

8356. Memory Corruption - Unknown Product (CVE-2022-35034) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e7e3d.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35034 was patched at 2024-05-15

8357. Memory Corruption - Unknown Product (CVE-2022-35035) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b559f.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35035 was patched at 2024-05-15

8358. Memory Corruption - Unknown Product (CVE-2022-35036) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e1fc8.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35036 was patched at 2024-05-15

8359. Memory Corruption - Unknown Product (CVE-2022-35037) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6adb1e.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35037 was patched at 2024-05-15

8360. Memory Corruption - Unknown Product (CVE-2022-35038) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b064d.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35038 was patched at 2024-05-15

8361. Memory Corruption - Unknown Product (CVE-2022-35039) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e20a0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35039 was patched at 2024-05-15

8362. Memory Corruption - Unknown Product (CVE-2022-35040) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b5567.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35040 was patched at 2024-05-15

8363. Memory Corruption - Unknown Product (CVE-2022-35041) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b558f.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35041 was patched at 2024-05-15

8364. Memory Corruption - Unknown Product (CVE-2022-35042) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adb11.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35042 was patched at 2024-05-15

8365. Memory Corruption - Unknown Product (CVE-2022-35043) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c08a6.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35043 was patched at 2024-05-15

8366. Memory Corruption - Unknown Product (CVE-2022-35044) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x617087.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35044 was patched at 2024-05-15

8367. Memory Corruption - Unknown Product (CVE-2022-35045) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0d63.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35045 was patched at 2024-05-15

8368. Memory Corruption - Unknown Product (CVE-2022-35046) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0466.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35046 was patched at 2024-05-15

8369. Memory Corruption - Unknown Product (CVE-2022-35047) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05aa.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35047 was patched at 2024-05-15

8370. Memory Corruption - Unknown Product (CVE-2022-35048) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0b2c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35048 was patched at 2024-05-15

8371. Memory Corruption - Unknown Product (CVE-2022-35049) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b03b5.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35049 was patched at 2024-05-15

8372. Memory Corruption - Unknown Product (CVE-2022-35050) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b04de.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35050 was patched at 2024-05-15

8373. Memory Corruption - Unknown Product (CVE-2022-35051) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b55af.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35051 was patched at 2024-05-15

8374. Memory Corruption - Unknown Product (CVE-2022-35052) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b84b1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35052 was patched at 2024-05-15

8375. Memory Corruption - Unknown Product (CVE-2022-35053) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x61731f.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35053 was patched at 2024-05-15

8376. Memory Corruption - Unknown Product (CVE-2022-35054) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6171b2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35054 was patched at 2024-05-15

8377. Memory Corruption - Unknown Product (CVE-2022-35055) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0473.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35055 was patched at 2024-05-15

8378. Memory Corruption - Unknown Product (CVE-2022-35056) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b0478.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35056 was patched at 2024-05-15

8379. Memory Corruption - Unknown Product (CVE-2022-35058) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b05ce.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35058 was patched at 2024-05-15

8380. Memory Corruption - Unknown Product (CVE-2022-35059) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0414.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35059 was patched at 2024-05-15

8381. Memory Corruption - Unknown Product (CVE-2022-35060) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0a32.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35060 was patched at 2024-05-15

8382. Memory Corruption - Unknown Product (CVE-2022-35061) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e412a.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35061 was patched at 2024-05-15

8383. Memory Corruption - Unknown Product (CVE-2022-35062) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6c0bc3.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35062 was patched at 2024-05-15

8384. Memory Corruption - Unknown Product (CVE-2022-35063) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41a8.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35063 was patched at 2024-05-15

8385. Memory Corruption - Unknown Product (CVE-2022-35064) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x4adcdb in __asan_memset.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35064 was patched at 2024-05-15

8386. Memory Corruption - Unknown Product (CVE-2022-35066) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b8.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35066 was patched at 2024-05-15

8387. Memory Corruption - Unknown Product (CVE-2022-35067) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e41b0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35067 was patched at 2024-05-15

8388. Memory Corruption - Unknown Product (CVE-2022-35068) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e420d.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35068 was patched at 2024-05-15

8389. Memory Corruption - Unknown Product (CVE-2022-35069) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6b544e.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35069 was patched at 2024-05-15

8390. Memory Corruption - Unknown Product (CVE-2022-35070) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x65fc97.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35070 was patched at 2024-05-15

8391. Memory Corruption - Unknown Product (CVE-2022-35447) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b04de.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35447 was patched at 2024-05-15

8392. Memory Corruption - Unknown Product (CVE-2022-35448) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b55af.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35448 was patched at 2024-05-15

8393. Memory Corruption - Unknown Product (CVE-2022-35449) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0466.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35449 was patched at 2024-05-15

8394. Memory Corruption - Unknown Product (CVE-2022-35450) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b84b1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35450 was patched at 2024-05-15

8395. Memory Corruption - Unknown Product (CVE-2022-35451) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b03b5.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35451 was patched at 2024-05-15

8396. Memory Corruption - Unknown Product (CVE-2022-35452) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0b2c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35452 was patched at 2024-05-15

8397. Memory Corruption - Unknown Product (CVE-2022-35453) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c08a6.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35453 was patched at 2024-05-15

8398. Memory Corruption - Unknown Product (CVE-2022-35454) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b05aa.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35454 was patched at 2024-05-15

8399. Memory Corruption - Unknown Product (CVE-2022-35455) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0d63.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35455 was patched at 2024-05-15

8400. Memory Corruption - Unknown Product (CVE-2022-35456) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x617087.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35456 was patched at 2024-05-15

8401. Memory Corruption - Unknown Product (CVE-2022-35458) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b05ce.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35458 was patched at 2024-05-15

8402. Memory Corruption - Unknown Product (CVE-2022-35459) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e412a.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35459 was patched at 2024-05-15

8403. Memory Corruption - Unknown Product (CVE-2022-35460) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x61731f.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35460 was patched at 2024-05-15

8404. Memory Corruption - Unknown Product (CVE-2022-35461) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0a32.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35461 was patched at 2024-05-15

8405. Memory Corruption - Unknown Product (CVE-2022-35462) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0bc3.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35462 was patched at 2024-05-15

8406. Memory Corruption - Unknown Product (CVE-2022-35463) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0478.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35463 was patched at 2024-05-15

8407. Memory Corruption - Unknown Product (CVE-2022-35464) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6171b2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35464 was patched at 2024-05-15

8408. Memory Corruption - Unknown Product (CVE-2022-35465) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0414.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35465 was patched at 2024-05-15

8409. Memory Corruption - Unknown Product (CVE-2022-35466) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0473.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35466 was patched at 2024-05-15

8410. Memory Corruption - Unknown Product (CVE-2022-35467) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e41b8.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35467 was patched at 2024-05-15

8411. Memory Corruption - Unknown Product (CVE-2022-35468) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e420d.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35468 was patched at 2024-05-15

8412. Memory Corruption - Unknown Product (CVE-2022-35470) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x65fc97.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35470 was patched at 2024-05-15

8413. Memory Corruption - Unknown Product (CVE-2022-35471) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e41b0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35471 was patched at 2024-05-15

8414. Memory Corruption - Unknown Product (CVE-2022-35474) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b544e.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35474 was patched at 2024-05-15

8415. Memory Corruption - Unknown Product (CVE-2022-35475) - Low [172]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e41a8.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35475 was patched at 2024-05-15

8416. Memory Corruption - Unknown Product (CVE-2022-43280) - Low [172]

Description: {'vulners_cve_data_all': 'wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-43280 was patched at 2024-05-15

8417. Memory Corruption - Unknown Product (CVE-2022-43282) - Low [172]

Description: {'vulners_cve_data_all': 'wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-43282 was patched at 2024-05-15

8418. Memory Corruption - Unknown Product (CVE-2022-44011) - Low [172]

Description: {'vulners_cve_data_all': 'An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-44011 was patched at 2024-05-15

8419. Memory Corruption - Unknown Product (CVE-2022-4603) - Low [172]

Description: {'vulners_cve_data_all': 'A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-4603 was patched at 2024-05-15

8420. Memory Corruption - Unknown Product (CVE-2023-1801) - Low [172]

Description: {'vulners_cve_data_all': 'The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-1801 was patched at 2024-05-15

8421. Memory Corruption - Unknown Product (CVE-2023-29416) - Low [172]

Description: {'vulners_cve_data_all': 'An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29416 was patched at 2024-05-15

8422. Memory Corruption - Unknown Product (CVE-2023-29417) - Low [172]

Description: {'vulners_cve_data_all': 'An issue was discovered in libbzip3.a in bzip3 1.2.2. There is a bz3_decompress out-of-bounds read in certain situations where buffers passed to bzip3 do not contain enough space to be filled with decompressed data. NOTE: the vendor's perspective is that the observed behavior can only occur for a contract violation, and thus the report is invalid.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29417 was patched at 2024-05-15

8423. Memory Corruption - Unknown Product (CVE-2023-29418) - Low [172]

Description: {'vulners_cve_data_all': 'An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29418 was patched at 2024-05-15

8424. Memory Corruption - Unknown Product (CVE-2023-29419) - Low [172]

Description: {'vulners_cve_data_all': 'An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29419 was patched at 2024-05-15

8425. Memory Corruption - Unknown Product (CVE-2023-3758) - Low [172]

Description: {'vulners_cve_data_all': 'A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-3758 was patched at 2024-04-30, 2024-05-22

debian: CVE-2023-3758 was patched at 2024-05-15

oraclelinux: CVE-2023-3758 was patched at 2024-05-07, 2024-05-29

redhat: CVE-2023-3758 was patched at 2024-04-18, 2024-04-30, 2024-05-22

redos: CVE-2023-3758 was patched at 2024-05-22

8426. Memory Corruption - Unknown Product (CVE-2023-45229) - Low [172]

Description: {'vulners_cve_data_all': 'EDK2's Network Package is susceptible to an out-of-bounds read\n vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This\n vulnerability can be exploited by an attacker to gain unauthorized \naccess and potentially lead to a loss of Confidentiality.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-45229 was patched at 2024-04-30, 2024-05-22

debian: CVE-2023-45229 was patched at 2024-05-15

oraclelinux: CVE-2023-45229 was patched at 2024-04-24, 2024-05-03, 2024-05-23, 2024-06-03, 2024-06-04

redhat: CVE-2023-45229 was patched at 2024-04-30, 2024-05-22

8427. Memory Corruption - Unknown Product (CVE-2023-45682) - Low [172]

Description: {'vulners_cve_data_all': 'stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45682 was patched at 2024-05-15

8428. Memory Corruption - Unknown Product (CVE-2024-25569) - Low [172]

Description: {'vulners_cve_data_all': 'An out-of-bounds read vulnerability exists in the RAWCodec::DecodeBytes functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25569 was patched at 2024-05-15

8429. Memory Corruption - Unknown Product (CVE-2024-28219) - Low [172]

Description: {'vulners_cve_data_all': 'In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28219 was patched at 2024-05-15, 2024-06-05

ubuntu: CVE-2024-28219 was patched at 2024-04-22, 2024-04-29

8430. Path Traversal - Unknown Product (CVE-2010-1512) - Low [172]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1512 was patched at 2024-05-15

8431. Path Traversal - Unknown Product (CVE-2013-0262) - Low [172]

Description: {'vulners_cve_data_all': 'rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATH_INFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path traversals."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0262 was patched at 2024-05-15

8432. Path Traversal - Unknown Product (CVE-2014-7818) - Low [172]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-7818 was patched at 2024-05-15

8433. Unknown Vulnerability Type - Apache ActiveMQ (CVE-2016-6810) - Low [171]

Description: {'vulners_cve_data_all': 'In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6810 was patched at 2024-05-15

8434. Unknown Vulnerability Type - Apache ActiveMQ (CVE-2018-8006) - Low [171]

Description: {'vulners_cve_data_all': 'An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-8006 was patched at 2024-05-15

8435. Unknown Vulnerability Type - Apache ActiveMQ (CVE-2020-13947) - Low [171]

Description: {'vulners_cve_data_all': 'An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service (JMS) client
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13947 was patched at 2024-05-15

8436. Unknown Vulnerability Type - Bouncy Castle (CVE-2020-15522) - Low [171]

Description: {'vulners_cve_data_all': 'Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Bouncy Castle is a collection of APIs used in cryptography
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15522 was patched at 2024-05-15

8437. Unknown Vulnerability Type - ImageMagick (CVE-2017-6501) - Low [171]

Description: {'vulners_cve_data_all': 'An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614ImageMagick, invoked from the command line as magick, is a free and open-source cross-platform software suite for displaying, creating, converting, modifying, and editing raster images
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6501 was patched at 2024-05-15

8438. Unknown Vulnerability Type - Jetty (CVE-2019-17632) - Low [171]

Description: {'vulners_cve_data_all': 'In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Jetty is a Java based web server and servlet engine
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17632 was patched at 2024-05-15

8439. Unknown Vulnerability Type - Perl (CVE-2003-0192) - Low [171]

Description: {'vulners_cve_data_all': 'Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could cause Apache to use the weak ciphersuite.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0192 was patched at 2024-05-15

8440. Unknown Vulnerability Type - Perl (CVE-2005-0602) - Low [171]

Description: {'vulners_cve_data_all': 'Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0602 was patched at 2024-05-15

8441. Unknown Vulnerability Type - Perl (CVE-2006-1319) - Low [171]

Description: {'vulners_cve_data_all': 'chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little endian i386 machines against dietlibc, does not properly handle when multiple groups are specified in the -u option, which causes chpst to assign permissions for the root group due to inconsistent bit sizes for the gid_t type.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1319 was patched at 2024-05-15

8442. Unknown Vulnerability Type - Perl (CVE-2007-4098) - Low [171]

Description: {'vulners_cve_data_all': 'Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4098 was patched at 2024-05-15

8443. Unknown Vulnerability Type - Perl (CVE-2007-4174) - Low [171]

Description: {'vulners_cve_data_all': 'Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4174 was patched at 2024-05-15

8444. Unknown Vulnerability Type - Perl (CVE-2007-4410) - Low [171]

Description: {'vulners_cve_data_all': 'ircu 2.10.12.05 and earlier does not properly synchronize a kick action in certain cross scenarios, which allows remote authenticated operators to prevent later kick or de-op actions from non-local ops.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4410 was patched at 2024-05-15

8445. Unknown Vulnerability Type - Perl (CVE-2010-2197) - Low [171]

Description: {'vulners_cve_data_all': 'rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2197 was patched at 2024-05-15

8446. Unknown Vulnerability Type - Perl (CVE-2010-3901) - Low [171]

Description: {'vulners_cve_data_all': 'OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that (1) does not correspond to the server hostname or (2) is presented in circumstances involving a missing --cafile configuration option.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3901 was patched at 2024-05-15

8447. Unknown Vulnerability Type - Perl (CVE-2010-5293) - Low [171]

Description: {'vulners_cve_data_all': 'wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-5293 was patched at 2024-05-15

8448. Unknown Vulnerability Type - Perl (CVE-2011-0528) - Low [171]

Description: {'vulners_cve_data_all': 'Puppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0528 was patched at 2024-05-15

8449. Unknown Vulnerability Type - Perl (CVE-2011-3599) - Low [171]

Description: {'vulners_cve_data_all': 'The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3599 was patched at 2024-05-15

8450. Unknown Vulnerability Type - Perl (CVE-2012-4404) - Low [171]

Description: {'vulners_cve_data_all': 'security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4404 was patched at 2024-05-15

8451. Unknown Vulnerability Type - Perl (CVE-2012-4510) - Low [171]

Description: {'vulners_cve_data_all': 'cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4510 was patched at 2024-05-15

8452. Unknown Vulnerability Type - Perl (CVE-2013-4184) - Low [171]

Description: {'vulners_cve_data_all': 'Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4184 was patched at 2024-05-15

8453. Unknown Vulnerability Type - Perl (CVE-2013-4497) - Low [171]

Description: {'vulners_cve_data_all': 'The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4497 was patched at 2024-05-15

8454. Unknown Vulnerability Type - Perl (CVE-2015-8326) - Low [171]

Description: {'vulners_cve_data_all': 'The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8326 was patched at 2024-05-15

8455. Unknown Vulnerability Type - Perl (CVE-2017-3226) - Low [171]

Description: {'vulners_cve_data_all': 'Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter CONFIG_ENV_AES=y) read environment variables from disk as the encrypted disk image is processed. An attacker with physical access to the device can manipulate the encrypted environment data to include a crafted two-byte sequence which triggers an error in environment variable parsing. This error condition is improperly handled by Das U-Boot, resulting in an immediate process termination with a debugging message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-3226 was patched at 2024-05-15

8456. Unknown Vulnerability Type - Perl (CVE-2018-16883) - Low [171]

Description: {'vulners_cve_data_all': 'sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16883 was patched at 2024-05-15

8457. Unknown Vulnerability Type - Perl (CVE-2019-19794) - Low [171]

Description: {'vulners_cve_data_all': 'The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19794 was patched at 2024-05-15

8458. Unknown Vulnerability Type - Perl (CVE-2019-5595) - Low [171]

Description: {'vulners_cve_data_all': 'In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STABLE(r343781), and 12.0-RELEASE-p3, kernel callee-save registers are not properly sanitized before return from system calls, potentially allowing some kernel data used in the system call to be exposed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5595 was patched at 2024-05-15

8459. Unknown Vulnerability Type - Perl (CVE-2024-22368) - Low [171]

Description: {'vulners_cve_data_all': 'The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22368 was patched at 2024-05-15

ubuntu: CVE-2024-22368 was patched at 2024-05-09

8460. Unknown Vulnerability Type - Python (CVE-2012-5474) - Low [171]

Description: {'vulners_cve_data_all': 'The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5474 was patched at 2024-05-15

8461. Unknown Vulnerability Type - Python (CVE-2012-5578) - Low [171]

Description: {'vulners_cve_data_all': 'Python keyring has insecure permissions on new databases allowing world-readable files to be created', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5578 was patched at 2024-05-15

8462. Unknown Vulnerability Type - Python (CVE-2012-5825) - Low [171]

Description: {'vulners_cve_data_all': 'Tweepy does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python httplib library.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5825 was patched at 2024-05-15

8463. Unknown Vulnerability Type - Python (CVE-2013-2104) - Low [171]

Description: {'vulners_cve_data_all': 'python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2104 was patched at 2024-05-15

8464. Unknown Vulnerability Type - Python (CVE-2013-4111) - Low [171]

Description: {'vulners_cve_data_all': 'The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate and allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4111 was patched at 2024-05-15

8465. Unknown Vulnerability Type - Python (CVE-2013-5123) - Low [171]

Description: {'vulners_cve_data_all': 'The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-5123 was patched at 2024-05-15

8466. Unknown Vulnerability Type - Python (CVE-2014-0105) - Low [171]

Description: {'vulners_cve_data_all': 'The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0105 was patched at 2024-05-15

8467. Unknown Vulnerability Type - Python (CVE-2014-1938) - Low [171]

Description: {'vulners_cve_data_all': 'python-rply before 0.7.4 insecurely creates temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1938 was patched at 2024-05-15

8468. Unknown Vulnerability Type - Python (CVE-2020-35678) - Low [171]

Description: {'vulners_cve_data_all': 'Autobahn|Python before 20.12.3 allows redirect header injection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35678 was patched at 2024-05-15

8469. Unknown Vulnerability Type - Python (CVE-2021-33880) - Low [171]

Description: {'vulners_cve_data_all': 'The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). An attacker may be able to guess a password via a timing attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33880 was patched at 2024-05-15

8470. Unknown Vulnerability Type - Python (CVE-2024-0450) - Low [171]

Description: {'vulners_cve_data_all': 'An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-0450 was patched at 2024-05-23, 2024-05-29

debian: CVE-2024-0450 was patched at 2024-05-15

oraclelinux: CVE-2024-0450 was patched at 2024-05-29, 2024-05-31

redhat: CVE-2024-0450 was patched at 2024-05-23, 2024-05-28, 2024-05-29

8471. Unknown Vulnerability Type - Redis (CVE-2013-0178) - Low [171]

Description: {'vulners_cve_data_all': 'Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0178 was patched at 2024-05-15

8472. Unknown Vulnerability Type - Redis (CVE-2013-0180) - Low [171]

Description: {'vulners_cve_data_all': 'Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0180 was patched at 2024-05-15

8473. Unknown Vulnerability Type - Redis (CVE-2015-3156) - Low [171]

Description: {'vulners_cve_data_all': 'The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-3156 was patched at 2024-05-15

8474. Unknown Vulnerability Type - Redis (CVE-2021-31294) - Low [171]

Description: {'vulners_cve_data_all': 'Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Redis is an open-source in-memory storage, used as a distributed, in-memory key–value database, cache and message broker, with optional durability
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31294 was patched at 2024-05-15

8475. Unknown Vulnerability Type - Wireshark (CVE-2016-9372) - Low [171]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9372 was patched at 2024-05-15

8476. Unknown Vulnerability Type - Wireshark (CVE-2017-9616) - Low [171]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9616 was patched at 2024-05-15

8477. Unknown Vulnerability Type - Wireshark (CVE-2017-9617) - Low [171]

Description: {'vulners_cve_data_all': 'In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9617 was patched at 2024-05-15

8478. Unknown Vulnerability Type - APT (CVE-2012-0954) - Low [169]

Description: {'vulners_cve_data_all': 'APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install altered packages via a man-in-the-middle (MITM) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3587.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0954 was patched at 2024-05-15

8479. Unknown Vulnerability Type - APT (CVE-2012-3587) - Low [169]

Description: {'vulners_cve_data_all': 'APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3587 was patched at 2024-05-15

8480. Unknown Vulnerability Type - FreeIPA (CVE-2014-7828) - Low [169]

Description: {'vulners_cve_data_all': 'FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814FreeIPA is a free and open source identity management system
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-7828 was patched at 2024-05-15

8481. Unknown Vulnerability Type - GNOME desktop (CVE-2012-3378) - Low [169]

Description: {'vulners_cve_data_all': 'The register_application function in atk-adaptor/bridge.c in GNOME at-spi2-atk 2.5.2 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack on a temporary socket file in /tmp/at-spi2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3378 was patched at 2024-05-15

8482. Unknown Vulnerability Type - GNOME desktop (CVE-2021-3349) - Low [169]

Description: {'vulners_cve_data_all': 'GNOME Evolution through 3.38.3 produces a "Valid signature" message for an unknown identifier on a previously trusted key because Evolution does not retrieve enough information from the GnuPG API. NOTE: third parties dispute the significance of this issue, and dispute whether Evolution is the best place to change this behavior', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3349 was patched at 2024-05-15

8483. Unknown Vulnerability Type - Mozilla Firefox (CVE-2006-1740) - Low [169]

Description: {'vulners_cve_data_all': 'Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1740 was patched at 2024-05-15

8484. Unknown Vulnerability Type - Mozilla Firefox (CVE-2006-2786) - Low [169]

Description: {'vulners_cve_data_all': 'HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2786 was patched at 2024-05-15

8485. Unknown Vulnerability Type - Mozilla Firefox (CVE-2006-3812) - Low [169]

Description: {'vulners_cve_data_all': 'Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3812 was patched at 2024-05-15

8486. Unknown Vulnerability Type - OpenSSH (CVE-2012-0814) - Low [169]

Description: {'vulners_cve_data_all': 'The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0814 was patched at 2024-05-15

8487. Unknown Vulnerability Type - OpenSSL (CVE-2011-1945) - Low [169]

Description: {'vulners_cve_data_all': 'The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine private keys via a timing attack and a lattice calculation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1945 was patched at 2024-05-15

8488. Unknown Vulnerability Type - PHP (CVE-2008-3197) - Low [169]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to (1) the db parameter in the "Creating a Database" functionality (db_create.php), and (2) the convcharset and collation_connection parameters related to an unspecified program that modifies the connection character set.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3197 was patched at 2024-05-15

8489. Unknown Vulnerability Type - PHP (CVE-2012-4422) - Low [169]

Description: {'vulners_cve_data_all': 'wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed plugin, which might allow remote authenticated users to make unintended plugin changes by leveraging the Administrator role.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995.
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4422 was patched at 2024-05-15

8490. Spoofing - Unknown Product (CVE-2002-2261) - Low [166]

Description: {'vulners_cve_data_all': 'Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relaying restrictions enforced by the 'check_relay' function by spoofing a blank DNS hostname.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-2261 was patched at 2024-05-15

8491. Spoofing - Unknown Product (CVE-2007-1507) - Low [166]

Description: {'vulners_cve_data_all': 'The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x before 1.5.17 supports setuid programs within the local cell, which might allow attackers to gain privileges by spoofing a response to an AFS cache manager FetchStatus request, and setting setuid and root ownership for files in the cache.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1507 was patched at 2024-05-15

8492. Spoofing - Unknown Product (CVE-2016-6271) - Low [166]

Description: {'vulners_cve_data_all': 'The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the-middle attackers to conduct spoofing attacks by leveraging a missing HVI check on DHPart2 packet reception.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6271 was patched at 2024-05-15

8493. Spoofing - Unknown Product (CVE-2019-12269) - Low [166]

Description: {'vulners_cve_data_all': 'Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12269 was patched at 2024-05-15

8494. Unknown Vulnerability Type - Cacti (CVE-2010-1645) - Low [166]

Description: {'vulners_cve_data_all': 'Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in (1) the FQDN field of a Device or (2) the Vertical Label field of a Graph Template.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1645 was patched at 2024-05-15

8495. Unknown Vulnerability Type - Cacti (CVE-2015-0916) - Low [166]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0916 was patched at 2024-05-15

8496. Unknown Vulnerability Type - Cacti (CVE-2017-16641) - Low [166]

Description: {'vulners_cve_data_all': 'lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16641 was patched at 2024-05-15

8497. Unknown Vulnerability Type - Flask (CVE-2021-21241) - Low [166]

Description: {'vulners_cve_data_all': 'The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is a independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. In Flask-Security-Too from version 3.3.0 and before version 3.4.5, the /login and /change endpoints can return the authenticated user's authentication token in response to a GET request. Since GET requests aren't protected with a CSRF token, this could lead to a malicious 3rd party site acquiring the authentication token. Version 3.4.5 and version 4.0.0 are patched. As a workaround, if you aren't using authentication tokens - you can set the SECURITY_TOKEN_MAX_AGE to "0" (seconds) which should make the token unusable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Flask is a lightweight WSGI web application framework
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-21241 was patched at 2024-05-15

8498. Unknown Vulnerability Type - HID (CVE-2019-14664) - Low [166]

Description: {'vulners_cve_data_all': 'In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, he unknowingly leaks the plaintext of the encrypted message part(s) back to the attacker. This attack variant bypasses protection mechanisms implemented after the "EFAIL" attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514HID
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14664 was patched at 2024-05-15

8499. Unknown Vulnerability Type - HID (CVE-2022-21693) - Low [166]

Description: {'vulners_cve_data_all': 'OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive files in the entire user home folder. This could lead to the leaking of sensitive data. Due to the automatic exclusion of hidden folders, the impact is reduced. This can be mitigated by usage of the flatpak release.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514HID
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-21693 was patched at 2024-05-15

8500. Unknown Vulnerability Type - TLS (CVE-2010-1194) - Low [166]

Description: {'vulners_cve_data_all': 'The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1194 was patched at 2024-05-15

8501. Unknown Vulnerability Type - TLS (CVE-2020-24613) - Low [166]

Description: {'vulners_cve_data_all': 'wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers, and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24613 was patched at 2024-05-15

8502. Unknown Vulnerability Type - TLS (CVE-2022-25638) - Low [166]

Description: {'vulners_cve_data_all': 'In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25638 was patched at 2024-05-15

8503. Unknown Vulnerability Type - TRIE (CVE-2019-6474) - Low [166]

Description: {'vulners_cve_data_all': 'A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea code, a server trying to restart will conclude that there is a problem with its lease store and give up. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6474 was patched at 2024-05-15

8504. Unknown Vulnerability Type - libjpeg (CVE-2021-29390) - Low [166]

Description: {'vulners_cve_data_all': 'libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2021-29390 was patched at 2024-04-30

oraclelinux: CVE-2021-29390 was patched at 2024-05-02

redhat: CVE-2021-29390 was patched at 2024-04-30

8505. Unknown Vulnerability Type - libjpeg (CVE-2022-31796) - Low [166]

Description: {'vulners_cve_data_all': 'libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-31796 was patched at 2024-05-15

8506. Unknown Vulnerability Type - libjpeg (CVE-2022-32978) - Low [166]

Description: {'vulners_cve_data_all': 'There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-32978 was patched at 2024-05-15

8507. Unknown Vulnerability Type - Curl (CVE-2012-6086) - Low [164]

Description: {'vulners_cve_data_all': 'libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set the CURLOPT_SSL_VERIFYHOST option for libcurl, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Curl is a command-line tool for transferring data specified with URL syntax
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6086 was patched at 2024-05-15

8508. Unknown Vulnerability Type - Kubernetes (CVE-2020-8561) - Low [164]

Description: {'vulners_cve_data_all': 'A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
CVSS Base Score0.410CVSS Base Score is 4.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-8561 was patched at 2024-05-15

8509. Unknown Vulnerability Type - MediaWiki (CVE-2010-1190) - Low [164]

Description: {'vulners_cve_data_all': 'thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1190 was patched at 2024-05-15

8510. Unknown Vulnerability Type - MediaWiki (CVE-2015-2931) - Low [164]

Description: {'vulners_cve_data_all': 'Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2931 was patched at 2024-05-15

8511. Unknown Vulnerability Type - MediaWiki (CVE-2015-2932) - Low [164]

Description: {'vulners_cve_data_all': 'Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2932 was patched at 2024-05-15

8512. Unknown Vulnerability Type - MediaWiki (CVE-2015-2934) - Low [164]

Description: {'vulners_cve_data_all': 'MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2934 was patched at 2024-05-15

8513. Unknown Vulnerability Type - MediaWiki (CVE-2015-8004) - Low [164]

Description: {'vulners_cve_data_all': 'MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8004 was patched at 2024-05-15

8514. Unknown Vulnerability Type - MediaWiki (CVE-2021-30153) - Low [164]

Description: {'vulners_cve_data_all': 'An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30153 was patched at 2024-05-15

8515. Unknown Vulnerability Type - GPAC (CVE-2020-35981) - Low [161]

Description: {'vulners_cve_data_all': 'An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35981 was patched at 2024-05-15

8516. Unknown Vulnerability Type - GPAC (CVE-2020-35982) - Low [161]

Description: {'vulners_cve_data_all': 'An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35982 was patched at 2024-05-15

8517. Unknown Vulnerability Type - GPAC (CVE-2022-47654) - Low [161]

Description: {'vulners_cve_data_all': 'GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8261', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-47654 was patched at 2024-05-15

8518. Unknown Vulnerability Type - GPAC (CVE-2023-0817) - Low [161]

Description: {'vulners_cve_data_all': 'Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0817 was patched at 2024-05-15

8519. Unknown Vulnerability Type - GPAC (CVE-2023-5586) - Low [161]

Description: {'vulners_cve_data_all': 'NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-5586 was patched at 2024-05-15

8520. Unknown Vulnerability Type - GPAC (CVE-2024-24266) - Low [161]

Description: {'vulners_cve_data_all': 'gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-24266 was patched at 2024-05-15

8521. Unknown Vulnerability Type - Git (CVE-2017-18641) - Low [161]

Description: {'vulners_cve_data_all': 'In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-18641 was patched at 2024-05-15

8522. Unknown Vulnerability Type - Git (CVE-2018-20683) - Low [161]

Description: {'vulners_cve_data_all': 'commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync, mishandles the rsync command line, which allows attackers to have a "bad" impact by triggering use of an option other than -v, -n, -q, or -P.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20683 was patched at 2024-05-15

8523. Unknown Vulnerability Type - Git (CVE-2020-28086) - Low [161]

Description: {'vulners_cve_data_all': 'pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitation to occur, the user must do a git pull, decrypt a password, and log into a remote service with the password. If an attacker controls the central Git server or one of the other members' machines, and also controls one of the services already in the password store, they can rename one of the password files in the Git repository to something else: pass doesn't correctly verify that the content of a file matches the filename, so a user might be tricked into decrypting the wrong password and sending that to a service that the attacker controls. NOTE: for environments in which this threat model is of concern, signing commits can be a solution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28086 was patched at 2024-05-15

8524. Unknown Vulnerability Type - Git (CVE-2020-36567) - Low [161]

Description: {'vulners_cve_data_all': 'Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36567 was patched at 2024-05-15

8525. Unknown Vulnerability Type - Git (CVE-2020-36568) - Low [161]

Description: {'vulners_cve_data_all': 'Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36568 was patched at 2024-05-15

8526. Unknown Vulnerability Type - Git (CVE-2020-7711) - Low [161]

Description: {'vulners_cve_data_all': 'This affects all versions of package github.com/russellhaering/goxmldsig. There is a crash on nil-pointer dereference caused by sending malformed XML signatures.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7711 was patched at 2024-05-15

8527. Unknown Vulnerability Type - Git (CVE-2021-38711) - Low [161]

Description: {'vulners_cve_data_all': 'In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38711 was patched at 2024-05-15

8528. Unknown Vulnerability Type - Git (CVE-2021-39135) - Low [161]

Description: {'vulners_cve_data_all': '`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents into a project's `node_modules` folder. If the `node_modules` folder of the root project or any of its dependencies is somehow replaced with a symbolic link, it could allow Arborist to write package dependencies to any arbitrary location on the file system. Note that symbolic links contained within package artifact contents are filtered out, so another means of creating a `node_modules` symbolic link would have to be employed. 1. A `preinstall` script could replace `node_modules` with a symlink. (This is prevented by using `--ignore-scripts`.) 2. An attacker could supply the target with a git repository, instructing them to run `npm install --ignore-scripts` in the root. This may be successful, because `npm install --ignore-scripts` is typically not capable of making changes outside of the project directory, so it may be deemed safe. This is patched in @npmcli/arborist 2.8.2 which is included in npm v7.20.7 and above. For more information including workarounds please see the referenced GHSA-gmw6-94gg-2rc2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39135 was patched at 2024-05-15

8529. Unknown Vulnerability Type - Git (CVE-2022-1071) - Low [161]

Description: {'vulners_cve_data_all': 'User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1071 was patched at 2024-05-15

8530. Unknown Vulnerability Type - Git (CVE-2022-1907) - Low [161]

Description: {'vulners_cve_data_all': 'Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1907 was patched at 2024-05-15

8531. Unknown Vulnerability Type - Git (CVE-2022-1908) - Low [161]

Description: {'vulners_cve_data_all': 'Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1908 was patched at 2024-05-15

8532. Unknown Vulnerability Type - Git (CVE-2022-1987) - Low [161]

Description: {'vulners_cve_data_all': 'Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1987 was patched at 2024-05-15

8533. Unknown Vulnerability Type - Git (CVE-2023-2251) - Low [161]

Description: {'vulners_cve_data_all': 'Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-2251 was patched at 2024-05-15

8534. Denial of Service - Unknown Product (CVE-2004-1909) - Low [160]

Description: {'vulners_cve_data_all': 'Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1909 was patched at 2024-05-15

8535. Denial of Service - Unknown Product (CVE-2005-1686) - Low [160]

Description: {'vulners_cve_data_all': 'Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1686 was patched at 2024-05-15

8536. Denial of Service - Unknown Product (CVE-2005-1923) - Low [160]

Description: {'vulners_cve_data_all': 'The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1923 was patched at 2024-05-15

8537. Denial of Service - Unknown Product (CVE-2005-2056) - Low [160]

Description: {'vulners_cve_data_all': 'The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2056 was patched at 2024-05-15

8538. Denial of Service - Unknown Product (CVE-2005-2534) - Low [160]

Description: {'vulners_cve_data_all': 'Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2534 was patched at 2024-05-15

8539. Denial of Service - Unknown Product (CVE-2006-1721) - Low [160]

Description: {'vulners_cve_data_all': 'digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1721 was patched at 2024-05-15

8540. Denial of Service - Unknown Product (CVE-2006-4807) - Low [160]

Description: {'vulners_cve_data_all': 'loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4807 was patched at 2024-05-15

8541. Denial of Service - Unknown Product (CVE-2007-4280) - Low [160]

Description: {'vulners_cve_data_all': 'The Skinny channel driver (chan_skinny) in Asterisk Open Source before 1.4.10, AsteriskNOW before beta7, Appliance Developer Kit before 0.7.0, and Appliance s800i before 1.0.3 allows remote authenticated users to cause a denial of service (application crash) via a CAPABILITIES_RES_MESSAGE packet with a capabilities count larger than the capabilities_res_message array population.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4280 was patched at 2024-05-15

8542. Denial of Service - Unknown Product (CVE-2007-5712) - Low [160]

Description: {'vulners_cve_data_all': 'The internationalization (i18n) framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USE_I18N option and the i18n component are enabled, allows remote attackers to cause a denial of service (memory consumption) via many HTTP requests with large Accept-Language headers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5712 was patched at 2024-05-15

8543. Denial of Service - Unknown Product (CVE-2012-1987) - Low [160]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1987 was patched at 2024-05-15

8544. Denial of Service - Unknown Product (CVE-2012-2101) - Low [160]

Description: {'vulners_cve_data_all': 'Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2101 was patched at 2024-05-15

8545. Denial of Service - Unknown Product (CVE-2012-2947) - Low [160]

Description: {'vulners_cve_data_all': 'chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2947 was patched at 2024-05-15

8546. Denial of Service - Unknown Product (CVE-2012-3371) - Low [160]

Description: {'vulners_cve_data_all': 'The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3371 was patched at 2024-05-15

8547. Denial of Service - Unknown Product (CVE-2013-3571) - Low [160]

Description: {'vulners_cve_data_all': 'socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-3571 was patched at 2024-05-15

8548. Denial of Service - Unknown Product (CVE-2013-4505) - Low [160]

Description: {'vulners_cve_data_all': 'The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4505 was patched at 2024-05-15

8549. Denial of Service - Unknown Product (CVE-2013-4558) - Low [160]

Description: {'vulners_cve_data_all': 'The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4558 was patched at 2024-05-15

8550. Denial of Service - Unknown Product (CVE-2014-3970) - Low [160]

Description: {'vulners_cve_data_all': 'The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an empty UDP packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3970 was patched at 2024-05-15

8551. Denial of Service - Unknown Product (CVE-2014-6060) - Low [160]

Description: {'vulners_cve_data_all': 'The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-6060 was patched at 2024-05-15

8552. Denial of Service - Unknown Product (CVE-2017-15096) - Low [160]

Description: {'vulners_cve_data_all': 'A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15096 was patched at 2024-05-15

8553. Denial of Service - Unknown Product (CVE-2017-8933) - Low [160]

Description: {'vulners_cve_data_all': 'Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8933 was patched at 2024-05-15

8554. Denial of Service - Unknown Product (CVE-2021-20286) - Low [160]

Description: {'vulners_cve_data_all': 'A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-20286 was patched at 2024-05-15

8555. Denial of Service - Unknown Product (CVE-2022-33879) - Low [160]

Description: {'vulners_cve_data_all': 'The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-33879 was patched at 2024-05-15

8556. Denial of Service - Unknown Product (CVE-2023-0196) - Low [160]

Description: {'vulners_cve_data_all': '\nNVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of service.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0196 was patched at 2024-05-15

8557. Denial of Service - Unknown Product (CVE-2023-29383) - Low [160]

Description: {'vulners_cve_data_all': 'In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29383 was patched at 2024-05-15

8558. Denial of Service - Unknown Product (CVE-2024-0072) - Low [160]

Description: {'vulners_cve_data_all': '\nNVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-0072 was patched at 2024-05-15

8559. Denial of Service - Unknown Product (CVE-2024-0076) - Low [160]

Description: {'vulners_cve_data_all': '\nNVIDIA CUDA toolkit for all platforms contains a vulnerability in cuobjdump and nvdisasm where an attacker may cause a crash by tricking a user into reading a malformed ELF file. A successful exploit of this vulnerability may lead to a partial denial of service.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-0076 was patched at 2024-05-15

8560. Incorrect Calculation - Unknown Product (CVE-2018-10316) - Low [160]

Description: {'vulners_cve_data_all': 'Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10316 was patched at 2024-05-15

8561. Incorrect Calculation - Unknown Product (CVE-2019-19746) - Low [160]

Description: {'vulners_cve_data_all': 'make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19746 was patched at 2024-05-15

8562. Incorrect Calculation - Unknown Product (CVE-2019-20805) - Low [160]

Description: {'vulners_cve_data_all': 'p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacking via crafted values in a PT_DYNAMIC segment.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20805 was patched at 2024-05-15

8563. Incorrect Calculation - Unknown Product (CVE-2020-12105) - Low [160]

Description: {'vulners_cve_data_all': 'OpenConnect through 8.08 mishandles negative return values from X509_check_ function calls, which might assist attackers in performing man-in-the-middle attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-12105 was patched at 2024-05-15

8564. Incorrect Calculation - Unknown Product (CVE-2024-1580) - Low [160]

Description: {'vulners_cve_data_all': 'An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.\n\n\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-1580 was patched at 2024-05-09, 2024-05-15

8565. Memory Corruption - Unknown Product (CVE-2011-1488) - Low [160]

Description: {'vulners_cve_data_all': 'A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent within short periods of time.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1488 was patched at 2024-05-15

8566. Memory Corruption - Unknown Product (CVE-2011-1489) - Low [160]

Description: {'vulners_cve_data_all': 'A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages were logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1489 was patched at 2024-05-15

8567. Memory Corruption - Unknown Product (CVE-2011-1490) - Low [160]

Description: {'vulners_cve_data_all': 'A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when multiple rulesets were used and some output batches contained messages belonging to more than one ruleset. A local attacker could cause denial of the rsyslogd daemon service via a log message belonging to more than one ruleset', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1490 was patched at 2024-05-15

8568. Memory Corruption - Unknown Product (CVE-2012-5630) - Low [160]

Description: {'vulners_cve_data_all': 'libuser 0.56 and 0.57 has a TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5630 was patched at 2024-05-15

8569. Memory Corruption - Unknown Product (CVE-2017-12911) - Low [160]

Description: {'vulners_cve_data_all': 'The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12911 was patched at 2024-05-15

8570. Memory Corruption - Unknown Product (CVE-2017-14970) - Low [160]

Description: {'vulners_cve_data_all': 'In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stating "it can only be triggered by an OpenFlow controller, but OpenFlow controllers have much more direct and powerful ways to force Open vSwitch to allocate memory, such as by inserting flows into the flow table."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14970 was patched at 2024-05-15

8571. Memory Corruption - Unknown Product (CVE-2017-16672) - Low [160]

Description: {'vulners_cve_data_all': 'An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session object is created and that call gets rejected before the session itself is fully established. When this happens the session object never gets destroyed. Eventually Asterisk can run out of memory and crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16672 was patched at 2024-05-15

8572. Memory Corruption - Unknown Product (CVE-2017-20004) - Low [160]

Description: {'vulners_cve_data_all': 'In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-20004 was patched at 2024-05-15

8573. Memory Corruption - Unknown Product (CVE-2018-1000667) - Low [160]

Description: {'vulners_cve_data_all': 'NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file..', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000667 was patched at 2024-05-15

8574. Memory Corruption - Unknown Product (CVE-2018-20005) - Low [160]

Description: {'vulners_cve_data_all': 'An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20005 was patched at 2024-05-15

8575. Memory Corruption - Unknown Product (CVE-2018-20374) - Low [160]

Description: {'vulners_cve_data_all': 'An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the use_section1 function in tccasm.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20374 was patched at 2024-05-15

8576. Memory Corruption - Unknown Product (CVE-2018-20375) - Low [160]

Description: {'vulners_cve_data_all': 'An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the sym_pop function in tccgen.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20375 was patched at 2024-05-15

8577. Memory Corruption - Unknown Product (CVE-2018-20376) - Low [160]

Description: {'vulners_cve_data_all': 'An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 8 byte out of bounds write in the asm_parse_directive function in tccasm.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20376 was patched at 2024-05-15

8578. Memory Corruption - Unknown Product (CVE-2018-20593) - Low [160]

Description: {'vulners_cve_data_all': 'In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20593 was patched at 2024-05-15

8579. Memory Corruption - Unknown Product (CVE-2018-25008) - Low [160]

Description: {'vulners_cve_data_all': 'In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-25008 was patched at 2024-05-15

8580. Memory Corruption - Unknown Product (CVE-2019-12495) - Low [160]

Description: {'vulners_cve_data_all': 'An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to a one-byte out-of-bounds write in the gsym_addr function in x86_64-gen.c. This occurs because tccasm.c mishandles section switches.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12495 was patched at 2024-05-15

8581. Memory Corruption - Unknown Product (CVE-2019-14247) - Low [160]

Description: {'vulners_cve_data_all': 'The scan() function in mad.c in mpg321 0.3.2 allows remote attackers to trigger an out-of-bounds write via a zero bitrate in an MP3 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14247 was patched at 2024-05-15

8582. Memory Corruption - Unknown Product (CVE-2019-14248) - Low [160]

Description: {'vulners_cve_data_all': 'In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14248 was patched at 2024-05-15

8583. Memory Corruption - Unknown Product (CVE-2019-14274) - Low [160]

Description: {'vulners_cve_data_all': 'MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14274 was patched at 2024-05-15

8584. Memory Corruption - Unknown Product (CVE-2019-14662) - Low [160]

Description: {'vulners_cve_data_all': 'Brandy 1.20.1 has a stack-based buffer overflow in fileio_openout in fileio.c via crafted BASIC source code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14662 was patched at 2024-05-15

8585. Memory Corruption - Unknown Product (CVE-2019-14663) - Low [160]

Description: {'vulners_cve_data_all': 'Brandy 1.20.1 has a stack-based buffer overflow in fileio_openin in fileio.c via crafted BASIC source code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14663 was patched at 2024-05-15

8586. Memory Corruption - Unknown Product (CVE-2019-14665) - Low [160]

Description: {'vulners_cve_data_all': 'Brandy 1.20.1 has a heap-based buffer overflow in define_array in variables.c via crafted BASIC source code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14665 was patched at 2024-05-15

8587. Memory Corruption - Unknown Product (CVE-2019-9754) - Low [160]

Description: {'vulners_cve_data_all': 'An issue was discovered in Tiny C Compiler (aka TinyCC or TCC) 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the end_macro function in tccpp.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9754 was patched at 2024-05-15

8588. Memory Corruption - Unknown Product (CVE-2020-10576) - Low [160]

Description: {'vulners_cve_data_all': 'An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10576 was patched at 2024-05-15

8589. Memory Corruption - Unknown Product (CVE-2020-23910) - Low [160]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow vulnerability in asn1c through v0.9.28 via function genhash_get in genhash.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23910 was patched at 2024-05-15

8590. Memory Corruption - Unknown Product (CVE-2020-24240) - Low [160]

Description: {'vulners_cve_data_all': 'GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24240 was patched at 2024-05-15

8591. Memory Corruption - Unknown Product (CVE-2020-24241) - Low [160]

Description: {'vulners_cve_data_all': 'In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24241 was patched at 2024-05-15

8592. Memory Corruption - Unknown Product (CVE-2020-27837) - Low [160]

Description: {'vulners_cve_data_all': 'A flaw was found in GDM in versions prior to 3.38.2.1. A race condition in the handling of session shutdown makes it possible to bypass the lock screen for a user that has autologin enabled, accessing their session without authentication. This is similar to CVE-2017-12164, but requires more difficult conditions to exploit.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27837 was patched at 2024-05-15

8593. Memory Corruption - Unknown Product (CVE-2020-35534) - Low [160]

Description: {'vulners_cve_data_all': 'In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\\src\\decoders\\crx.cpp) when processing cr3 files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35534 was patched at 2024-05-15

8594. Memory Corruption - Unknown Product (CVE-2020-35535) - Low [160]

Description: {'vulners_cve_data_all': 'In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\\src\\metadata\\sony.cpp) when processing srf files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35535 was patched at 2024-05-15

8595. Memory Corruption - Unknown Product (CVE-2020-36205) - Low [160]

Description: {'vulners_cve_data_all': 'An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36205 was patched at 2024-05-15

8596. Memory Corruption - Unknown Product (CVE-2020-7462) - Low [160]

Description: {'vulners_cve_data_all': 'In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel causes a use-after-free bug by sending IPv6 Hop-by-Hop options over the loopback interface. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7462 was patched at 2024-05-15

8597. Memory Corruption - Unknown Product (CVE-2020-7463) - Low [160]

Description: {'vulners_cve_data_all': 'In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, improper handling in the kernel causes a use-after-free bug by sending large user messages from multiple threads on the same SCTP socket. The use-after-free situation may result in unintended kernel behaviour including a kernel panic.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7463 was patched at 2024-05-15

8598. Memory Corruption - Unknown Product (CVE-2021-28689) - Low [160]

Description: {'vulners_cve_data_all': 'x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests 32-bit x86 PV guest kernels run in ring 1. At the time when Xen was developed, this area of the i386 architecture was rarely used, which is why Xen was able to use it to implement paravirtualisation, Xen's novel approach to virtualization. In AMD64, Xen had to use a different implementation approach, so Xen does not use ring 1 to support 64-bit guests. With the focus now being on 64-bit systems, and the availability of explicit hardware support for virtualization, fixing speculation issues in ring 1 is not a priority for processor companies. Indirect Branch Restricted Speculation (IBRS) is an architectural x86 extension put together to combat speculative execution sidechannel attacks, including Spectre v2. It was retrofitted in microcode to existing CPUs. For more details on Spectre v2, see: http://xenbits.xen.org/xsa/advisory-254.html However, IBRS does not architecturally protect ring 0 from predictions learnt in ring 1. For more details, see: https://software.intel.com/security-software-guidance/deep-dives/deep-dive-indirect-branch-restricted-speculation Similar situations may exist with other mitigations for other kinds of speculative execution attacks. The situation is quite likely to be similar for speculative execution attacks which have yet to be discovered, disclosed, or mitigated.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28689 was patched at 2024-05-15

8599. Memory Corruption - Unknown Product (CVE-2021-29626) - Low [160]

Description: {'vulners_cve_data_all': 'In FreeBSD 13.0-STABLE before n245117, 12.2-STABLE before r369551, 11.4-STABLE before r369559, 13.0-RC5 before p1, 12.2-RELEASE before p6, and 11.4-RELEASE before p9, copy-on-write logic failed to invalidate shared memory page mappings between multiple processes allowing an unprivileged process to maintain a mapping after it is freed, allowing the process to read private data belonging to other processes or the kernel.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29626 was patched at 2024-05-15

8600. Memory Corruption - Unknown Product (CVE-2021-31804) - Low [160]

Description: {'vulners_cve_data_all': 'LeoCAD before 21.03 sometimes allows a use-after-free during the opening of a new document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31804 was patched at 2024-05-15

8601. Memory Corruption - Unknown Product (CVE-2021-33450) - Low [160]

Description: {'vulners_cve_data_all': 'An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33450 was patched at 2024-05-15

8602. Memory Corruption - Unknown Product (CVE-2021-33451) - Low [160]

Description: {'vulners_cve_data_all': 'An issue was discovered in lrzip version 0.641. There are memory leaks in fill_buffer() in stream.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33451 was patched at 2024-05-15

8603. Memory Corruption - Unknown Product (CVE-2021-33452) - Low [160]

Description: {'vulners_cve_data_all': 'An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33452 was patched at 2024-05-15

8604. Memory Corruption - Unknown Product (CVE-2021-33461) - Low [160]

Description: {'vulners_cve_data_all': 'An issue was discovered in yasm version 1.3.0. There is a use-after-free in yasm_intnum_destroy() in libyasm/intnum.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33461 was patched at 2024-05-15

8605. Memory Corruption - Unknown Product (CVE-2021-33462) - Low [160]

Description: {'vulners_cve_data_all': 'An issue was discovered in yasm version 1.3.0. There is a use-after-free in expr_traverse_nodes_post() in libyasm/expr.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33462 was patched at 2024-05-15

8606. Memory Corruption - Unknown Product (CVE-2021-33467) - Low [160]

Description: {'vulners_cve_data_all': 'An issue was discovered in yasm version 1.3.0. There is a use-after-free in pp_getline() in modules/preprocs/nasm/nasm-pp.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33467 was patched at 2024-05-15

8607. Memory Corruption - Unknown Product (CVE-2021-33468) - Low [160]

Description: {'vulners_cve_data_all': 'An issue was discovered in yasm version 1.3.0. There is a use-after-free in error() in modules/preprocs/nasm/nasm-pp.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33468 was patched at 2024-05-15

8608. Memory Corruption - Unknown Product (CVE-2021-33480) - Low [160]

Description: {'vulners_cve_data_all': 'An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33480 was patched at 2024-05-15

8609. Memory Corruption - Unknown Product (CVE-2021-3569) - Low [160]

Description: {'vulners_cve_data_all': 'A stack corruption bug was found in libtpms in versions before 0.7.2 and before 0.8.0 while decrypting data using RSA. This flaw could result in a SIGBUS (bad memory access) and termination of swtpm. The highest threat from this vulnerability is to system availability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3569 was patched at 2024-05-15

8610. Memory Corruption - Unknown Product (CVE-2021-36083) - Low [160]

Description: {'vulners_cve_data_all': 'KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-36083 was patched at 2024-05-15

8611. Memory Corruption - Unknown Product (CVE-2021-44961) - Low [160]

Description: {'vulners_cve_data_all': 'A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Specially crafted stl files can exhaust available memory. An attacker can provide malicious files to trigger this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44961 was patched at 2024-05-15

8612. Memory Corruption - Unknown Product (CVE-2021-45948) - Low [160]

Description: {'vulners_cve_data_all': 'Open Asset Import Library (aka assimp) 5.1.0 and 5.1.1 has a heap-based buffer overflow in _m3d_safestr (called from m3d_load and Assimp::M3DWrapper::M3DWrapper).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45948 was patched at 2024-05-15

8613. Memory Corruption - Unknown Product (CVE-2022-24191) - Low [160]

Description: {'vulners_cve_data_all': 'In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24191 was patched at 2024-05-15

8614. Memory Corruption - Unknown Product (CVE-2022-43151) - Low [160]

Description: {'vulners_cve_data_all': 'timg v1.4.4 was discovered to contain a memory leak via the function timg::QueryBackgroundColor() at /timg/src/term-query.cc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-43151 was patched at 2024-05-15

8615. Memory Corruption - Unknown Product (CVE-2022-46456) - Low [160]

Description: {'vulners_cve_data_all': 'NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-46456 was patched at 2024-05-15

8616. Memory Corruption - Unknown Product (CVE-2022-48682) - Low [160]

Description: {'vulners_cve_data_all': 'In deletefiles in FDUPES before 2.2.0, a TOCTOU race condition allows arbitrary file deletion via a symlink.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48682 was patched at 2024-05-15

8617. Memory Corruption - Unknown Product (CVE-2023-24809) - Low [160]

Description: {'vulners_cve_data_all': 'NetHack is a single player dungeon exploration game. Starting with version 3.6.2 and prior to version 3.6.7, illegal input to the "C" (call) command can cause a buffer overflow and crash the NetHack process. This vulnerability may be a security issue for systems that have NetHack installed suid/sgid and for shared systems. For all systems, it may result in a process crash. This issue is resolved in NetHack 3.6.7. There are no known workarounds.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-24809 was patched at 2024-05-15

8618. Memory Corruption - Unknown Product (CVE-2023-26551) - Low [160]

Description: {'vulners_cve_data_all': 'mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26551 was patched at 2024-05-15

8619. Memory Corruption - Unknown Product (CVE-2023-26552) - Low [160]

Description: {'vulners_cve_data_all': 'mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26552 was patched at 2024-05-15

8620. Memory Corruption - Unknown Product (CVE-2023-26553) - Low [160]

Description: {'vulners_cve_data_all': 'mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26553 was patched at 2024-05-15

8621. Memory Corruption - Unknown Product (CVE-2023-26554) - Low [160]

Description: {'vulners_cve_data_all': 'mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26554 was patched at 2024-05-15

8622. Memory Corruption - Unknown Product (CVE-2023-26555) - Low [160]

Description: {'vulners_cve_data_all': 'praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26555 was patched at 2024-05-15

8623. Memory Corruption - Unknown Product (CVE-2023-31725) - Low [160]

Description: {'vulners_cve_data_all': 'yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31725 was patched at 2024-05-15

8624. Memory Corruption - Unknown Product (CVE-2023-34824) - Low [160]

Description: {'vulners_cve_data_all': 'fdkaac before 1.0.5 was discovered to contain a heap buffer overflow in caf_info function in caf_reader.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34824 was patched at 2024-05-15

8625. Memory Corruption - Unknown Product (CVE-2023-42363) - Low [160]

Description: {'vulners_cve_data_all': 'A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-42363 was patched at 2024-05-15

8626. Memory Corruption - Unknown Product (CVE-2024-24826) - Low [160]

Description: {'vulners_cve_data_all': 'Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-24826 was patched at 2024-05-15

8627. Memory Corruption - Unknown Product (CVE-2024-2824) - Low [160]

Description: {'vulners_cve_data_all': 'A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257711.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-2824 was patched at 2024-05-15

debian: CVE-2024-28243 was patched at 2024-05-15

debian: CVE-2024-28244 was patched at 2024-05-15

debian: CVE-2024-28245 was patched at 2024-05-15

debian: CVE-2024-28246 was patched at 2024-05-15

8628. Memory Corruption - Unknown Product (CVE-2024-3209) - Low [160]

Description: {'vulners_cve_data_all': 'A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3209 was patched at 2024-05-15

8629. Memory Corruption - Unknown Product (CVE-2024-4418) - Low [160]

Description: {'vulners_cve_data_all': 'A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

redos: CVE-2024-4418 was patched at 2024-06-07

ubuntu: CVE-2024-4418 was patched at 2024-05-07

8630. Path Traversal - Unknown Product (CVE-2012-3865) - Low [160]

Description: {'vulners_cve_data_all': 'Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3865 was patched at 2024-05-15

8631. Path Traversal - Unknown Product (CVE-2022-4123) - Low [160]

Description: {'vulners_cve_data_all': 'A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-4123 was patched at 2024-05-15

8632. Path Traversal - Unknown Product (CVE-2024-1433) - Low [160]

Description: {'vulners_cve_data_all': 'A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-253407. NOTE: This requires write access to user's home or the installation of third party global themes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-1433 was patched at 2024-05-15, 2024-06-15

8633. Security Feature Bypass - Unknown Product (CVE-2023-46839) - Low [160]

Description: {'vulners_cve_data_all': 'PCI devices can make use of a functionality called phantom functions,\nthat when enabled allows the device to generate requests using the IDs\nof functions that are otherwise unpopulated. This allows a device to\nextend the number of outstanding requests.\n\nSuch phantom functions need an IOMMU context setup, but failure to\nsetup the context is not fatal when the device is assigned. Not\nfailing device assignment when such failure happens can lead to the\nprimary device being assigned to a guest, while some of the phantom\nfunctions are assigned to a different domain.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46839 was patched at 2024-05-15

8634. Security Feature Bypass - Unknown Product (CVE-2024-21742) - Low [160]

Description: {'vulners_cve_data_all': 'Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message.\nThis can be exploited by an attacker to add unintended headers to MIME messages.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-21742 was patched at 2024-05-15

8635. Security Feature Bypass - Unknown Product (CVE-2024-2307) - Low [160]

Description: {'vulners_cve_data_all': 'A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.915Security Feature Bypass
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-2307 was patched at 2024-04-30, 2024-05-22

oraclelinux: CVE-2024-2307 was patched at 2024-05-03, 2024-05-24

redhat: CVE-2024-2307 was patched at 2024-04-30, 2024-05-22

8636. Unknown Vulnerability Type - Exim (CVE-2006-1251) - Low [159]

Description: {'vulners_cve_data_all': 'Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provides the argument to the rm command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Exim is a mail transfer agent (MTA) used on Unix-like operating systems
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1251 was patched at 2024-05-15

8637. Unknown Vulnerability Type - Internet Explorer (CVE-2004-2480) - Low [159]

Description: {'vulners_cve_data_all': 'Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Internet Explorer is a discontinued series of graphical web browsers developed by Microsoft
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2480 was patched at 2024-05-15

8638. Unknown Vulnerability Type - Oracle Java SE (CVE-2016-3498) - Low [159]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Oracle Java SE
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3498 was patched at 2024-05-15

8639. Unknown Vulnerability Type - Perl (CVE-2002-1323) - Low [159]

Description: {'vulners_cve_data_all': 'Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1323 was patched at 2024-05-15

8640. Unknown Vulnerability Type - Perl (CVE-2002-1348) - Low [159]

Description: {'vulners_cve_data_all': 'w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1348 was patched at 2024-05-15

8641. Unknown Vulnerability Type - Perl (CVE-2003-0130) - Low [159]

Description: {'vulners_cve_data_all': 'The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0130 was patched at 2024-05-15

8642. Unknown Vulnerability Type - Perl (CVE-2003-0949) - Low [159]

Description: {'vulners_cve_data_all': 'xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0949 was patched at 2024-05-15

8643. Unknown Vulnerability Type - Perl (CVE-2004-0371) - Low [159]

Description: {'vulners_cve_data_all': 'Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0371 was patched at 2024-05-15

8644. Unknown Vulnerability Type - Perl (CVE-2004-0426) - Low [159]

Description: {'vulners_cve_data_all': 'rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0426 was patched at 2024-05-15

8645. Unknown Vulnerability Type - Perl (CVE-2004-0749) - Low [159]

Description: {'vulners_cve_data_all': 'The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0749 was patched at 2024-05-15

8646. Unknown Vulnerability Type - Perl (CVE-2004-1001) - Low [159]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1001 was patched at 2024-05-15

8647. Unknown Vulnerability Type - Perl (CVE-2004-2215) - Low [159]

Description: {'vulners_cve_data_all': 'RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2215 was patched at 2024-05-15

8648. Unknown Vulnerability Type - Perl (CVE-2005-0106) - Low [159]

Description: {'vulners_cve_data_all': 'SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0106 was patched at 2024-05-15

8649. Unknown Vulnerability Type - Perl (CVE-2005-0155) - Low [159]

Description: {'vulners_cve_data_all': 'The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0155 was patched at 2024-05-15

8650. Unknown Vulnerability Type - Perl (CVE-2005-0241) - Low [159]

Description: {'vulners_cve_data_all': 'The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0241 was patched at 2024-05-15

8651. Unknown Vulnerability Type - Perl (CVE-2005-0391) - Low [159]

Description: {'vulners_cve_data_all': 'geneweb 4.10 and earlier does not properly check file permissions and content during conversion, which allows attackers to modify arbitrary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0391 was patched at 2024-05-15

8652. Unknown Vulnerability Type - Perl (CVE-2005-0653) - Low [159]

Description: {'vulners_cve_data_all': 'phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0653 was patched at 2024-05-15

8653. Unknown Vulnerability Type - Perl (CVE-2005-1527) - Low [159]

Description: {'vulners_cve_data_all': 'Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1527 was patched at 2024-05-15

8654. Unknown Vulnerability Type - Perl (CVE-2005-3148) - Low [159]

Description: {'vulners_cve_data_all': 'StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3148 was patched at 2024-05-15

8655. Unknown Vulnerability Type - Perl (CVE-2005-3149) - Low [159]

Description: {'vulners_cve_data_all': 'Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM_VANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3149 was patched at 2024-05-15

8656. Unknown Vulnerability Type - Perl (CVE-2005-3351) - Low [159]

Description: {'vulners_cve_data_all': 'SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3351 was patched at 2024-05-15

8657. Unknown Vulnerability Type - Perl (CVE-2005-4158) - Low [159]

Description: {'vulners_cve_data_all': 'Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4158 was patched at 2024-05-15

8658. Unknown Vulnerability Type - Perl (CVE-2006-2224) - Low [159]

Description: {'vulners_cve_data_all': 'RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2224 was patched at 2024-05-15

8659. Unknown Vulnerability Type - Perl (CVE-2006-5969) - Low [159]

Description: {'vulners_cve_data_all': 'CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2003-1308.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5969 was patched at 2024-05-15

8660. Unknown Vulnerability Type - Perl (CVE-2007-1264) - Low [159]

Description: {'vulners_cve_data_all': 'Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1264 was patched at 2024-05-15

8661. Unknown Vulnerability Type - Perl (CVE-2007-1266) - Low [159]

Description: {'vulners_cve_data_all': 'Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1266 was patched at 2024-05-15

8662. Unknown Vulnerability Type - Perl (CVE-2007-1267) - Low [159]

Description: {'vulners_cve_data_all': 'Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1267 was patched at 2024-05-15

8663. Unknown Vulnerability Type - Perl (CVE-2007-1268) - Low [159]

Description: {'vulners_cve_data_all': 'Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1268 was patched at 2024-05-15

8664. Unknown Vulnerability Type - Perl (CVE-2007-1269) - Low [159]

Description: {'vulners_cve_data_all': 'GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1269 was patched at 2024-05-15

8665. Unknown Vulnerability Type - Perl (CVE-2007-2637) - Low [159]

Description: {'vulners_cve_data_all': 'MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2637 was patched at 2024-05-15

8666. Unknown Vulnerability Type - Perl (CVE-2008-1099) - Low [159]

Description: {'vulners_cve_data_all': '_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1099 was patched at 2024-05-15

8667. Unknown Vulnerability Type - Perl (CVE-2008-4106) - Low [159]

Description: {'vulners_cve_data_all': 'WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4106 was patched at 2024-05-15

8668. Unknown Vulnerability Type - Perl (CVE-2010-4706) - Low [159]

Description: {'vulners_cve_data_all': 'The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that relies on the pam_xauth PAM check.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4706 was patched at 2024-05-15

8669. Unknown Vulnerability Type - Perl (CVE-2011-0986) - Low [159]

Description: {'vulners_cve_data_all': 'phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not properly handle the absence of the (1) README, (2) ChangeLog, and (3) LICENSE files, which allows remote attackers to obtain the installation path via a direct request for a nonexistent file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0986 was patched at 2024-05-15

8670. Unknown Vulnerability Type - Perl (CVE-2012-1111) - Low [159]

Description: {'vulners_cve_data_all': 'lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1111 was patched at 2024-05-15

8671. Unknown Vulnerability Type - Perl (CVE-2012-2054) - Low [159]

Description: {'vulners_cve_data_all': 'Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the (1) Comment, (2) Document, (3) IssueCategory, (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8) Version, (9) Wiki, (10) UserPreference, or (11) Board model via a modified URL, related to a "mass assignment" vulnerability, a different vulnerability than CVE-2012-0327.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2054 was patched at 2024-05-15

8672. Unknown Vulnerability Type - Perl (CVE-2012-3356) - Low [159]

Description: {'vulners_cve_data_all': 'The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3356 was patched at 2024-05-15

8673. Unknown Vulnerability Type - Perl (CVE-2012-3426) - Low [159]

Description: {'vulners_cve_data_all': 'OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3426 was patched at 2024-05-15

8674. Unknown Vulnerability Type - Perl (CVE-2012-4463) - Low [159]

Description: {'vulners_cve_data_all': 'Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4463 was patched at 2024-05-15

8675. Unknown Vulnerability Type - Perl (CVE-2012-6112) - Low [159]

Description: {'vulners_cve_data_all': 'classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6112 was patched at 2024-05-15

8676. Unknown Vulnerability Type - Perl (CVE-2013-1654) - Low [159]

Description: {'vulners_cve_data_all': 'Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet Enterprise 2.7.x before 2.7.2, does not properly negotiate the SSL protocol between client and master, which allows remote attackers to conduct SSLv2 downgrade attacks against SSLv3 sessions via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1654 was patched at 2024-05-15

8677. Unknown Vulnerability Type - Perl (CVE-2013-4294) - Low [159]

Description: {'vulners_cve_data_all': 'The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4294 was patched at 2024-05-15

8678. Unknown Vulnerability Type - Perl (CVE-2013-7322) - Low [159]

Description: {'vulners_cve_data_all': 'usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password (OTP) type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay attacks, as demonstrated by a commented out line when using libpam-oath.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7322 was patched at 2024-05-15

8679. Unknown Vulnerability Type - Perl (CVE-2013-7491) - Low [159]

Description: {'vulners_cve_data_all': 'An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7491 was patched at 2024-05-15

8680. Unknown Vulnerability Type - Perl (CVE-2015-0856) - Low [159]

Description: {'vulners_cve_data_all': 'daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0856 was patched at 2024-05-15

8681. Unknown Vulnerability Type - Perl (CVE-2018-15869) - Low [159]

Description: {'vulners_cve_data_all': 'An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-15869 was patched at 2024-05-15

8682. Unknown Vulnerability Type - Perl (CVE-2018-19516) - Low [159]

Description: {'vulners_cve_data_all': 'messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19516 was patched at 2024-05-15

8683. Unknown Vulnerability Type - Perl (CVE-2019-19960) - Low [159]

Description: {'vulners_cve_data_all': 'In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19960 was patched at 2024-05-15

8684. Unknown Vulnerability Type - Perl (CVE-2020-14196) - Low [159]

Description: {'vulners_cve_data_all': 'In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-14196 was patched at 2024-05-15

8685. Unknown Vulnerability Type - Perl (CVE-2020-5225) - Low [159]

Description: {'vulners_cve_data_all': 'Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5225 was patched at 2024-05-15

8686. Unknown Vulnerability Type - Perl (CVE-2020-5274) - Low [159]

Description: {'vulners_cve_data_all': 'In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace. In addition, the stacktrace were displayed even in a non-debug configuration. The ErrorHandler now escape alls properties of the exception, and the stacktrace is only display in debug configuration. This issue is patched in symfony/http-foundation versions 4.4.5 and 5.0.5', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5274 was patched at 2024-05-15

8687. Unknown Vulnerability Type - Perl (CVE-2021-32062) - Low [159]

Description: {'vulners_cve_data_all': 'MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32062 was patched at 2024-05-15

8688. Unknown Vulnerability Type - Perl (CVE-2022-24773) - Low [159]

Description: {'vulners_cve_data_all': 'Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24773 was patched at 2024-05-15

8689. Unknown Vulnerability Type - Perl (CVE-2023-32685) - Low [159]

Description: {'vulners_cve_data_all': 'Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document on a vulnerable Kanboard instance can trick the victim into pasting malicious screenshot data and achieve cross-site scripting if CSP is improperly configured. This issue has been patched in version 1.2.29.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-32685 was patched at 2024-05-15

8690. Unknown Vulnerability Type - Python (CVE-2004-2680) - Low [159]

Description: {'vulners_cve_data_all': 'mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2680 was patched at 2024-05-15

8691. Unknown Vulnerability Type - Python (CVE-2005-2966) - Low [159]

Description: {'vulners_cve_data_all': 'The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2966 was patched at 2024-05-15

8692. Unknown Vulnerability Type - Python (CVE-2016-1494) - Low [159]

Description: {'vulners_cve_data_all': 'The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1494 was patched at 2024-05-15

8693. Unknown Vulnerability Type - Python (CVE-2017-1000246) - Low [159]

Description: {'vulners_cve_data_all': 'Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000246 was patched at 2024-05-15

8694. Unknown Vulnerability Type - Python (CVE-2018-17175) - Low [159]

Description: {'vulners_cve_data_all': 'In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynamically using the "only" option, and there is a user role that produces an empty value for "only").', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17175 was patched at 2024-05-15

8695. Unknown Vulnerability Type - Python (CVE-2024-27305) - Low [159]

Description: {'vulners_cve_data_all': 'aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send smuggle/spoof e-mails with fake sender addresses, allowing advanced phishing attacks. This issue is also existed in other SMTP software like Postfix. With the right SMTP server constellation, an attacker can send spoofed e-mails to inbound/receiving aiosmtpd instances. This issue has been addressed in version 1.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27305 was patched at 2024-05-15

8696. Unknown Vulnerability Type - Roundcube (CVE-2010-0464) - Low [159]

Description: {'vulners_cve_data_all': 'Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0464 was patched at 2024-05-15

8697. Unknown Vulnerability Type - Wireshark (CVE-2006-5595) - Low [159]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the AirPcap support in Wireshark (formerly Ethereal) 0.99.3 has unspecified attack vectors related to WEP key parsing.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5595 was patched at 2024-05-15

8698. Unknown Vulnerability Type - ownCloud (CVE-2015-7298) - Low [159]

Description: {'vulners_cve_data_all': 'ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614ownCloud is an open-source software product for sharing and syncing of files in distributed and federated enterprise scenarios
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7298 was patched at 2024-05-15

8699. Unknown Vulnerability Type - wpa_supplicant (CVE-2021-30004) - Low [159]

Description: {'vulners_cve_data_all': 'In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614wpa_supplicant is a free software implementation of an IEEE 802.11i supplicant for Linux, FreeBSD, NetBSD, QNX, AROS, Microsoft Windows, Solaris, OS/2 (including ArcaOS and eComStation) and Haiku
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30004 was patched at 2024-05-15

8700. Unknown Vulnerability Type - APT (CVE-2012-0961) - Low [157]

Description: {'vulners_cve_data_all': 'Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, 0.8.16~exp12ubuntu10.x before 0.8.16~exp12ubuntu10.7, and 0.9.7.5ubuntu5.x before 0.9.7.5ubuntu5.2, as used in Ubuntu, uses world-readable permissions for /var/log/apt/term.log, which allows local users to obtain sensitive shell information by reading the log file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A free-software user interface that works with core libraries to handle the installation and removal of software on Debian
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0961 was patched at 2024-05-15

8701. Unknown Vulnerability Type - GNOME desktop (CVE-2005-0023) - Low [157]

Description: {'vulners_cve_data_all': 'gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0023 was patched at 2024-05-15

8702. Unknown Vulnerability Type - GNOME desktop (CVE-2013-4509) - Low [157]

Description: {'vulners_cve_data_all': 'The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4509 was patched at 2024-05-15

8703. Unknown Vulnerability Type - GNU C Library (CVE-2004-0968) - Low [157]

Description: {'vulners_cve_data_all': 'The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0968 was patched at 2024-05-15

8704. Unknown Vulnerability Type - GNU C Library (CVE-2004-1453) - Low [157]

Description: {'vulners_cve_data_all': 'GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814The GNU C Library, commonly known as glibc, is the GNU Project's implementation of the C standard library
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1453 was patched at 2024-05-15

8705. Unknown Vulnerability Type - OpenSSL (CVE-2004-0975) - Low [157]

Description: {'vulners_cve_data_all': 'The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0975 was patched at 2024-05-15

8706. Unknown Vulnerability Type - Xlib (CVE-2006-5397) - Low [157]

Description: {'vulners_cve_data_all': 'The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Xlib (also known as libX11) is an X Window System protocol client library written in the C programming language
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5397 was patched at 2024-05-15

8707. Unknown Vulnerability Type - Cacti (CVE-2017-12927) - Low [154]

Description: {'vulners_cve_data_all': 'A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12927 was patched at 2024-05-15

8708. Unknown Vulnerability Type - Cacti (CVE-2024-31443) - Low [154]

Description: {'vulners_cve_data_all': 'Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.610CVSS Base Score is 5.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31443 was patched at 2024-05-15

8709. Unknown Vulnerability Type - DNSSEC (CVE-2017-15090) - Low [154]

Description: {'vulners_cve_data_all': 'An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15090 was patched at 2024-05-15

8710. Unknown Vulnerability Type - DNSSEC (CVE-2018-14644) - Low [154]

Description: {'vulners_cve_data_all': 'An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14644 was patched at 2024-05-15

8711. Unknown Vulnerability Type - HID (CVE-2010-4768) - Low [154]

Description: {'vulners_cve_data_all': 'Open Ticket Request System (OTRS) before 2.3.5 does not properly disable hidden permissions, which allows remote authenticated users to bypass intended queue access restrictions in opportunistic circumstances by visiting a ticket, related to a certain ordering of permission-set and permission-remove operations involving both hidden permissions and other permissions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514HID
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4768 was patched at 2024-05-15

8712. Unknown Vulnerability Type - HID (CVE-2016-5026) - Low [154]

Description: {'vulners_cve_data_all': 'hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the /tmp/onionshare directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514HID
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5026 was patched at 2024-05-15

8713. Unknown Vulnerability Type - HID (CVE-2023-32076) - Low [154]

Description: {'vulners_cve_data_all': 'in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the files read is `.in_totorc` which is a hidden file in the directory in which in-toto is run. If an attacker controls the inputs to a supply chain step, they can mask their activities by also passing in an `.in_totorc` file that includes the necessary exclude patterns and settings. RC files are widely used in other systems and security issues have been discovered in their implementations as well. Maintainers found in their conversations with in-toto adopters that `in_totorc` is not their preferred way to configure in-toto. As none of the options supported in `in_totorc` is unique, and can be set elsewhere using API parameters or CLI arguments, the maintainers decided to drop support for `in_totorc`. in-toto's `user_settings` module has been dropped altogether in commit 3a21d84f40811b7d191fa7bd17265c1f99599afd. Users may also sandbox functionary code as a security measure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514HID
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-32076 was patched at 2024-05-15

8714. Unknown Vulnerability Type - Libarchive (CVE-2017-15874) - Low [154]

Description: {'vulners_cve_data_all': 'archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Multi-format archive and compression library
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15874 was patched at 2024-05-15

8715. Unknown Vulnerability Type - NumPy (CVE-2014-1858) - Low [154]

Description: {'vulners_cve_data_all': '__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514NumPy is a library for the Python programming language, adding support for large, multi-dimensional arrays and matrices, along with a large collection of high-level mathematical functions
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1858 was patched at 2024-05-15

8716. Unknown Vulnerability Type - NumPy (CVE-2014-1859) - Low [154]

Description: {'vulners_cve_data_all': '(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514NumPy is a library for the Python programming language, adding support for large, multi-dimensional arrays and matrices, along with a large collection of high-level mathematical functions
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1859 was patched at 2024-05-15

8717. Unknown Vulnerability Type - TLS (CVE-2006-3411) - Low [154]

Description: {'vulners_cve_data_all': 'TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3411 was patched at 2024-05-15

8718. Unknown Vulnerability Type - TLS (CVE-2011-2768) - Low [154]

Description: {'vulners_cve_data_all': 'Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2768 was patched at 2024-05-15

8719. Unknown Vulnerability Type - TLS (CVE-2013-4584) - Low [154]

Description: {'vulners_cve_data_all': 'Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssl_outgoing_ciphers not being applied to STARTTLS connections', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4584 was patched at 2024-05-15

8720. Unknown Vulnerability Type - TLS (CVE-2014-2903) - Low [154]

Description: {'vulners_cve_data_all': 'CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2903 was patched at 2024-05-15

8721. Unknown Vulnerability Type - TLS (CVE-2018-1000159) - Low [154]

Description: {'vulners_cve_data_all': 'tlslite-ng version 0.7.3 and earlier, since commit d7b288316bca7bcdd082e6ccff5491e241305233 contains a CWE-354: Improper Validation of Integrity Check Value vulnerability in TLS implementation, tlslite/utils/constanttime.py: ct_check_cbc_mac_and_pad(); line "end_pos = data_len - 1 - mac.digest_size" that can result in an attacker manipulating the TLS ciphertext which will not be detected by receiving tlslite-ng. This attack appears to be exploitable via man in the middle on a network connection. This vulnerability appears to have been fixed after commit 3674815d1b0f7484454995e2737a352e0a6a93d8.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000159 was patched at 2024-05-15

8722. Unknown Vulnerability Type - TLS (CVE-2018-16868) - Low [154]

Description: {'vulners_cve_data_all': 'A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same physical core as the victim process, could use this to extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.610CVSS Base Score is 5.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16868 was patched at 2024-05-15

8723. Unknown Vulnerability Type - TLS (CVE-2018-16870) - Low [154]

Description: {'vulners_cve_data_all': 'It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16870 was patched at 2024-05-15

8724. Unknown Vulnerability Type - TLS (CVE-2020-12872) - Low [154]

Description: {'vulners_cve_data_all': 'yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-12872 was patched at 2024-05-15

8725. Unknown Vulnerability Type - TLS (CVE-2020-24392) - Low [154]

Description: {'vulners_cve_data_all': 'In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24392 was patched at 2024-05-15

8726. Unknown Vulnerability Type - TLS (CVE-2020-29547) - Low [154]

Description: {'vulners_cve_data_all': 'An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-29547 was patched at 2024-05-15

8727. Unknown Vulnerability Type - TLS (CVE-2021-38370) - Low [154]

Description: {'vulners_cve_data_all': 'In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38370 was patched at 2024-05-15

8728. Unknown Vulnerability Type - TRIE (CVE-2006-3407) - Low [154]

Description: {'vulners_cve_data_all': 'Tor before 0.1.1.20 allows remote attackers to spoof log entries or possibly execute shell code via strings with non-printable characters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3407 was patched at 2024-05-15

8729. Unknown Vulnerability Type - TRIE (CVE-2023-4771) - Low [154]

Description: {'vulners_cve_data_all': 'A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user's information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-4771 was patched at 2024-05-15

8730. Unknown Vulnerability Type - TRIE (CVE-2024-28246) - Low [154]

Description: {'vulners_cve_data_all': 'KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate `javascript:` links in the output, even if the `trust` function tries to forbid this protocol via `trust: (context) => context.protocol !== 'javascript'`. Upgrade to KaTeX v0.16.10 to remove this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28246 was patched at 2024-05-15

8731. Unknown Vulnerability Type - libjpeg (CVE-2022-32201) - Low [154]

Description: {'vulners_cve_data_all': 'In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-32201 was patched at 2024-05-15

8732. Unknown Vulnerability Type - libjpeg (CVE-2022-32202) - Low [154]

Description: {'vulners_cve_data_all': 'In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-32202 was patched at 2024-05-15

8733. Unknown Vulnerability Type - libjpeg (CVE-2022-35166) - Low [154]

Description: {'vulners_cve_data_all': 'libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514libjpeg
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35166 was patched at 2024-05-15

8734. Unknown Vulnerability Type - Kubernetes (CVE-2020-8562) - Low [152]

Description: {'vulners_cve_data_all': 'As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
CVSS Base Score0.310CVSS Base Score is 3.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-8562 was patched at 2024-05-15

8735. Unknown Vulnerability Type - Kubernetes (CVE-2021-25740) - Low [152]

Description: {'vulners_cve_data_all': 'A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714Kubernetes is an open-source container orchestration system for automating software deployment, scaling, and management
CVSS Base Score0.310CVSS Base Score is 3.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-25740 was patched at 2024-05-15

8736. Unknown Vulnerability Type - MediaWiki (CVE-2011-1580) - Low [152]

Description: {'vulners_cve_data_all': 'The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714MediaWiki is a free server-based wiki software, licensed under the GNU General Public License (GPL)
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1580 was patched at 2024-05-15

8737. Unknown Vulnerability Type - QEMU (CVE-2020-25741) - Low [152]

Description: {'vulners_cve_data_all': 'fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.310CVSS Base Score is 3.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25741 was patched at 2024-05-15

8738. Elevation of Privilege - Unknown Product (CVE-2023-6917) - Low [151]

Description: {'vulners_cve_data_all': 'A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-6917 was patched at 2024-04-30

debian: CVE-2023-6917 was patched at 2024-05-15

oraclelinux: CVE-2023-6917 was patched at 2024-05-03

redhat: CVE-2023-6917 was patched at 2024-04-30

8739. Elevation of Privilege - Unknown Product (CVE-2024-28285) - Low [151]

Description: {'vulners_cve_data_all': 'A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8515Elevation of Privilege
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28285 was patched at 2024-05-15

8740. Unknown Vulnerability Type - AMD Processor (CVE-2021-47140) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: Clear DMA ops when switching domain\n\nSince commit 08a27c1c3ecf ("iommu: Add support to change default domain\nof an iommu group") a user can switch a device between IOMMU and direct\nDMA through sysfs. This doesn't work for AMD IOMMU at the moment because\ndev->dma_ops is not cleared when switching from a DMA to an identity\nIOMMU domain. The DMA layer thus attempts to use the dma-iommu ops on an\nidentity domain, causing an oops:\n\n # echo 0000:00:05.0 > /sys/sys/bus/pci/drivers/e1000e/unbind\n # echo identity > /sys/bus/pci/devices/0000:00:05.0/iommu_group/type\n # echo 0000:00:05.0 > /sys/sys/bus/pci/drivers/e1000e/bind\n ...\n BUG: kernel NULL pointer dereference, address: 0000000000000028\n ...\n Call Trace:\n iommu_dma_alloc\n e1000e_setup_tx_resources\n e1000e_open\n\nSince iommu_change_dev_def_domain() calls probe_finalize() again, clear\nthe dma_ops there like Vt-d does.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Processor
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47140 was patched at 2024-05-15

8741. Unknown Vulnerability Type - AMD Processor (CVE-2024-26916) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRevert "drm/amd: flush any delayed gfxoff on suspend entry"\n\ncommit ab4750332dbe ("drm/amdgpu/sdma5.2: add begin/end_use ring\ncallbacks") caused GFXOFF control to be used more heavily and the\ncodepath that was removed from commit 0dee72639533 ("drm/amd: flush any\ndelayed gfxoff on suspend entry") now can be exercised at suspend again.\n\nUsers report that by using GNOME to suspend the lockscreen trigger will\ncause SDMA traffic and the system can deadlock.\n\nThis reverts commit 0dee726395333fea833eaaf838bc80962df886c8.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Processor
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26916 was patched at 2024-05-15

ubuntu: CVE-2024-26916 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

8742. Unknown Vulnerability Type - GPAC (CVE-2020-23928) - Low [150]

Description: {'vulners_cve_data_all': 'An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23928 was patched at 2024-05-15

8743. Unknown Vulnerability Type - GPAC (CVE-2020-23931) - Low [150]

Description: {'vulners_cve_data_all': 'An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23931 was patched at 2024-05-15

8744. Unknown Vulnerability Type - GPAC (CVE-2022-30976) - Low [150]

Description: {'vulners_cve_data_all': 'GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-30976 was patched at 2024-05-15

8745. Unknown Vulnerability Type - GPAC (CVE-2023-3013) - Low [150]

Description: {'vulners_cve_data_all': 'Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-3013 was patched at 2024-05-15

8746. Unknown Vulnerability Type - GPAC (CVE-2023-52079) - Low [150]

Description: {'vulners_cve_data_all': 'msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Prior to 1.10.1, when decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop. The fix is available in v1.10.1. \nExploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

redos: CVE-2023-52079 was patched at 2024-04-18

8747. Unknown Vulnerability Type - Git (CVE-2016-9645) - Low [150]

Description: {'vulners_cve_data_all': 'The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9645 was patched at 2024-05-15

8748. Unknown Vulnerability Type - Git (CVE-2020-15216) - Low [150]

Description: {'vulners_cve_data_all': 'In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb9615e64 or version 1.1.0', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15216 was patched at 2024-05-15

8749. Unknown Vulnerability Type - Git (CVE-2020-28483) - Low [150]

Description: {'vulners_cve_data_all': 'This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28483 was patched at 2024-05-15

8750. Unknown Vulnerability Type - Git (CVE-2021-3701) - Low [150]

Description: {'vulners_cve_data_all': 'A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.710CVSS Base Score is 6.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3701 was patched at 2024-05-15

8751. Unknown Vulnerability Type - Git (CVE-2022-1201) - Low [150]

Description: {'vulners_cve_data_all': 'NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability of the system.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1201 was patched at 2024-05-15

8752. Unknown Vulnerability Type - Git (CVE-2023-26125) - Low [150]

Description: {'vulners_cve_data_all': 'Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header, potentially leading to cache poisoning.\r\r**Note:** Although this issue does not pose a significant threat on its own it can serve as an input vector for other more impactful vulnerabilities. However, successful exploitation may depend on the server configuration and whether the header is used in the application logic.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.710CVSS Base Score is 7.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26125 was patched at 2024-05-15

8753. Unknown Vulnerability Type - Linux Kernel (CVE-2020-36778) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: xiic: fix reference leak when pm_runtime_get_sync fails\n\nThe PM reference count is not expected to be incremented on\nreturn in xiic_xfer and xiic_i2c_remove.\n\nHowever, pm_runtime_get_sync will increment the PM reference\ncount even failed. Forgetting to putting operation will result\nin a reference leak here.\n\nReplace it with pm_runtime_resume_and_get to keep usage\ncounter balanced.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36778 was patched at 2024-05-15

8754. Unknown Vulnerability Type - Linux Kernel (CVE-2020-36779) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: stm32f7: fix reference leak when pm_runtime_get_sync fails\n\nThe PM reference count is not expected to be incremented on\nreturn in these stm32f7_i2c_xx serious functions.\n\nHowever, pm_runtime_get_sync will increment the PM reference\ncount even failed. Forgetting to putting operation will result\nin a reference leak here.\n\nReplace it with pm_runtime_resume_and_get to keep usage\ncounter balanced.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36779 was patched at 2024-05-15

8755. Unknown Vulnerability Type - Linux Kernel (CVE-2020-36780) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: sprd: fix reference leak when pm_runtime_get_sync fails\n\nThe PM reference count is not expected to be incremented on\nreturn in sprd_i2c_master_xfer() and sprd_i2c_remove().\n\nHowever, pm_runtime_get_sync will increment the PM reference\ncount even failed. Forgetting to putting operation will result\nin a reference leak here.\n\nReplace it with pm_runtime_resume_and_get to keep usage\ncounter balanced.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36780 was patched at 2024-05-15

8756. Unknown Vulnerability Type - Linux Kernel (CVE-2020-36781) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: imx: fix reference leak when pm_runtime_get_sync fails\n\nIn i2c_imx_xfer() and i2c_imx_remove(), the pm reference count\nis not expected to be incremented on return.\n\nHowever, pm_runtime_get_sync will increment pm reference count\neven failed. Forgetting to putting operation will result in a\nreference leak here.\n\nReplace it with pm_runtime_resume_and_get to keep usage\ncounter balanced.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36781 was patched at 2024-05-15

8757. Unknown Vulnerability Type - Linux Kernel (CVE-2020-36782) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails\n\nThe PM reference count is not expected to be incremented on\nreturn in lpi2c_imx_master_enable.\n\nHowever, pm_runtime_get_sync will increment the PM reference\ncount even failed. Forgetting to putting operation will result\nin a reference leak here.\n\nReplace it with pm_runtime_resume_and_get to keep usage\ncounter balanced.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36782 was patched at 2024-05-15

8758. Unknown Vulnerability Type - Linux Kernel (CVE-2020-36783) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: img-scb: fix reference leak when pm_runtime_get_sync fails\n\nThe PM reference count is not expected to be incremented on\nreturn in functions img_i2c_xfer and img_i2c_init.\n\nHowever, pm_runtime_get_sync will increment the PM reference\ncount even failed. Forgetting to putting operation will result\nin a reference leak here.\n\nReplace it with pm_runtime_resume_and_get to keep usage\ncounter balanced.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36783 was patched at 2024-05-15

8759. Unknown Vulnerability Type - Linux Kernel (CVE-2020-36784) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: cadence: fix reference leak when pm_runtime_get_sync fails\n\nThe PM reference count is not expected to be incremented on\nreturn in functions cdns_i2c_master_xfer and cdns_reg_slave.\n\nHowever, pm_runtime_get_sync will increment pm usage counter\neven failed. Forgetting to putting operation will result in a\nreference leak here.\n\nReplace it with pm_runtime_resume_and_get to keep usage\ncounter balanced.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36784 was patched at 2024-05-15

8760. Unknown Vulnerability Type - Linux Kernel (CVE-2020-36785) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: atomisp: Fix use after free in atomisp_alloc_css_stat_bufs()\n\nThe "s3a_buf" is freed along with all the other items on the\n"asd->s3a_stats" list. It leads to a double free and a use after free.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36785 was patched at 2024-05-15

8761. Unknown Vulnerability Type - Linux Kernel (CVE-2020-36787) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: aspeed: fix clock handling logic\n\nVideo engine uses eclk and vclk for its clock sources and its reset\ncontrol is coupled with eclk so the current clock enabling sequence works\nlike below.\n\n Enable eclk\n De-assert Video Engine reset\n 10ms delay\n Enable vclk\n\nIt introduces improper reset on the Video Engine hardware and eventually\nthe hardware generates unexpected DMA memory transfers that can corrupt\nmemory region in random and sporadic patterns. This issue is observed\nvery rarely on some specific AST2500 SoCs but it causes a critical\nkernel panic with making a various shape of signature so it's extremely\nhard to debug. Moreover, the issue is observed even when the video\nengine is not actively used because udevd turns on the video engine\nhardware for a short time to make a query in every boot.\n\nTo fix this issue, this commit changes the clock handling logic to make\nthe reset de-assertion triggered after enabling both eclk and vclk. Also,\nit adds clk_unprepare call for a case when probe fails.\n\nclk: ast2600: fix reset settings for eclk and vclk\nVideo engine reset setting should be coupled with eclk to match it\nwith the setting for previous Aspeed SoCs which is defined in\nclk-aspeed.c since all Aspeed SoCs are sharing a single video engine\ndriver. Also, reset bit 6 is defined as 'Video Engine' reset in\ndatasheet so it should be de-asserted when eclk is enabled. This\ncommit fixes the setting.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36787 was patched at 2024-05-15

8762. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46955) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nopenvswitch: fix stack OOB read while fragmenting IPv4 packets\n\nrunning openvswitch on kernels built with KASAN, it's possible to see the\nfollowing splat while testing fragmentation of IPv4 packets:\n\n BUG: KASAN: stack-out-of-bounds in ip_do_fragment+0x1b03/0x1f60\n Read of size 1 at addr ffff888112fc713c by task handler2/1367\n\n CPU: 0 PID: 1367 Comm: handler2 Not tainted 5.12.0-rc6+ #418\n Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014\n Call Trace:\n dump_stack+0x92/0xc1\n print_address_description.constprop.7+0x1a/0x150\n kasan_report.cold.13+0x7f/0x111\n ip_do_fragment+0x1b03/0x1f60\n ovs_fragment+0x5bf/0x840 [openvswitch]\n do_execute_actions+0x1bd5/0x2400 [openvswitch]\n ovs_execute_actions+0xc8/0x3d0 [openvswitch]\n ovs_packet_cmd_execute+0xa39/0x1150 [openvswitch]\n genl_family_rcv_msg_doit.isra.15+0x227/0x2d0\n genl_rcv_msg+0x287/0x490\n netlink_rcv_skb+0x120/0x380\n genl_rcv+0x24/0x40\n netlink_unicast+0x439/0x630\n netlink_sendmsg+0x719/0xbf0\n sock_sendmsg+0xe2/0x110\n ____sys_sendmsg+0x5ba/0x890\n ___sys_sendmsg+0xe9/0x160\n __sys_sendmsg+0xd3/0x170\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7f957079db07\n Code: c3 66 90 41 54 41 89 d4 55 48 89 f5 53 89 fb 48 83 ec 10 e8 eb ec ff ff 44 89 e2 48 89 ee 89 df 41 89 c0 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 48 89 44 24 08 e8 24 ed ff ff 48\n RSP: 002b:00007f956ce35a50 EFLAGS: 00000293 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 0000000000000019 RCX: 00007f957079db07\n RDX: 0000000000000000 RSI: 00007f956ce35ae0 RDI: 0000000000000019\n RBP: 00007f956ce35ae0 R08: 0000000000000000 R09: 00007f9558006730\n R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000\n R13: 00007f956ce37308 R14: 00007f956ce35f80 R15: 00007f956ce35ae0\n\n The buggy address belongs to the page:\n page:00000000af2a1d93 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x112fc7\n flags: 0x17ffffc0000000()\n raw: 0017ffffc0000000 0000000000000000 dead000000000122 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n addr ffff888112fc713c is located in stack of task handler2/1367 at offset 180 in frame:\n ovs_fragment+0x0/0x840 [openvswitch]\n\n this frame has 2 objects:\n [32, 144) 'ovs_dst'\n [192, 424) 'ovs_rt'\n\n Memory state around the buggy address:\n ffff888112fc7000: f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff888112fc7080: 00 f1 f1 f1 f1 00 00 00 00 00 00 00 00 00 00 00\n >ffff888112fc7100: 00 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00\n ^\n ffff888112fc7180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff888112fc7200: 00 00 00 00 00 00 f2 f2 f2 00 00 00 00 00 00 00\n\nfor IPv4 packets, ovs_fragment() uses a temporary struct dst_entry. Then,\nin the following call graph:\n\n ip_do_fragment()\n ip_skb_dst_mtu()\n ip_dst_mtu_maybe_forward()\n ip_mtu_locked()\n\nthe pointer to struct dst_entry is used as pointer to struct rtable: this\nturns the access to struct members like rt_mtu_locked into an OOB read in\nthe stack. Fix this changing the temporary variable used for IPv4 packets\nin ovs_fragment(), similarly to what is done for IPv6 few lines below.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46955 was patched at 2024-05-15

ubuntu: CVE-2021-46955 was patched at 2024-04-19

8763. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46960) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: Return correct error code from smb2_get_enc_key\n\nAvoid a warning if the error percolates back up:\n\n[440700.376476] CIFS VFS: \\\\otters.example.com crypt_message: Could not get encryption key\n[440700.386947] ------------[ cut here ]------------\n[440700.386948] err = 1\n[440700.386977] WARNING: CPU: 11 PID: 2733 at /build/linux-hwe-5.4-p6lk6L/linux-hwe-5.4-5.4.0/lib/errseq.c:74 errseq_set+0x5c/0x70\n...\n[440700.397304] CPU: 11 PID: 2733 Comm: tar Tainted: G OE 5.4.0-70-generic #78~18.04.1-Ubuntu\n...\n[440700.397334] Call Trace:\n[440700.397346] __filemap_set_wb_err+0x1a/0x70\n[440700.397419] cifs_writepages+0x9c7/0xb30 [cifs]\n[440700.397426] do_writepages+0x4b/0xe0\n[440700.397444] __filemap_fdatawrite_range+0xcb/0x100\n[440700.397455] filemap_write_and_wait+0x42/0xa0\n[440700.397486] cifs_setattr+0x68b/0xf30 [cifs]\n[440700.397493] notify_change+0x358/0x4a0\n[440700.397500] utimes_common+0xe9/0x1c0\n[440700.397510] do_utimes+0xc5/0x150\n[440700.397520] __x64_sys_utimensat+0x88/0xd0', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46960 was patched at 2024-05-15

8764. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46961) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/gic-v3: Do not enable irqs when handling spurious interrups\n\nWe triggered the following error while running our 4.19 kernel\nwith the pseudo-NMI patches backported to it:\n\n[ 14.816231] ------------[ cut here ]------------\n[ 14.816231] kernel BUG at irq.c:99!\n[ 14.816232] Internal error: Oops - BUG: 0 [#1] SMP\n[ 14.816232] Process swapper/0 (pid: 0, stack limit = 0x(____ptrval____))\n[ 14.816233] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G O 4.19.95.aarch64 #14\n[ 14.816233] Hardware name: evb (DT)\n[ 14.816234] pstate: 80400085 (Nzcv daIf +PAN -UAO)\n[ 14.816234] pc : asm_nmi_enter+0x94/0x98\n[ 14.816235] lr : asm_nmi_enter+0x18/0x98\n[ 14.816235] sp : ffff000008003c50\n[ 14.816235] pmr_save: 00000070\n[ 14.816237] x29: ffff000008003c50 x28: ffff0000095f56c0\n[ 14.816238] x27: 0000000000000000 x26: ffff000008004000\n[ 14.816239] x25: 00000000015e0000 x24: ffff8008fb916000\n[ 14.816240] x23: 0000000020400005 x22: ffff0000080817cc\n[ 14.816241] x21: ffff000008003da0 x20: 0000000000000060\n[ 14.816242] x19: 00000000000003ff x18: ffffffffffffffff\n[ 14.816243] x17: 0000000000000008 x16: 003d090000000000\n[ 14.816244] x15: ffff0000095ea6c8 x14: ffff8008fff5ab40\n[ 14.816244] x13: ffff8008fff58b9d x12: 0000000000000000\n[ 14.816245] x11: ffff000008c8a200 x10: 000000008e31fca5\n[ 14.816246] x9 : ffff000008c8a208 x8 : 000000000000000f\n[ 14.816247] x7 : 0000000000000004 x6 : ffff8008fff58b9e\n[ 14.816248] x5 : 0000000000000000 x4 : 0000000080000000\n[ 14.816249] x3 : 0000000000000000 x2 : 0000000080000000\n[ 14.816250] x1 : 0000000000120000 x0 : ffff0000095f56c0\n[ 14.816251] Call trace:\n[ 14.816251] asm_nmi_enter+0x94/0x98\n[ 14.816251] el1_irq+0x8c/0x180 (IRQ C)\n[ 14.816252] gic_handle_irq+0xbc/0x2e4\n[ 14.816252] el1_irq+0xcc/0x180 (IRQ B)\n[ 14.816253] arch_timer_handler_virt+0x38/0x58\n[ 14.816253] handle_percpu_devid_irq+0x90/0x240\n[ 14.816253] generic_handle_irq+0x34/0x50\n[ 14.816254] __handle_domain_irq+0x68/0xc0\n[ 14.816254] gic_handle_irq+0xf8/0x2e4\n[ 14.816255] el1_irq+0xcc/0x180 (IRQ A)\n[ 14.816255] arch_cpu_idle+0x34/0x1c8\n[ 14.816255] default_idle_call+0x24/0x44\n[ 14.816256] do_idle+0x1d0/0x2c8\n[ 14.816256] cpu_startup_entry+0x28/0x30\n[ 14.816256] rest_init+0xb8/0xc8\n[ 14.816257] start_kernel+0x4c8/0x4f4\n[ 14.816257] Code: 940587f1 d5384100 b9401001 36a7fd01 (d4210000)\n[ 14.816258] Modules linked in: start_dp(O) smeth(O)\n[ 15.103092] ---[ end trace 701753956cb14aa8 ]---\n[ 15.103093] Kernel panic - not syncing: Fatal exception in interrupt\n[ 15.103099] SMP: stopping secondary CPUs\n[ 15.103100] Kernel Offset: disabled\n[ 15.103100] CPU features: 0x36,a2400218\n[ 15.103100] Memory Limit: none\n\nwhich is cause by a 'BUG_ON(in_nmi())' in nmi_enter().\n\nFrom the call trace, we can find three interrupts (noted A, B, C above):\ninterrupt (A) is preempted by (B), which is further interrupted by (C).\n\nSubsequent investigations show that (B) results in nmi_enter() being\ncalled, but that it actually is a spurious interrupt. Furthermore,\ninterrupts are reenabled in the context of (B), and (C) fires with\nNMI priority. We end-up with a nested NMI situation, something\nwe definitely do not want to (and cannot) handle.\n\nThe bug here is that spurious interrupts should never result in any\nstate change, and we should just return to the interrupted context.\nMoving the handling of spurious interrupts as early as possible in\nthe GICv3 handler fixes this issue.\n\n[maz: rewrote commit message, corrected Fixes: tag]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46961 was patched at 2024-05-15

8765. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46962) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: uniphier-sd: Fix a resource leak in the remove function\n\nA 'tmio_mmc_host_free()' call is missing in the remove function, in order\nto balance a 'tmio_mmc_host_alloc()' call in the probe.\nThis is done in the error handling path of the probe, but not in the remove\nfunction.\n\nAdd the missing call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46962 was patched at 2024-05-15

8766. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46963) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand()\n\n RIP: 0010:kmem_cache_free+0xfa/0x1b0\n Call Trace:\n qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx]\n scsi_queue_rq+0x5e2/0xa40\n __blk_mq_try_issue_directly+0x128/0x1d0\n blk_mq_request_issue_directly+0x4e/0xb0\n\nFix incorrect call to free srb in qla2xxx_mqueuecommand(), as srb is now\nallocated by upper layers. This fixes smatch warning of srb unintended\nfree.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46963 was patched at 2024-05-15

8767. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46965) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: physmap: physmap-bt1-rom: Fix unintentional stack access\n\nCast &data to (char *) in order to avoid unintentionally accessing\nthe stack.\n\nNotice that data is of type u32, so any increment to &data\nwill be in the order of 4-byte chunks, and this piece of code\nis actually intended to be a byte offset.\n\nAddresses-Coverity-ID: 1497765 ("Out-of-bounds access")', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46965 was patched at 2024-05-15

8768. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46967) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvhost-vdpa: fix vm_flags for virtqueue doorbell mapping\n\nThe virtqueue doorbell is usually implemented via registeres but we\ndon't provide the necessary vma->flags like VM_PFNMAP. This may cause\nseveral issues e.g when userspace tries to map the doorbell via vhost\nIOTLB, kernel may panic due to the page is not backed by page\nstructure. This patch fixes this by setting the necessary\nvm_flags. With this patch, try to map doorbell via IOTLB will fail\nwith bad address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46967 was patched at 2024-05-15

8769. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46968) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: fix zcard and zqueue hot-unplug memleak\n\nTests with kvm and a kmemdebug kernel showed, that on hot unplug the\nzcard and zqueue structs for the unplugged card or queue are not\nproperly freed because of a mismatch with get/put for the embedded\nkref counter.\n\nThis fix now adjusts the handling of the kref counters. With init the\nkref counter starts with 1. This initial value needs to drop to zero\nwith the unregister of the card or queue to trigger the release and\nfree the object.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46968 was patched at 2024-05-15

8770. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46971) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nperf/core: Fix unconditional security_locked_down() call\n\nCurrently, the lockdown state is queried unconditionally, even though\nits result is used only if the PERF_SAMPLE_REGS_INTR bit is set in\nattr.sample_type. While that doesn't matter in case of the Lockdown LSM,\nit causes trouble with the SELinux's lockdown hook implementation.\n\nSELinux implements the locked_down hook with a check whether the current\ntask's type has the corresponding "lockdown" class permission\n("integrity" or "confidentiality") allowed in the policy. This means\nthat calling the hook when the access control decision would be ignored\ngenerates a bogus permission check and audit record.\n\nFix this by checking sample_type first and only calling the hook when\nits result would be honored.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46971 was patched at 2024-05-15

8771. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46972) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\novl: fix leaked dentry\n\nSince commit 6815f479ca90 ("ovl: use only uppermetacopy state in\novl_lookup()"), overlayfs doesn't put temporary dentry when there is a\nmetacopy error, which leads to dentry leaks when shutting down the related\nsuperblock:\n\n overlayfs: refusing to follow metacopy origin for (/file0)\n ...\n BUG: Dentry (____ptrval____){i=3f33,n=file3} still in use (1) [unmount of overlay overlay]\n ...\n WARNING: CPU: 1 PID: 432 at umount_check.cold+0x107/0x14d\n CPU: 1 PID: 432 Comm: unmount-overlay Not tainted 5.12.0-rc5 #1\n ...\n RIP: 0010:umount_check.cold+0x107/0x14d\n ...\n Call Trace:\n d_walk+0x28c/0x950\n ? dentry_lru_isolate+0x2b0/0x2b0\n ? __kasan_slab_free+0x12/0x20\n do_one_tree+0x33/0x60\n shrink_dcache_for_umount+0x78/0x1d0\n generic_shutdown_super+0x70/0x440\n kill_anon_super+0x3e/0x70\n deactivate_locked_super+0xc4/0x160\n deactivate_super+0xfa/0x140\n cleanup_mnt+0x22e/0x370\n __cleanup_mnt+0x1a/0x30\n task_work_run+0x139/0x210\n do_exit+0xb0c/0x2820\n ? __kasan_check_read+0x1d/0x30\n ? find_held_lock+0x35/0x160\n ? lock_release+0x1b6/0x660\n ? mm_update_next_owner+0xa20/0xa20\n ? reacquire_held_locks+0x3f0/0x3f0\n ? __sanitizer_cov_trace_const_cmp4+0x22/0x30\n do_group_exit+0x135/0x380\n __do_sys_exit_group.isra.0+0x20/0x20\n __x64_sys_exit_group+0x3c/0x50\n do_syscall_64+0x45/0x70\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n ...\n VFS: Busy inodes after unmount of overlay. Self-destruct in 5 seconds. Have a nice day...\n\nThis fix has been tested with a syzkaller reproducer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46972 was patched at 2024-05-15

8772. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46973) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: qrtr: Avoid potential use after free in MHI send\n\nIt is possible that the MHI ul_callback will be invoked immediately\nfollowing the queueing of the skb for transmission, leading to the\ncallback decrementing the refcount of the associated sk and freeing the\nskb.\n\nAs such the dereference of skb and the increment of the sk refcount must\nhappen before the skb is queued, to avoid the skb to be used after free\nand potentially the sk to drop its last refcount..', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46973 was patched at 2024-05-15

8773. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46974) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix masking negation logic upon negative dst register\n\nThe negation logic for the case where the off_reg is sitting in the\ndst register is not correct given then we cannot just invert the add\nto a sub or vice versa. As a fix, perform the final bitwise and-op\nunconditionally into AX from the off_reg, then move the pointer from\nthe src to dst and finally use AX as the source for the original\npointer arithmetic operation such that the inversion yields a correct\nresult. The single non-AX mov in between is possible given constant\nblinding is retaining it as it's not an immediate based operation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46974 was patched at 2024-05-15

8774. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46976) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915: Fix crash in auto_retire\n\nThe retire logic uses the 2 lower bits of the pointer to the retire\nfunction to store flags. However, the auto_retire function is not\nguaranteed to be aligned to a multiple of 4, which causes crashes as\nwe jump to the wrong address, for example like this:\n\n2021-04-24T18:03:53.804300Z WARNING kernel: [ 516.876901] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n2021-04-24T18:03:53.804310Z WARNING kernel: [ 516.876906] CPU: 7 PID: 146 Comm: kworker/u16:6 Tainted: G U 5.4.105-13595-g3cd84167b2df #1\n2021-04-24T18:03:53.804311Z WARNING kernel: [ 516.876907] Hardware name: Google Volteer2/Volteer2, BIOS Google_Volteer2.13672.76.0 02/22/2021\n2021-04-24T18:03:53.804312Z WARNING kernel: [ 516.876911] Workqueue: events_unbound active_work\n2021-04-24T18:03:53.804313Z WARNING kernel: [ 516.876914] RIP: 0010:auto_retire+0x1/0x20\n2021-04-24T18:03:53.804314Z WARNING kernel: [ 516.876916] Code: e8 01 f2 ff ff eb 02 31 db 48 89 d8 5b 5d c3 0f 1f 44 00 00 55 48 89 e5 f0 ff 87 c8 00 00 00 0f 88 ab 47 4a 00 31 c0 5d c3 0f <1f> 44 00 00 55 48 89 e5 f0 ff 8f c8 00 00 00 0f 88 9a 47 4a 00 74\n2021-04-24T18:03:53.804319Z WARNING kernel: [ 516.876918] RSP: 0018:ffff9b4d809fbe38 EFLAGS: 00010286\n2021-04-24T18:03:53.804320Z WARNING kernel: [ 516.876919] RAX: 0000000000000007 RBX: ffff927915079600 RCX: 0000000000000007\n2021-04-24T18:03:53.804320Z WARNING kernel: [ 516.876921] RDX: ffff9b4d809fbe40 RSI: 0000000000000286 RDI: ffff927915079600\n2021-04-24T18:03:53.804321Z WARNING kernel: [ 516.876922] RBP: ffff9b4d809fbe68 R08: 8080808080808080 R09: fefefefefefefeff\n2021-04-24T18:03:53.804321Z WARNING kernel: [ 516.876924] R10: 0000000000000010 R11: ffffffff92e44bd8 R12: ffff9279150796a0\n2021-04-24T18:03:53.804322Z WARNING kernel: [ 516.876925] R13: ffff92791c368180 R14: ffff927915079640 R15: 000000001c867605\n2021-04-24T18:03:53.804323Z WARNING kernel: [ 516.876926] FS: 0000000000000000(0000) GS:ffff92791ffc0000(0000) knlGS:0000000000000000\n2021-04-24T18:03:53.804323Z WARNING kernel: [ 516.876928] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n2021-04-24T18:03:53.804324Z WARNING kernel: [ 516.876929] CR2: 0000239514955000 CR3: 00000007f82da001 CR4: 0000000000760ee0\n2021-04-24T18:03:53.804325Z WARNING kernel: [ 516.876930] PKRU: 55555554\n2021-04-24T18:03:53.804325Z WARNING kernel: [ 516.876931] Call Trace:\n2021-04-24T18:03:53.804326Z WARNING kernel: [ 516.876935] __active_retire+0x77/0xcf\n2021-04-24T18:03:53.804326Z WARNING kernel: [ 516.876939] process_one_work+0x1da/0x394\n2021-04-24T18:03:53.804327Z WARNING kernel: [ 516.876941] worker_thread+0x216/0x375\n2021-04-24T18:03:53.804327Z WARNING kernel: [ 516.876944] kthread+0x147/0x156\n2021-04-24T18:03:53.804335Z WARNING kernel: [ 516.876946] ? pr_cont_work+0x58/0x58\n2021-04-24T18:03:53.804335Z WARNING kernel: [ 516.876948] ? kthread_blkcg+0x2e/0x2e\n2021-04-24T18:03:53.804336Z WARNING kernel: [ 516.876950] ret_from_fork+0x1f/0x40\n2021-04-24T18:03:53.804336Z WARNING kernel: [ 516.876952] Modules linked in: cdc_mbim cdc_ncm cdc_wdm xt_cgroup rfcomm cmac algif_hash algif_skcipher af_alg xt_MASQUERADE uinput snd_soc_rt5682_sdw snd_soc_rt5682 snd_soc_max98373_sdw snd_soc_max98373 snd_soc_rl6231 regmap_sdw snd_soc_sof_sdw snd_soc_hdac_hdmi snd_soc_dmic snd_hda_codec_hdmi snd_sof_pci snd_sof_intel_hda_common intel_ipu6_psys snd_sof_xtensa_dsp soundwire_intel soundwire_generic_allocation soundwire_cadence snd_sof_intel_hda snd_sof snd_soc_hdac_hda snd_soc_acpi_intel_match snd_soc_acpi snd_hda_ext_core soundwire_bus snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hwdep snd_hda_core intel_ipu6_isys videobuf2_dma_contig videobuf2_v4l2 videobuf2_common videobuf2_memops mei_hdcp intel_ipu6 ov2740 ov8856 at24 sx9310 dw9768 v4l2_fwnode cros_ec_typec intel_pmc_mux roles acpi_als typec fuse iio_trig_sysfs cros_ec_light_prox cros_ec_lid_angle cros_ec_sensors cros\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46976 was patched at 2024-05-15

8775. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46977) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Disable preemption when probing user return MSRs\n\nDisable preemption when probing a user return MSR via RDSMR/WRMSR. If\nthe MSR holds a different value per logical CPU, the WRMSR could corrupt\nthe host's value if KVM is preempted between the RDMSR and WRMSR, and\nthen rescheduled on a different CPU.\n\nOpportunistically land the helper in common x86, SVM will use the helper\nin a future commit.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46977 was patched at 2024-05-15

8776. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46978) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nVMX: Always make an attempt to map eVMCS after migration\n\nWhen enlightened VMCS is in use and nested state is migrated with\nvmx_get_nested_state()/vmx_set_nested_state() KVM can't map evmcs\npage right away: evmcs gpa is not 'struct kvm_vmx_nested_state_hdr'\nand we can't read it from VP assist page because userspace may decide\nto restore HV_X64_MSR_VP_ASSIST_PAGE after restoring nested state\n(and QEMU, for example, does exactly that). To make sure eVMCS is\nmapped /vmx_set_nested_state() raises KVM_REQ_GET_NESTED_STATE_PAGES\nrequest.\n\nCommit f2c7ef3ba955 ("KVM: nSVM: cancel KVM_REQ_GET_NESTED_STATE_PAGES\non nested vmexit") added KVM_REQ_GET_NESTED_STATE_PAGES clearing to\nnested_vmx_vmexit() to make sure MSR permission bitmap is not switched\nwhen an immediate exit from L2 to L1 happens right after migration (caused\nby a pending event, for example). Unfortunately, in the exact same\nsituation we still need to have eVMCS mapped so\nnested_sync_vmcs12_to_shadow() reflects changes in VMCS12 to eVMCS.\n\nAs a band-aid, restore nested_get_evmcs_page() when clearing\nKVM_REQ_GET_NESTED_STATE_PAGES in nested_vmx_vmexit(). The 'fix' is far\nfrom being ideal as we can't easily propagate possible failures and even if\nwe could, this is most likely already too late to do so. The whole\n'KVM_REQ_GET_NESTED_STATE_PAGES' idea for mapping eVMCS after migration\nseems to be fragile as we diverge too much from the 'native' path when\nvmptr loading happens on vmx_set_nested_state().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46978 was patched at 2024-05-15

8777. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46980) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: ucsi: Retrieve all the PDOs instead of just the first 4\n\ncommit 4dbc6a4ef06d ("usb: typec: ucsi: save power data objects\nin PD mode") introduced retrieval of the PDOs when connected to a\nPD-capable source. But only the first 4 PDOs are received since\nthat is the maximum number that can be fetched at a time given the\nMESSAGE_IN length limitation (16 bytes). However, as per the PD spec\na connected source may advertise up to a maximum of 7 PDOs.\n\nIf such a source is connected it's possible the PPM could have\nnegotiated a power contract with one of the PDOs at index greater\nthan 4, and would be reflected in the request data object's (RDO)\nobject position field. This would result in an out-of-bounds access\nwhen the rdo_index() is used to index into the src_pdos array in\nucsi_psy_get_voltage_now().\n\nWith the help of the UBSAN -fsanitize=array-bounds checker enabled\nthis exact issue is revealed when connecting to a PD source adapter\nthat advertise 5 PDOs and the PPM enters a contract having selected\nthe 5th one.\n\n[ 151.545106][ T70] Unexpected kernel BRK exception at EL1\n[ 151.545112][ T70] Internal error: BRK handler: f2005512 [#1] PREEMPT SMP\n...\n[ 151.545499][ T70] pc : ucsi_psy_get_prop+0x208/0x20c\n[ 151.545507][ T70] lr : power_supply_show_property+0xc0/0x328\n...\n[ 151.545542][ T70] Call trace:\n[ 151.545544][ T70] ucsi_psy_get_prop+0x208/0x20c\n[ 151.545546][ T70] power_supply_uevent+0x1a4/0x2f0\n[ 151.545550][ T70] dev_uevent+0x200/0x384\n[ 151.545555][ T70] kobject_uevent_env+0x1d4/0x7e8\n[ 151.545557][ T70] power_supply_changed_work+0x174/0x31c\n[ 151.545562][ T70] process_one_work+0x244/0x6f0\n[ 151.545564][ T70] worker_thread+0x3e0/0xa64\n\nWe can resolve this by instead retrieving and storing up to the\nmaximum of 7 PDOs in the con->src_pdos array. This would involve\ntwo calls to the GET_PDOS command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46980 was patched at 2024-05-15

8778. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46983) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-rdma: Fix NULL deref when SEND is completed with error\n\nWhen running some traffic and taking down the link on peer, a\nretry counter exceeded error is received. This leads to\nnvmet_rdma_error_comp which tried accessing the cq_context to\nobtain the queue. The cq_context is no longer valid after the\nfix to use shared CQ mechanism and should be obtained similar\nto how it is obtained in other functions from the wc->qp.\n\n[ 905.786331] nvmet_rdma: SEND for CQE 0x00000000e3337f90 failed with status transport retry counter exceeded (12).\n[ 905.832048] BUG: unable to handle kernel NULL pointer dereference at 0000000000000048\n[ 905.839919] PGD 0 P4D 0\n[ 905.842464] Oops: 0000 1 SMP NOPTI\n[ 905.846144] CPU: 13 PID: 1557 Comm: kworker/13:1H Kdump: loaded Tainted: G OE --------- - - 4.18.0-304.el8.x86_64 #1\n[ 905.872135] RIP: 0010:nvmet_rdma_error_comp+0x5/0x1b [nvmet_rdma]\n[ 905.878259] Code: 19 4f c0 e8 89 b3 a5 f6 e9 5b e0 ff ff 0f b7 75 14 4c 89 ea 48 c7 c7 08 1a 4f c0 e8 71 b3 a5 f6 e9 4b e0 ff ff 0f 1f 44 00 00 <48> 8b 47 48 48 85 c0 74 08 48 89 c7 e9 98 bf 49 00 e9 c3 e3 ff ff\n[ 905.897135] RSP: 0018:ffffab601c45fe28 EFLAGS: 00010246\n[ 905.902387] RAX: 0000000000000065 RBX: ffff9e729ea2f800 RCX: 0000000000000000\n[ 905.909558] RDX: 0000000000000000 RSI: ffff9e72df9567c8 RDI: 0000000000000000\n[ 905.916731] RBP: ffff9e729ea2b400 R08: 000000000000074d R09: 0000000000000074\n[ 905.923903] R10: 0000000000000000 R11: ffffab601c45fcc0 R12: 0000000000000010\n[ 905.931074] R13: 0000000000000000 R14: 0000000000000010 R15: ffff9e729ea2f400\n[ 905.938247] FS: 0000000000000000(0000) GS:ffff9e72df940000(0000) knlGS:0000000000000000\n[ 905.938249] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 905.950067] nvmet_rdma: SEND for CQE 0x00000000c7356cca failed with status transport retry counter exceeded (12).\n[ 905.961855] CR2: 0000000000000048 CR3: 000000678d010004 CR4: 00000000007706e0\n[ 905.961855] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 905.961856] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 905.961857] PKRU: 55555554\n[ 906.010315] Call Trace:\n[ 906.012778] __ib_process_cq+0x89/0x170 [ib_core]\n[ 906.017509] ib_cq_poll_work+0x26/0x80 [ib_core]\n[ 906.022152] process_one_work+0x1a7/0x360\n[ 906.026182] ? create_worker+0x1a0/0x1a0\n[ 906.030123] worker_thread+0x30/0x390\n[ 906.033802] ? create_worker+0x1a0/0x1a0\n[ 906.037744] kthread+0x116/0x130\n[ 906.040988] ? kthread_flush_work_fn+0x10/0x10\n[ 906.045456] ret_from_fork+0x1f/0x40', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46983 was patched at 2024-05-15

8779. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46984) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkyber: fix out of bounds access when preempted\n\n__blk_mq_sched_bio_merge() gets the ctx and hctx for the current CPU and\npasses the hctx to ->bio_merge(). kyber_bio_merge() then gets the ctx\nfor the current CPU again and uses that to get the corresponding Kyber\ncontext in the passed hctx. However, the thread may be preempted between\nthe two calls to blk_mq_get_ctx(), and the ctx returned the second time\nmay no longer correspond to the passed hctx. This "works" accidentally\nmost of the time, but it can cause us to read garbage if the second ctx\ncame from an hctx with more ctx's than the first one (i.e., if\nctx->index_hw[hctx->type] > hctx->nr_ctx).\n\nThis manifested as this UBSAN array index out of bounds error reported\nby Jakub:\n\nUBSAN: array-index-out-of-bounds in ../kernel/locking/qspinlock.c:130:9\nindex 13106 is out of range for type 'long unsigned int [128]'\nCall Trace:\n dump_stack+0xa4/0xe5\n ubsan_epilogue+0x5/0x40\n __ubsan_handle_out_of_bounds.cold.13+0x2a/0x34\n queued_spin_lock_slowpath+0x476/0x480\n do_raw_spin_lock+0x1c2/0x1d0\n kyber_bio_merge+0x112/0x180\n blk_mq_submit_bio+0x1f5/0x1100\n submit_bio_noacct+0x7b0/0x870\n submit_bio+0xc2/0x3a0\n btrfs_map_bio+0x4f0/0x9d0\n btrfs_submit_data_bio+0x24e/0x310\n submit_one_bio+0x7f/0xb0\n submit_extent_page+0xc4/0x440\n __extent_writepage_io+0x2b8/0x5e0\n __extent_writepage+0x28d/0x6e0\n extent_write_cache_pages+0x4d7/0x7a0\n extent_writepages+0xa2/0x110\n do_writepages+0x8f/0x180\n __writeback_single_inode+0x99/0x7f0\n writeback_sb_inodes+0x34e/0x790\n __writeback_inodes_wb+0x9e/0x120\n wb_writeback+0x4d2/0x660\n wb_workfn+0x64d/0xa10\n process_one_work+0x53a/0xa80\n worker_thread+0x69/0x5b0\n kthread+0x20b/0x240\n ret_from_fork+0x1f/0x30\n\nOnly Kyber uses the hctx, so fix it by passing the request_queue to\n->bio_merge() instead. BFQ and mq-deadline just use that, and Kyber can\nmap the queues itself to avoid the mismatch.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46984 was patched at 2024-05-15

8780. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46987) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix deadlock when cloning inline extents and using qgroups\n\nThere are a few exceptional cases where cloning an inline extent needs to\ncopy the inline extent data into a page of the destination inode.\n\nWhen this happens, we end up starting a transaction while having a dirty\npage for the destination inode and while having the range locked in the\ndestination's inode iotree too. Because when reserving metadata space\nfor a transaction we may need to flush existing delalloc in case there is\nnot enough free space, we have a mechanism in place to prevent a deadlock,\nwhich was introduced in commit 3d45f221ce627d ("btrfs: fix deadlock when\ncloning inline extent and low on free metadata space").\n\nHowever when using qgroups, a transaction also reserves metadata qgroup\nspace, which can also result in flushing delalloc in case there is not\nenough available space at the moment. When this happens we deadlock, since\nflushing delalloc requires locking the file range in the inode's iotree\nand the range was already locked at the very beginning of the clone\noperation, before attempting to start the transaction.\n\nWhen this issue happens, stack traces like the following are reported:\n\n [72747.556262] task:kworker/u81:9 state:D stack: 0 pid: 225 ppid: 2 flags:0x00004000\n [72747.556268] Workqueue: writeback wb_workfn (flush-btrfs-1142)\n [72747.556271] Call Trace:\n [72747.556273] __schedule+0x296/0x760\n [72747.556277] schedule+0x3c/0xa0\n [72747.556279] io_schedule+0x12/0x40\n [72747.556284] __lock_page+0x13c/0x280\n [72747.556287] ? generic_file_readonly_mmap+0x70/0x70\n [72747.556325] extent_write_cache_pages+0x22a/0x440 [btrfs]\n [72747.556331] ? __set_page_dirty_nobuffers+0xe7/0x160\n [72747.556358] ? set_extent_buffer_dirty+0x5e/0x80 [btrfs]\n [72747.556362] ? update_group_capacity+0x25/0x210\n [72747.556366] ? cpumask_next_and+0x1a/0x20\n [72747.556391] extent_writepages+0x44/0xa0 [btrfs]\n [72747.556394] do_writepages+0x41/0xd0\n [72747.556398] __writeback_single_inode+0x39/0x2a0\n [72747.556403] writeback_sb_inodes+0x1ea/0x440\n [72747.556407] __writeback_inodes_wb+0x5f/0xc0\n [72747.556410] wb_writeback+0x235/0x2b0\n [72747.556414] ? get_nr_inodes+0x35/0x50\n [72747.556417] wb_workfn+0x354/0x490\n [72747.556420] ? newidle_balance+0x2c5/0x3e0\n [72747.556424] process_one_work+0x1aa/0x340\n [72747.556426] worker_thread+0x30/0x390\n [72747.556429] ? create_worker+0x1a0/0x1a0\n [72747.556432] kthread+0x116/0x130\n [72747.556435] ? kthread_park+0x80/0x80\n [72747.556438] ret_from_fork+0x1f/0x30\n\n [72747.566958] Workqueue: btrfs-flush_delalloc btrfs_work_helper [btrfs]\n [72747.566961] Call Trace:\n [72747.566964] __schedule+0x296/0x760\n [72747.566968] ? finish_wait+0x80/0x80\n [72747.566970] schedule+0x3c/0xa0\n [72747.566995] wait_extent_bit.constprop.68+0x13b/0x1c0 [btrfs]\n [72747.566999] ? finish_wait+0x80/0x80\n [72747.567024] lock_extent_bits+0x37/0x90 [btrfs]\n [72747.567047] btrfs_invalidatepage+0x299/0x2c0 [btrfs]\n [72747.567051] ? find_get_pages_range_tag+0x2cd/0x380\n [72747.567076] __extent_writepage+0x203/0x320 [btrfs]\n [72747.567102] extent_write_cache_pages+0x2bb/0x440 [btrfs]\n [72747.567106] ? update_load_avg+0x7e/0x5f0\n [72747.567109] ? enqueue_entity+0xf4/0x6f0\n [72747.567134] extent_writepages+0x44/0xa0 [btrfs]\n [72747.567137] ? enqueue_task_fair+0x93/0x6f0\n [72747.567140] do_writepages+0x41/0xd0\n [72747.567144] __filemap_fdatawrite_range+0xc7/0x100\n [72747.567167] btrfs_run_delalloc_work+0x17/0x40 [btrfs]\n [72747.567195] btrfs_work_helper+0xc2/0x300 [btrfs]\n [72747.567200] process_one_work+0x1aa/0x340\n [72747.567202] worker_thread+0x30/0x390\n [72747.567205] ? create_worker+0x1a0/0x1a0\n [72747.567208] kthread+0x116/0x130\n [72747.567211] ? kthread_park+0x80/0x80\n [72747.567214] ret_from_fork+0x1f/0x30\n\n [72747.569686] task:fsstress state:D stack: \n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46987 was patched at 2024-05-15

8781. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46988) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nuserfaultfd: release page in error path to avoid BUG_ON\n\nConsider the following sequence of events:\n\n1. Userspace issues a UFFD ioctl, which ends up calling into\n shmem_mfill_atomic_pte(). We successfully account the blocks, we\n shmem_alloc_page(), but then the copy_from_user() fails. We return\n -ENOENT. We don't release the page we allocated.\n2. Our caller detects this error code, tries the copy_from_user() after\n dropping the mmap_lock, and retries, calling back into\n shmem_mfill_atomic_pte().\n3. Meanwhile, let's say another process filled up the tmpfs being used.\n4. So shmem_mfill_atomic_pte() fails to account blocks this time, and\n immediately returns - without releasing the page.\n\nThis triggers a BUG_ON in our caller, which asserts that the page\nshould always be consumed, unless -ENOENT is returned.\n\nTo fix this, detect if we have such a "dangling" page when accounting\nfails, and if so, release it before returning.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46988 was patched at 2024-05-15

8782. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46990) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/64s: Fix crashes when toggling entry flush barrier\n\nThe entry flush mitigation can be enabled/disabled at runtime via a\ndebugfs file (entry_flush), which causes the kernel to patch itself to\nenable/disable the relevant mitigations.\n\nHowever depending on which mitigation we're using, it may not be safe to\ndo that patching while other CPUs are active. For example the following\ncrash:\n\n sleeper[15639]: segfault (11) at c000000000004c20 nip c000000000004c20 lr c000000000004c20\n\nShows that we returned to userspace with a corrupted LR that points into\nthe kernel, due to executing the partially patched call to the fallback\nentry flush (ie. we missed the LR restore).\n\nFix it by doing the patching under stop machine. The CPUs that aren't\ndoing the patching will be spinning in the core of the stop machine\nlogic. That is currently sufficient for our purposes, because none of\nthe patching we do is to that code or anywhere in the vicinity.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46990 was patched at 2024-05-15

ubuntu: CVE-2021-46990 was patched at 2024-04-19

8783. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46992) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nftables: avoid overflows in nft_hash_buckets()\n\nNumber of buckets being stored in 32bit variables, we have to\nensure that no overflows occur in nft_hash_buckets()\n\nsyzbot injected a size == 0x40000000 and reported:\n\nUBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13\nshift exponent 64 is too large for 64-bit type 'long unsigned int'\nCPU: 1 PID: 29539 Comm: syz-executor.4 Not tainted 5.12.0-rc7-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x141/0x1d7 lib/dump_stack.c:120\n ubsan_epilogue+0xb/0x5a lib/ubsan.c:148\n __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:327\n __roundup_pow_of_two include/linux/log2.h:57 [inline]\n nft_hash_buckets net/netfilter/nft_set_hash.c:411 [inline]\n nft_hash_estimate.cold+0x19/0x1e net/netfilter/nft_set_hash.c:652\n nft_select_set_ops net/netfilter/nf_tables_api.c:3586 [inline]\n nf_tables_newset+0xe62/0x3110 net/netfilter/nf_tables_api.c:4322\n nfnetlink_rcv_batch+0xa09/0x24b0 net/netfilter/nfnetlink.c:488\n nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:612 [inline]\n nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:630\n netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline]\n netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338\n netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927\n sock_sendmsg_nosec net/socket.c:654 [inline]\n sock_sendmsg+0xcf/0x120 net/socket.c:674\n ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350\n ___sys_sendmsg+0xf3/0x170 net/socket.c:2404\n __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433\n do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46992 was patched at 2024-05-15

8784. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46993) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched: Fix out-of-bound access in uclamp\n\nUtil-clamp places tasks in different buckets based on their clamp values\nfor performance reasons. However, the size of buckets is currently\ncomputed using a rounding division, which can lead to an off-by-one\nerror in some configurations.\n\nFor instance, with 20 buckets, the bucket size will be 1024/20=51. A\ntask with a clamp of 1024 will be mapped to bucket id 1024/51=20. Sadly,\ncorrect indexes are in range [0,19], hence leading to an out of bound\nmemory access.\n\nClamp the bucket id to fix the issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46993 was patched at 2024-05-15

8785. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46994) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncan: mcp251x: fix resume from sleep before interface was brought up\n\nSince 8ce8c0abcba3 the driver queues work via priv->restart_work when\nresuming after suspend, even when the interface was not previously\nenabled. This causes a null dereference error as the workqueue is only\nallocated and initialized in mcp251x_open().\n\nTo fix this we move the workqueue init to mcp251x_can_probe() as there\nis no reason to do it later and repeat it whenever mcp251x_open() is\ncalled.\n\n[mkl: fix error handling in mcp251x_stop()]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46994 was patched at 2024-05-15

8786. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46996) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nftables: Fix a memleak from userdata error path in new objects\n\nRelease object name if userdata allocation fails.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46996 was patched at 2024-05-15

8787. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46997) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: entry: always set GIC_PRIO_PSR_I_SET during entry\n\nZenghui reports that booting a kernel with "irqchip.gicv3_pseudo_nmi=1"\non the command line hits a warning during kernel entry, due to the way\nwe manipulate the PMR.\n\nEarly in the entry sequence, we call lockdep_hardirqs_off() to inform\nlockdep that interrupts have been masked (as the HW sets DAIF wqhen\nentering an exception). Architecturally PMR_EL1 is not affected by\nexception entry, and we don't set GIC_PRIO_PSR_I_SET in the PMR early in\nthe exception entry sequence, so early in exception entry the PMR can\nindicate that interrupts are unmasked even though they are masked by\nDAIF.\n\nIf DEBUG_LOCKDEP is selected, lockdep_hardirqs_off() will check that\ninterrupts are masked, before we set GIC_PRIO_PSR_I_SET in any of the\nexception entry paths, and hence lockdep_hardirqs_off() will WARN() that\nsomething is amiss.\n\nWe can avoid this by consistently setting GIC_PRIO_PSR_I_SET during\nexception entry so that kernel code sees a consistent environment. We\nmust also update local_daif_inherit() to undo this, as currently only\ntouches DAIF. For other paths, local_daif_restore() will update both\nDAIF and the PMR. With this done, we can remove the existing special\ncases which set this later in the entry code.\n\nWe always use (GIC_PRIO_IRQON | GIC_PRIO_PSR_I_SET) for consistency with\nlocal_daif_save(), as this will warn if it ever encounters\n(GIC_PRIO_IRQOFF | GIC_PRIO_PSR_I_SET), and never sets this itself. This\nmatches the gic_prio_kentry_setup that we have to retain for\nret_to_user.\n\nThe original splat from Zenghui's report was:\n\n| DEBUG_LOCKS_WARN_ON(!irqs_disabled())\n| WARNING: CPU: 3 PID: 125 at kernel/locking/lockdep.c:4258 lockdep_hardirqs_off+0xd4/0xe8\n| Modules linked in:\n| CPU: 3 PID: 125 Comm: modprobe Tainted: G W 5.12.0-rc8+ #463\n| Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015\n| pstate: 604003c5 (nZCv DAIF +PAN -UAO -TCO BTYPE=--)\n| pc : lockdep_hardirqs_off+0xd4/0xe8\n| lr : lockdep_hardirqs_off+0xd4/0xe8\n| sp : ffff80002a39bad0\n| pmr_save: 000000e0\n| x29: ffff80002a39bad0 x28: ffff0000de214bc0\n| x27: ffff0000de1c0400 x26: 000000000049b328\n| x25: 0000000000406f30 x24: ffff0000de1c00a0\n| x23: 0000000020400005 x22: ffff8000105f747c\n| x21: 0000000096000044 x20: 0000000000498ef9\n| x19: ffff80002a39bc88 x18: ffffffffffffffff\n| x17: 0000000000000000 x16: ffff800011c61eb0\n| x15: ffff800011700a88 x14: 0720072007200720\n| x13: 0720072007200720 x12: 0720072007200720\n| x11: 0720072007200720 x10: 0720072007200720\n| x9 : ffff80002a39bad0 x8 : ffff80002a39bad0\n| x7 : ffff8000119f0800 x6 : c0000000ffff7fff\n| x5 : ffff8000119f07a8 x4 : 0000000000000001\n| x3 : 9bcdab23f2432800 x2 : ffff800011730538\n| x1 : 9bcdab23f2432800 x0 : 0000000000000000\n| Call trace:\n| lockdep_hardirqs_off+0xd4/0xe8\n| enter_from_kernel_mode.isra.5+0x7c/0xa8\n| el1_abort+0x24/0x100\n| el1_sync_handler+0x80/0xd0\n| el1_sync+0x6c/0x100\n| __arch_clear_user+0xc/0x90\n| load_elf_binary+0x9fc/0x1450\n| bprm_execve+0x404/0x880\n| kernel_execve+0x180/0x188\n| call_usermodehelper_exec_async+0xdc/0x158\n| ret_from_fork+0x10/0x18', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46997 was patched at 2024-05-15

8788. Unknown Vulnerability Type - Linux Kernel (CVE-2021-46998) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nethernet:enic: Fix a use after free bug in enic_hard_start_xmit\n\nIn enic_hard_start_xmit, it calls enic_queue_wq_skb(). Inside\nenic_queue_wq_skb, if some error happens, the skb will be freed\nby dev_kfree_skb(skb). But the freed skb is still used in\nskb_tx_timestamp(skb).\n\nMy patch makes enic_queue_wq_skb() return error and goto spin_unlock()\nincase of error. The solution is provided by Govind.\nSee https://lkml.org/lkml/2021/4/30/961.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46998 was patched at 2024-05-15

8789. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47000) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix inode leak on getattr error in __fh_to_dentry', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47000 was patched at 2024-05-15

8790. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47001) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxprtrdma: Fix cwnd update ordering\n\nAfter a reconnect, the reply handler is opening the cwnd (and thus\nenabling more RPC Calls to be sent) /before/ rpcrdma_post_recvs()\ncan post enough Receive WRs to receive their replies. This causes an\nRNR and the new connection is lost immediately.\n\nThe race is most clearly exposed when KASAN and disconnect injection\nare enabled. This slows down rpcrdma_rep_create() enough to allow\nthe send side to post a bunch of RPC Calls before the Receive\ncompletion handler can invoke ib_post_recv().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47001 was patched at 2024-05-15

8791. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47003) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix potential null dereference on pointer status\n\nThere are calls to idxd_cmd_exec that pass a null status pointer however\na recent commit has added an assignment to *status that can end up\nwith a null pointer dereference. The function expects a null status\npointer sometimes as there is a later assignment to *status where\nstatus is first null checked. Fix the issue by null checking status\nbefore making the assignment.\n\nAddresses-Coverity: ("Explicit null dereferenced")', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47003 was patched at 2024-05-15

8792. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47004) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid touching checkpointed data in get_victim()\n\nIn CP disabling mode, there are two issues when using LFS or SSR | AT_SSR\nmode to select victim:\n\n1. LFS is set to find source section during GC, the victim should have\nno checkpointed data, since after GC, section could not be set free for\nreuse.\n\nPreviously, we only check valid chpt blocks in current segment rather\nthan section, fix it.\n\n2. SSR | AT_SSR are set to find target segment for writes which can be\nfully filled by checkpointed and newly written blocks, we should never\nselect such segment, otherwise it can cause panic or data corruption\nduring allocation, potential case is described as below:\n\n a) target segment has 'n' (n < 512) ckpt valid blocks\n b) GC migrates 'n' valid blocks to other segment (segment is still\n in dirty list)\n c) GC migrates '512 - n' blocks to target segment (segment has 'n'\n cp_vblocks and '512 - n' vblocks)\n d) If GC selects target segment via {AT,}SSR allocator, however there\n is no free space in targe segment.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47004 was patched at 2024-05-15

8793. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47005) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: Fix NULL pointer dereference for ->get_features()\n\nget_features ops of pci_epc_ops may return NULL, causing NULL pointer\ndereference in pci_epf_test_alloc_space function. Let us add a check for\npci_epc_feature pointer in pci_epf_test_bind before we access it to avoid\nany such NULL pointer dereference and return -ENOTSUPP in case\npci_epc_feature is not found.\n\nWhen the patch is not applied and EPC features is not implemented in the\nplatform driver, we see the following dump due to kernel NULL pointer\ndereference.\n\nCall trace:\n pci_epf_test_bind+0xf4/0x388\n pci_epf_bind+0x3c/0x80\n pci_epc_epf_link+0xa8/0xcc\n configfs_symlink+0x1a4/0x48c\n vfs_symlink+0x104/0x184\n do_symlinkat+0x80/0xd4\n __arm64_sys_symlinkat+0x1c/0x24\n el0_svc_common.constprop.3+0xb8/0x170\n el0_svc_handler+0x70/0x88\n el0_svc+0x8/0x640\nCode: d2800581 b9403ab9 f9404ebb 8b394f60 (f9400400)\n---[ end trace a438e3c5a24f9df0 ]---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47005 was patched at 2024-05-15

8794. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47006) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nARM: 9064/1: hw_breakpoint: Do not directly check the event's overflow_handler hook\n\nThe commit 1879445dfa7b ("perf/core: Set event's default\n::overflow_handler()") set a default event->overflow_handler in\nperf_event_alloc(), and replace the check event->overflow_handler with\nis_default_overflow_handler(), but one is missing.\n\nCurrently, the bp->overflow_handler can not be NULL. As a result,\nenable_single_step() is always not invoked.\n\nComments from Zhen Lei:\n\n https://patchwork.kernel.org/project/linux-arm-kernel/patch/20210207105934.2001-1-thunder.leizhen@huawei.com/', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47006 was patched at 2024-05-15

8795. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47007) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix panic during f2fs_resize_fs()\n\nf2fs_resize_fs() hangs in below callstack with testcase:\n- mkfs 16GB image & mount image\n- dd 8GB fileA\n- dd 8GB fileB\n- sync\n- rm fileA\n- sync\n- resize filesystem to 8GB\n\nkernel BUG at segment.c:2484!\nCall Trace:\n allocate_segment_by_default+0x92/0xf0 [f2fs]\n f2fs_allocate_data_block+0x44b/0x7e0 [f2fs]\n do_write_page+0x5a/0x110 [f2fs]\n f2fs_outplace_write_data+0x55/0x100 [f2fs]\n f2fs_do_write_data_page+0x392/0x850 [f2fs]\n move_data_page+0x233/0x320 [f2fs]\n do_garbage_collect+0x14d9/0x1660 [f2fs]\n free_segment_range+0x1f7/0x310 [f2fs]\n f2fs_resize_fs+0x118/0x330 [f2fs]\n __f2fs_ioctl+0x487/0x3680 [f2fs]\n __x64_sys_ioctl+0x8e/0xd0\n do_syscall_64+0x33/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nThe root cause is we forgot to check that whether we have enough space\nin resized filesystem to store all valid blocks in before-resizing\nfilesystem, then allocator will run out-of-space during block migration\nin free_segment_range().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47007 was patched at 2024-05-15

8796. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47010) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: Only allow init netns to set default tcp cong to a restricted algo\n\ntcp_set_default_congestion_control() is netns-safe in that it writes\nto &net->ipv4.tcp_congestion_control, but it also sets\nca->flags |= TCP_CONG_NON_RESTRICTED which is not namespaced.\nThis has the unintended side-effect of changing the global\nnet.ipv4.tcp_allowed_congestion_control sysctl, despite the fact that it\nis read-only: 97684f0970f6 ("net: Make tcp_allowed_congestion_control\nreadonly in non-init netns")\n\nResolve this netns "leak" by only allowing the init netns to set the\ndefault algorithm to one that is restricted. This restriction could be\nremoved if tcp_allowed_congestion_control were namespace-ified in the\nfuture.\n\nThis bug was uncovered with\nhttps://github.com/JonathonReinhart/linux-netns-sysctl-verify', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47010 was patched at 2024-05-15

8797. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47011) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: memcontrol: slab: fix obtain a reference to a freeing memcg\n\nPatch series "Use obj_cgroup APIs to charge kmem pages", v5.\n\nSince Roman's series "The new cgroup slab memory controller" applied.\nAll slab objects are charged with the new APIs of obj_cgroup. The new\nAPIs introduce a struct obj_cgroup to charge slab objects. It prevents\nlong-living objects from pinning the original memory cgroup in the\nmemory. But there are still some corner objects (e.g. allocations\nlarger than order-1 page on SLUB) which are not charged with the new\nAPIs. Those objects (include the pages which are allocated from buddy\nallocator directly) are charged as kmem pages which still hold a\nreference to the memory cgroup.\n\nE.g. We know that the kernel stack is charged as kmem pages because the\nsize of the kernel stack can be greater than 2 pages (e.g. 16KB on\nx86_64 or arm64). If we create a thread (suppose the thread stack is\ncharged to memory cgroup A) and then move it from memory cgroup A to\nmemory cgroup B. Because the kernel stack of the thread hold a\nreference to the memory cgroup A. The thread can pin the memory cgroup\nA in the memory even if we remove the cgroup A. If we want to see this\nscenario by using the following script. We can see that the system has\nadded 500 dying cgroups (This is not a real world issue, just a script\nto show that the large kmallocs are charged as kmem pages which can pin\nthe memory cgroup in the memory).\n\n\t#!/bin/bash\n\n\tcat /proc/cgroups | grep memory\n\n\tcd /sys/fs/cgroup/memory\n\techo 1 > memory.move_charge_at_immigrate\n\n\tfor i in range{1..500}\n\tdo\n\t\tmkdir kmem_test\n\t\techo $$ > kmem_test/cgroup.procs\n\t\tsleep 3600 &\n\t\techo $$ > cgroup.procs\n\t\techo `cat kmem_test/cgroup.procs` > cgroup.procs\n\t\trmdir kmem_test\n\tdone\n\n\tcat /proc/cgroups | grep memory\n\nThis patchset aims to make those kmem pages to drop the reference to\nmemory cgroup by using the APIs of obj_cgroup. Finally, we can see that\nthe number of the dying cgroups will not increase if we run the above test\nscript.\n\nThis patch (of 7):\n\nThe rcu_read_lock/unlock only can guarantee that the memcg will not be\nfreed, but it cannot guarantee the success of css_get (which is in the\nrefill_stock when cached memcg changed) to memcg.\n\n rcu_read_lock()\n memcg = obj_cgroup_memcg(old)\n __memcg_kmem_uncharge(memcg)\n refill_stock(memcg)\n if (stock->cached != memcg)\n // css_get can change the ref counter from 0 back to 1.\n css_get(&memcg->css)\n rcu_read_unlock()\n\nThis fix is very like the commit:\n\n eefbfa7fd678 ("mm: memcg/slab: fix use after free in obj_cgroup_charge")\n\nFix this by holding a reference to the memcg which is passed to the\n__memcg_kmem_uncharge() before calling __memcg_kmem_uncharge().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47011 was patched at 2024-05-15

8798. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47012) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix a use after free in siw_alloc_mr\n\nOur code analyzer reported a UAF.\n\nIn siw_alloc_mr(), it calls siw_mr_add_mem(mr,..). In the implementation of\nsiw_mr_add_mem(), mem is assigned to mr->mem and then mem is freed via\nkfree(mem) if xa_alloc_cyclic() failed. Here, mr->mem still point to a\nfreed object. After, the execution continue up to the err_out branch of\nsiw_alloc_mr, and the freed mr->mem is used in siw_mr_drop_mem(mr).\n\nMy patch moves "mr->mem = mem" behind the if (xa_alloc_cyclic(..)<0) {}\nsection, to avoid the uaf.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47012 was patched at 2024-05-15

8799. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47013) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send\n\nIn emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..).\nIf some error happens in emac_tx_fill_tpd(), the skb will be freed via\ndev_kfree_skb(skb) in error branch of emac_tx_fill_tpd().\nBut the freed skb is still used via skb->len by netdev_sent_queue(,skb->len).\n\nAs i observed that emac_tx_fill_tpd() haven't modified the value of skb->len,\nthus my patch assigns skb->len to 'len' before the possible free and\nuse 'len' instead of skb->len later.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2021-47013 was patched at 2024-06-05

debian: CVE-2021-47013 was patched at 2024-05-15

oraclelinux: CVE-2021-47013 was patched at 2024-06-05

redhat: CVE-2021-47013 was patched at 2024-05-29, 2024-06-05, 2024-06-11

8800. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47014) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_ct: fix wild memory access when clearing fragments\n\nwhile testing re-assembly/re-fragmentation using act_ct, it's possible to\nobserve a crash like the following one:\n\n KASAN: maybe wild-memory-access in range [0x0001000000000448-0x000100000000044f]\n CPU: 50 PID: 0 Comm: swapper/50 Tainted: G S 5.12.0-rc7+ #424\n Hardware name: Dell Inc. PowerEdge R730/072T6D, BIOS 2.4.3 01/17/2017\n RIP: 0010:inet_frag_rbtree_purge+0x50/0xc0\n Code: 00 fc ff df 48 89 c3 31 ed 48 89 df e8 a9 7a 38 ff 4c 89 fe 48 89 df 49 89 c6 e8 5b 3a 38 ff 48 8d 7b 40 48 89 f8 48 c1 e8 03 <42> 80 3c 20 00 75 59 48 8d bb d0 00 00 00 4c 8b 6b 40 48 89 f8 48\n RSP: 0018:ffff888c31449db8 EFLAGS: 00010203\n RAX: 0000200000000089 RBX: 000100000000040e RCX: ffffffff989eb960\n RDX: 0000000000000140 RSI: ffffffff97cfb977 RDI: 000100000000044e\n RBP: 0000000000000900 R08: 0000000000000000 R09: ffffed1186289350\n R10: 0000000000000003 R11: ffffed1186289350 R12: dffffc0000000000\n R13: 000100000000040e R14: 0000000000000000 R15: ffff888155e02160\n FS: 0000000000000000(0000) GS:ffff888c31440000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00005600cb70a5b8 CR3: 0000000a2c014005 CR4: 00000000003706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n <IRQ>\n inet_frag_destroy+0xa9/0x150\n call_timer_fn+0x2d/0x180\n run_timer_softirq+0x4fe/0xe70\n __do_softirq+0x197/0x5a0\n irq_exit_rcu+0x1de/0x200\n sysvec_apic_timer_interrupt+0x6b/0x80\n </IRQ>\n\nwhen act_ct temporarily stores an IP fragment, restoring the skb qdisc cb\nresults in putting random data in FRAG_CB(), and this causes those "wild"\nmemory accesses later, when the rbtree is purged. Never overwrite the skb\ncb in case tcf_ct_handle_fragments() returns -EINPROGRESS.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47014 was patched at 2024-05-15

8801. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47015) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_en: Fix RX consumer index logic in the error path.\n\nIn bnxt_rx_pkt(), the RX buffers are expected to complete in order.\nIf the RX consumer index indicates an out of order buffer completion,\nit means we are hitting a hardware bug and the driver will abort all\nremaining RX packets and reset the RX ring. The RX consumer index\nthat we pass to bnxt_discard_rx() is not correct. We should be\npassing the current index (tmp_raw_cons) instead of the old index\n(raw_cons). This bug can cause us to be at the wrong index when\ntrying to abort the next RX packet. It can crash like this:\n\n #0 [ffff9bbcdf5c39a8] machine_kexec at ffffffff9b05e007\n #1 [ffff9bbcdf5c3a00] __crash_kexec at ffffffff9b111232\n #2 [ffff9bbcdf5c3ad0] panic at ffffffff9b07d61e\n #3 [ffff9bbcdf5c3b50] oops_end at ffffffff9b030978\n #4 [ffff9bbcdf5c3b78] no_context at ffffffff9b06aaf0\n #5 [ffff9bbcdf5c3bd8] __bad_area_nosemaphore at ffffffff9b06ae2e\n #6 [ffff9bbcdf5c3c28] bad_area_nosemaphore at ffffffff9b06af24\n #7 [ffff9bbcdf5c3c38] __do_page_fault at ffffffff9b06b67e\n #8 [ffff9bbcdf5c3cb0] do_page_fault at ffffffff9b06bb12\n #9 [ffff9bbcdf5c3ce0] page_fault at ffffffff9bc015c5\n [exception RIP: bnxt_rx_pkt+237]\n RIP: ffffffffc0259cdd RSP: ffff9bbcdf5c3d98 RFLAGS: 00010213\n RAX: 000000005dd8097f RBX: ffff9ba4cb11b7e0 RCX: ffffa923cf6e9000\n RDX: 0000000000000fff RSI: 0000000000000627 RDI: 0000000000001000\n RBP: ffff9bbcdf5c3e60 R8: 0000000000420003 R9: 000000000000020d\n R10: ffffa923cf6ec138 R11: ffff9bbcdf5c3e83 R12: ffff9ba4d6f928c0\n R13: ffff9ba4cac28080 R14: ffff9ba4cb11b7f0 R15: ffff9ba4d5a30000\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47015 was patched at 2024-05-15

8802. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47016) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nm68k: mvme147,mvme16x: Don't wipe PCC timer config bits\n\nDon't clear the timer 1 configuration bits when clearing the interrupt flag\nand counter overflow. As Michael reported, "This results in no timer\ninterrupts being delivered after the first. Initialization then hangs\nin calibrate_delay as the jiffies counter is not updated."\n\nOn mvme16x, enable the timer after requesting the irq, consistent with\nmvme147.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47016 was patched at 2024-05-15

8803. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47017) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nath10k: Fix a use after free in ath10k_htc_send_bundle\n\nIn ath10k_htc_send_bundle, the bundle_skb could be freed by\ndev_kfree_skb_any(bundle_skb). But the bundle_skb is used later\nby bundle_skb->len.\n\nAs skb_len = bundle_skb->len, my patch replaces bundle_skb->len to\nskb_len after the bundle_skb was freed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47017 was patched at 2024-05-15

8804. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47018) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/64: Fix the definition of the fixmap area\n\nAt the time being, the fixmap area is defined at the top of\nthe address space or just below KASAN.\n\nThis definition is not valid for PPC64.\n\nFor PPC64, use the top of the I/O space.\n\nBecause of circular dependencies, it is not possible to include\nasm/fixmap.h in asm/book3s/64/pgtable.h , so define a fixed size\nAREA at the top of the I/O space for fixmap and ensure during\nbuild that the size is big enough.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47018 was patched at 2024-05-15

8805. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47022) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7615: fix memleak when mt7615_unregister_device()\n\nmt7615_tx_token_put() should get call before mt76_free_pending_txwi().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47022 was patched at 2024-05-15

8806. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47023) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: marvell: prestera: fix port event handling on init\n\nFor some reason there might be a crash during ports creation if port\nevents are handling at the same time because fw may send initial\nport event with down state.\n\nThe crash points to cancel_delayed_work() which is called when port went\nis down. Currently I did not find out the real cause of the issue, so\nfixed it by cancel port stats work only if previous port's state was up\n& runnig.\n\nThe following is the crash which can be triggered:\n\n[ 28.311104] Unable to handle kernel paging request at virtual address\n000071775f776600\n[ 28.319097] Mem abort info:\n[ 28.321914] ESR = 0x96000004\n[ 28.324996] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 28.330350] SET = 0, FnV = 0\n[ 28.333430] EA = 0, S1PTW = 0\n[ 28.336597] Data abort info:\n[ 28.339499] ISV = 0, ISS = 0x00000004\n[ 28.343362] CM = 0, WnR = 0\n[ 28.346354] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000100bf7000\n[ 28.352842] [000071775f776600] pgd=0000000000000000,\np4d=0000000000000000\n[ 28.359695] Internal error: Oops: 96000004 [#1] PREEMPT SMP\n[ 28.365310] Modules linked in: prestera_pci(+) prestera\nuio_pdrv_genirq\n[ 28.372005] CPU: 0 PID: 1291 Comm: kworker/0:1H Not tainted\n5.11.0-rc4 #1\n[ 28.378846] Hardware name: DNI AmazonGo1 A7040 board (DT)\n[ 28.384283] Workqueue: prestera_fw_wq prestera_fw_evt_work_fn\n[prestera_pci]\n[ 28.391413] pstate: 60000085 (nZCv daIf -PAN -UAO -TCO BTYPE=--)\n[ 28.397468] pc : get_work_pool+0x48/0x60\n[ 28.401442] lr : try_to_grab_pending+0x6c/0x1b0\n[ 28.406018] sp : ffff80001391bc60\n[ 28.409358] x29: ffff80001391bc60 x28: 0000000000000000\n[ 28.414725] x27: ffff000104fc8b40 x26: ffff80001127de88\n[ 28.420089] x25: 0000000000000000 x24: ffff000106119760\n[ 28.425452] x23: ffff00010775dd60 x22: ffff00010567e000\n[ 28.430814] x21: 0000000000000000 x20: ffff80001391bcb0\n[ 28.436175] x19: ffff00010775deb8 x18: 00000000000000c0\n[ 28.441537] x17: 0000000000000000 x16: 000000008d9b0e88\n[ 28.446898] x15: 0000000000000001 x14: 00000000000002ba\n[ 28.452261] x13: 80a3002c00000002 x12: 00000000000005f4\n[ 28.457622] x11: 0000000000000030 x10: 000000000000000c\n[ 28.462985] x9 : 000000000000000c x8 : 0000000000000030\n[ 28.468346] x7 : ffff800014400000 x6 : ffff000106119758\n[ 28.473708] x5 : 0000000000000003 x4 : ffff00010775dc60\n[ 28.479068] x3 : 0000000000000000 x2 : 0000000000000060\n[ 28.484429] x1 : 000071775f776600 x0 : ffff00010775deb8\n[ 28.489791] Call trace:\n[ 28.492259] get_work_pool+0x48/0x60\n[ 28.495874] cancel_delayed_work+0x38/0xb0\n[ 28.500011] prestera_port_handle_event+0x90/0xa0 [prestera]\n[ 28.505743] prestera_evt_recv+0x98/0xe0 [prestera]\n[ 28.510683] prestera_fw_evt_work_fn+0x180/0x228 [prestera_pci]\n[ 28.516660] process_one_work+0x1e8/0x360\n[ 28.520710] worker_thread+0x44/0x480\n[ 28.524412] kthread+0x154/0x160\n[ 28.527670] ret_from_fork+0x10/0x38\n[ 28.531290] Code: a8c17bfd d50323bf d65f03c0 9278dc21 (f9400020)\n[ 28.537429] ---[ end trace 5eced933df3a080b ]---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47023 was patched at 2024-05-15

8807. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47028) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7915: fix txrate reporting\n\nProperly check rate_info to fix unexpected reporting.\n\n[ 1215.161863] Call trace:\n[ 1215.164307] cfg80211_calculate_bitrate+0x124/0x200 [cfg80211]\n[ 1215.170139] ieee80211s_update_metric+0x80/0xc0 [mac80211]\n[ 1215.175624] ieee80211_tx_status_ext+0x508/0x838 [mac80211]\n[ 1215.181190] mt7915_mcu_get_rx_rate+0x28c/0x8d0 [mt7915e]\n[ 1215.186580] mt7915_mac_tx_free+0x324/0x7c0 [mt7915e]\n[ 1215.191623] mt7915_queue_rx_skb+0xa8/0xd0 [mt7915e]\n[ 1215.196582] mt76_dma_cleanup+0x7b0/0x11d0 [mt76]\n[ 1215.201276] __napi_poll+0x38/0xf8\n[ 1215.204668] napi_workfn+0x40/0x80\n[ 1215.208062] process_one_work+0x1fc/0x390\n[ 1215.212062] worker_thread+0x48/0x4d0\n[ 1215.215715] kthread+0x120/0x128\n[ 1215.218935] ret_from_fork+0x10/0x1c', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47028 was patched at 2024-05-15

8808. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47032) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7915: fix tx skb dma unmap\n\nThe first pointer in the txp needs to be unmapped as well, otherwise it will\nleak DMA mapping entries', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47032 was patched at 2024-05-15

8809. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47033) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7615: fix tx skb dma unmap\n\nThe first pointer in the txp needs to be unmapped as well, otherwise it will\nleak DMA mapping entries', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47033 was patched at 2024-05-15

8810. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47034) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/64s: Fix pte update for kernel memory on radix\n\nWhen adding a PTE a ptesync is needed to order the update of the PTE\nwith subsequent accesses otherwise a spurious fault may be raised.\n\nradix__set_pte_at() does not do this for performance gains. For\nnon-kernel memory this is not an issue as any faults of this kind are\ncorrected by the page fault handler. For kernel memory these faults\nare not handled. The current solution is that there is a ptesync in\nflush_cache_vmap() which should be called when mapping from the\nvmalloc region.\n\nHowever, map_kernel_page() does not call flush_cache_vmap(). This is\ntroublesome in particular for code patching with Strict RWX on radix.\nIn do_patch_instruction() the page frame that contains the instruction\nto be patched is mapped and then immediately patched. With no ordering\nor synchronization between setting up the PTE and writing to the page\nit is possible for faults.\n\nAs the code patching is done using __put_user_asm_goto() the resulting\nfault is obscured - but using a normal store instead it can be seen:\n\n BUG: Unable to handle kernel data access on write at 0xc008000008f24a3c\n Faulting instruction address: 0xc00000000008bd74\n Oops: Kernel access of bad area, sig: 11 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA PowerNV\n Modules linked in: nop_module(PO+) [last unloaded: nop_module]\n CPU: 4 PID: 757 Comm: sh Tainted: P O 5.10.0-rc5-01361-ge3c1b78c8440-dirty #43\n NIP: c00000000008bd74 LR: c00000000008bd50 CTR: c000000000025810\n REGS: c000000016f634a0 TRAP: 0300 Tainted: P O (5.10.0-rc5-01361-ge3c1b78c8440-dirty)\n MSR: 9000000000009033 <SF,HV,EE,ME,IR,DR,RI,LE> CR: 44002884 XER: 00000000\n CFAR: c00000000007c68c DAR: c008000008f24a3c DSISR: 42000000 IRQMASK: 1\n\nThis results in the kind of issue reported here:\n https://lore.kernel.org/linuxppc-dev/15AC5B0E-A221-4B8C-9039-FA96B8EF7C88@lca.pw/\n\nChris Riedl suggested a reliable way to reproduce the issue:\n $ mount -t debugfs none /sys/kernel/debug\n $ (while true; do echo function > /sys/kernel/debug/tracing/current_tracer ; echo nop > /sys/kernel/debug/tracing/current_tracer ; done) &\n\nTurning ftrace on and off does a large amount of code patching which\nin usually less then 5min will crash giving a trace like:\n\n ftrace-powerpc: (____ptrval____): replaced (4b473b11) != old (60000000)\n ------------[ ftrace bug ]------------\n ftrace failed to modify\n [<c000000000bf8e5c>] napi_busy_loop+0xc/0x390\n actual: 11:3b:47:4b\n Setting ftrace call site to call ftrace function\n ftrace record flags: 80000001\n (1)\n expected tramp: c00000000006c96c\n ------------[ cut here ]------------\n WARNING: CPU: 4 PID: 809 at kernel/trace/ftrace.c:2065 ftrace_bug+0x28c/0x2e8\n Modules linked in: nop_module(PO-) [last unloaded: nop_module]\n CPU: 4 PID: 809 Comm: sh Tainted: P O 5.10.0-rc5-01360-gf878ccaf250a #1\n NIP: c00000000024f334 LR: c00000000024f330 CTR: c0000000001a5af0\n REGS: c000000004c8b760 TRAP: 0700 Tainted: P O (5.10.0-rc5-01360-gf878ccaf250a)\n MSR: 900000000282b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 28008848 XER: 20040000\n CFAR: c0000000001a9c98 IRQMASK: 0\n GPR00: c00000000024f330 c000000004c8b9f0 c000000002770600 0000000000000022\n GPR04: 00000000ffff7fff c000000004c8b6d0 0000000000000027 c0000007fe9bcdd8\n GPR08: 0000000000000023 ffffffffffffffd8 0000000000000027 c000000002613118\n GPR12: 0000000000008000 c0000007fffdca00 0000000000000000 0000000000000000\n GPR16: 0000000023ec37c5 0000000000000000 0000000000000000 0000000000000008\n GPR20: c000000004c8bc90 c0000000027a2d20 c000000004c8bcd0 c000000002612fe8\n GPR24: 0000000000000038 0000000000000030 0000000000000028 0000000000000020\n GPR28: c000000000ff1b68 c000000000bf8e5c c00000000312f700 c000000000fbb9b0\n NIP ftrace_bug+0x28c/0x2e8\n LR ftrace_bug+0x288/0x2e8\n Call T\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47034 was patched at 2024-05-15

8811. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47035) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Remove WO permissions on second-level paging entries\n\nWhen the first level page table is used for IOVA translation, it only\nsupports Read-Only and Read-Write permissions. The Write-Only permission\nis not supported as the PRESENT bit (implying Read permission) should\nalways set. When using second level, we still give separate permissions\nthat allows WriteOnly which seems inconsistent and awkward. We want to\nhave consistent behavior. After moving to 1st level, we don't want things\nto work sometimes, and break if we use 2nd level for the same mappings.\nHence remove this configuration.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47035 was patched at 2024-05-15

8812. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47036) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nudp: skip L4 aggregation for UDP tunnel packets\n\nIf NETIF_F_GRO_FRAGLIST or NETIF_F_GRO_UDP_FWD are enabled, and there\nare UDP tunnels available in the system, udp_gro_receive() could end-up\ndoing L4 aggregation (either SKB_GSO_UDP_L4 or SKB_GSO_FRAGLIST) at\nthe outer UDP tunnel level for packets effectively carrying and UDP\ntunnel header.\n\nThat could cause inner protocol corruption. If e.g. the relevant\npackets carry a vxlan header, different vxlan ids will be ignored/\naggregated to the same GSO packet. Inner headers will be ignored, too,\nso that e.g. TCP over vxlan push packets will be held in the GRO\nengine till the next flush, etc.\n\nJust skip the SKB_GSO_UDP_L4 and SKB_GSO_FRAGLIST code path if the\ncurrent packet could land in a UDP tunnel, and let udp_gro_receive()\ndo GRO via udp_sk(sk)->gro_receive.\n\nThe check implemented in this patch is broader than what is strictly\nneeded, as the existing UDP tunnel could be e.g. configured on top of\na different device: we could end-up skipping GRO at-all for some packets.\n\nAnyhow, that is a very thin corner case and covering it will add quite\na bit of complexity.\n\nv1 -> v2:\n - hopefully clarify the commit message', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47036 was patched at 2024-05-15

8813. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47037) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: q6afe-clocks: fix reprobing of the driver\n\nQ6afe-clocks driver can get reprobed. For example if the APR services\nare restarted after the firmware crash. However currently Q6afe-clocks\ndriver will oops because hw.init will get cleared during first _probe\ncall. Rewrite the driver to fill the clock data at runtime rather than\nusing big static array of clocks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47037 was patched at 2024-05-15

8814. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47038) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: avoid deadlock between hci_dev->lock and socket lock\n\nCommit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added a\ndependency between socket lock and hci_dev->lock that could lead to\ndeadlock.\n\nIt turns out that hci_conn_get_phy() is not in any way relying on hdev\nbeing immutable during the runtime of this function, neither does it even\nlook at any of the members of hdev, and as such there is no need to hold\nthat lock.\n\nThis fixes the lockdep splat below:\n\n ======================================================\n WARNING: possible circular locking dependency detected\n 5.12.0-rc1-00026-g73d464503354 #10 Not tainted\n ------------------------------------------------------\n bluetoothd/1118 is trying to acquire lock:\n ffff8f078383c078 (&hdev->lock){+.+.}-{3:3}, at: hci_conn_get_phy+0x1c/0x150 [bluetooth]\n\n but task is already holding lock:\n ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -> #3 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}:\n lock_sock_nested+0x72/0xa0\n l2cap_sock_ready_cb+0x18/0x70 [bluetooth]\n l2cap_config_rsp+0x27a/0x520 [bluetooth]\n l2cap_sig_channel+0x658/0x1330 [bluetooth]\n l2cap_recv_frame+0x1ba/0x310 [bluetooth]\n hci_rx_work+0x1cc/0x640 [bluetooth]\n process_one_work+0x244/0x5f0\n worker_thread+0x3c/0x380\n kthread+0x13e/0x160\n ret_from_fork+0x22/0x30\n\n -> #2 (&chan->lock#2/1){+.+.}-{3:3}:\n __mutex_lock+0xa3/0xa10\n l2cap_chan_connect+0x33a/0x940 [bluetooth]\n l2cap_sock_connect+0x141/0x2a0 [bluetooth]\n __sys_connect+0x9b/0xc0\n __x64_sys_connect+0x16/0x20\n do_syscall_64+0x33/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n -> #1 (&conn->chan_lock){+.+.}-{3:3}:\n __mutex_lock+0xa3/0xa10\n l2cap_chan_connect+0x322/0x940 [bluetooth]\n l2cap_sock_connect+0x141/0x2a0 [bluetooth]\n __sys_connect+0x9b/0xc0\n __x64_sys_connect+0x16/0x20\n do_syscall_64+0x33/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n -> #0 (&hdev->lock){+.+.}-{3:3}:\n __lock_acquire+0x147a/0x1a50\n lock_acquire+0x277/0x3d0\n __mutex_lock+0xa3/0xa10\n hci_conn_get_phy+0x1c/0x150 [bluetooth]\n l2cap_sock_getsockopt+0x5a9/0x610 [bluetooth]\n __sys_getsockopt+0xcc/0x200\n __x64_sys_getsockopt+0x20/0x30\n do_syscall_64+0x33/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n other info that might help us debug this:\n\n Chain exists of:\n &hdev->lock --> &chan->lock#2/1 --> sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);\n lock(&chan->lock#2/1);\n lock(sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP);\n lock(&hdev->lock);\n\n *** DEADLOCK ***\n\n 1 lock held by bluetoothd/1118:\n #0: ffff8f07e831d920 (sk_lock-AF_BLUETOOTH-BTPROTO_L2CAP){+.+.}-{0:0}, at: l2cap_sock_getsockopt+0x8b/0x610 [bluetooth]\n\n stack backtrace:\n CPU: 3 PID: 1118 Comm: bluetoothd Not tainted 5.12.0-rc1-00026-g73d464503354 #10\n Hardware name: LENOVO 20K5S22R00/20K5S22R00, BIOS R0IET38W (1.16 ) 05/31/2017\n Call Trace:\n dump_stack+0x7f/0xa1\n check_noncircular+0x105/0x120\n ? __lock_acquire+0x147a/0x1a50\n __lock_acquire+0x147a/0x1a50\n lock_acquire+0x277/0x3d0\n ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n ? __lock_acquire+0x2e1/0x1a50\n ? lock_is_held_type+0xb4/0x120\n ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n __mutex_lock+0xa3/0xa10\n ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n ? lock_acquire+0x277/0x3d0\n ? mark_held_locks+0x49/0x70\n ? mark_held_locks+0x49/0x70\n ? hci_conn_get_phy+0x1c/0x150 [bluetooth]\n hci_conn_get_phy+0x\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47038 was patched at 2024-05-15

8815. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47041) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-tcp: fix incorrect locking in state_change sk callback\n\nWe are not changing anything in the TCP connection state so\nwe should not take a write_lock but rather a read lock.\n\nThis caused a deadlock when running nvmet-tcp and nvme-tcp\non the same system, where state_change callbacks on the\nhost and on the controller side have causal relationship\nand made lockdep report on this with blktests:\n\n================================\nWARNING: inconsistent lock state\n5.12.0-rc3 #1 Tainted: G I\n--------------------------------\ninconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-R} usage.\nnvme/1324 [HC0[0]:SC0[0]:HE1:SE1] takes:\nffff888363151000 (clock-AF_INET){++-?}-{2:2}, at: nvme_tcp_state_change+0x21/0x150 [nvme_tcp]\n{IN-SOFTIRQ-W} state was registered at:\n __lock_acquire+0x79b/0x18d0\n lock_acquire+0x1ca/0x480\n _raw_write_lock_bh+0x39/0x80\n nvmet_tcp_state_change+0x21/0x170 [nvmet_tcp]\n tcp_fin+0x2a8/0x780\n tcp_data_queue+0xf94/0x1f20\n tcp_rcv_established+0x6ba/0x1f00\n tcp_v4_do_rcv+0x502/0x760\n tcp_v4_rcv+0x257e/0x3430\n ip_protocol_deliver_rcu+0x69/0x6a0\n ip_local_deliver_finish+0x1e2/0x2f0\n ip_local_deliver+0x1a2/0x420\n ip_rcv+0x4fb/0x6b0\n __netif_receive_skb_one_core+0x162/0x1b0\n process_backlog+0x1ff/0x770\n __napi_poll.constprop.0+0xa9/0x5c0\n net_rx_action+0x7b3/0xb30\n __do_softirq+0x1f0/0x940\n do_softirq+0xa1/0xd0\n __local_bh_enable_ip+0xd8/0x100\n ip_finish_output2+0x6b7/0x18a0\n __ip_queue_xmit+0x706/0x1aa0\n __tcp_transmit_skb+0x2068/0x2e20\n tcp_write_xmit+0xc9e/0x2bb0\n __tcp_push_pending_frames+0x92/0x310\n inet_shutdown+0x158/0x300\n __nvme_tcp_stop_queue+0x36/0x270 [nvme_tcp]\n nvme_tcp_stop_queue+0x87/0xb0 [nvme_tcp]\n nvme_tcp_teardown_admin_queue+0x69/0xe0 [nvme_tcp]\n nvme_do_delete_ctrl+0x100/0x10c [nvme_core]\n nvme_sysfs_delete.cold+0x8/0xd [nvme_core]\n kernfs_fop_write_iter+0x2c7/0x460\n new_sync_write+0x36c/0x610\n vfs_write+0x5c0/0x870\n ksys_write+0xf9/0x1d0\n do_syscall_64+0x33/0x40\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nirq event stamp: 10687\nhardirqs last enabled at (10687): [<ffffffff9ec376bd>] _raw_spin_unlock_irqrestore+0x2d/0x40\nhardirqs last disabled at (10686): [<ffffffff9ec374d8>] _raw_spin_lock_irqsave+0x68/0x90\nsoftirqs last enabled at (10684): [<ffffffff9f000608>] __do_softirq+0x608/0x940\nsoftirqs last disabled at (10649): [<ffffffff9cdedd31>] do_softirq+0xa1/0xd0\n\nother info that might help us debug this:\n Possible unsafe locking scenario:\n\n CPU0\n ----\n lock(clock-AF_INET);\n <Interrupt>\n lock(clock-AF_INET);\n\n *** DEADLOCK ***\n\n5 locks held by nvme/1324:\n #0: ffff8884a01fe470 (sb_writers#4){.+.+}-{0:0}, at: ksys_write+0xf9/0x1d0\n #1: ffff8886e435c090 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0x216/0x460\n #2: ffff888104d90c38 (kn->active#255){++++}-{0:0}, at: kernfs_remove_self+0x22d/0x330\n #3: ffff8884634538d0 (&queue->queue_lock){+.+.}-{3:3}, at: nvme_tcp_stop_queue+0x52/0xb0 [nvme_tcp]\n #4: ffff888363150d30 (sk_lock-AF_INET){+.+.}-{0:0}, at: inet_shutdown+0x59/0x300\n\nstack backtrace:\nCPU: 26 PID: 1324 Comm: nvme Tainted: G I 5.12.0-rc3 #1\nHardware name: Dell Inc. PowerEdge R640/06NR82, BIOS 2.10.0 11/12/2020\nCall Trace:\n dump_stack+0x93/0xc2\n mark_lock_irq.cold+0x2c/0xb3\n ? verify_lock_unused+0x390/0x390\n ? stack_trace_consume_entry+0x160/0x160\n ? lock_downgrade+0x100/0x100\n ? save_trace+0x88/0x5e0\n ? _raw_spin_unlock_irqrestore+0x2d/0x40\n mark_lock+0x530/0x1470\n ? mark_lock_irq+0x1d10/0x1d10\n ? enqueue_timer+0x660/0x660\n mark_usage+0x215/0x2a0\n __lock_acquire+0x79b/0x18d0\n ? tcp_schedule_loss_probe.part.0+0x38c/0x520\n lock_acquire+0x1ca/0x480\n ? nvme_tcp_state_change+0x21/0x150 [nvme_tcp]\n ? rcu_read_unlock+0x40/0x40\n ? tcp_mtu_probe+0x1ae0/0x1ae0\n ? kmalloc_reserve+0xa0/0xa0\n ? sysfs_file_ops+0x170/0x170\n _raw_read_lock+0x3d/0xa0\n ? nvme_tcp_state_change+0x21/0x150 [nvme_tcp]\n nvme_tcp_state_change+0x21/0x150 [nvme_tcp]\n ? sysfs_file_ops\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47041 was patched at 2024-05-15

8816. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47043) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: venus: core: Fix some resource leaks in the error path of 'venus_probe()'\n\nIf an error occurs after a successful 'of_icc_get()' call, it must be\nundone.\n\nUse 'devm_of_icc_get()' instead of 'of_icc_get()' to avoid the leak.\nUpdate the remove function accordingly and axe the now unneeded\n'icc_put()' calls.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47043 was patched at 2024-05-15

8817. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47044) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched/fair: Fix shift-out-of-bounds in load_balance()\n\nSyzbot reported a handful of occurrences where an sd->nr_balance_failed can\ngrow to much higher values than one would expect.\n\nA successful load_balance() resets it to 0; a failed one increments\nit. Once it gets to sd->cache_nice_tries + 3, this *should* trigger an\nactive balance, which will either set it to sd->cache_nice_tries+1 or reset\nit to 0. However, in case the to-be-active-balanced task is not allowed to\nrun on env->dst_cpu, then the increment is done without any further\nmodification.\n\nThis could then be repeated ad nauseam, and would explain the absurdly high\nvalues reported by syzbot (86, 149). VincentG noted there is value in\nletting sd->cache_nice_tries grow, so the shift itself should be\nfixed. That means preventing:\n\n """\n If the value of the right operand is negative or is greater than or equal\n to the width of the promoted left operand, the behavior is undefined.\n """\n\nThus we need to cap the shift exponent to\n BITS_PER_TYPE(typeof(lefthand)) - 1.\n\nI had a look around for other similar cases via coccinelle:\n\n @expr@\n position pos;\n expression E1;\n expression E2;\n @@\n (\n E1 >> E2@pos\n |\n E1 >> E2@pos\n )\n\n @cst depends on expr@\n position pos;\n expression expr.E1;\n constant cst;\n @@\n (\n E1 >> cst@pos\n |\n E1 << cst@pos\n )\n\n @script:python depends on !cst@\n pos << expr.pos;\n exp << expr.E2;\n @@\n # Dirty hack to ignore constexpr\n if exp.upper() != exp:\n coccilib.report.print_report(pos[0], "Possible UB shift here")\n\nThe only other match in kernel/sched is rq_clock_thermal() which employs\nsched_thermal_decay_shift, and that exponent is already capped to 10, so\nthat one is fine.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47044 was patched at 2024-05-15

8818. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47046) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix off by one in hdmi_14_process_transaction()\n\nThe hdcp_i2c_offsets[] array did not have an entry for\nHDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE so it led to an off by one\nread overflow. I added an entry and copied the 0x0 value for the offset\nfrom similar code in drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c.\n\nI also declared several of these arrays as having HDCP_MESSAGE_ID_MAX\nentries. This doesn't change the code, but it's just a belt and\nsuspenders approach to try future proof the code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47046 was patched at 2024-05-15

8819. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47047) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails\n\nThe spi controller supports 44-bit address space on AXI in DMA mode,\nso set dma_addr_t width to 44-bit to avoid using a swiotlb mapping.\nIn addition, if dma_map_single fails, it should return immediately\ninstead of continuing doing the DMA operation which bases on invalid\naddress.\n\nThis fixes the following crash which occurs in reading a big block\nfrom flash:\n\n[ 123.633577] zynqmp-qspi ff0f0000.spi: swiotlb buffer is full (sz: 4194304 bytes), total 32768 (slots), used 0 (slots)\n[ 123.644230] zynqmp-qspi ff0f0000.spi: ERR:rxdma:memory not mapped\n[ 123.784625] Unable to handle kernel paging request at virtual address 00000000003fffc0\n[ 123.792536] Mem abort info:\n[ 123.795313] ESR = 0x96000145\n[ 123.798351] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 123.803655] SET = 0, FnV = 0\n[ 123.806693] EA = 0, S1PTW = 0\n[ 123.809818] Data abort info:\n[ 123.812683] ISV = 0, ISS = 0x00000145\n[ 123.816503] CM = 1, WnR = 1\n[ 123.819455] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000805047000\n[ 123.825887] [00000000003fffc0] pgd=0000000803b45003, p4d=0000000803b45003, pud=0000000000000000\n[ 123.834586] Internal error: Oops: 96000145 [#1] PREEMPT SMP', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47047 was patched at 2024-05-15

8820. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47050) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmemory: renesas-rpc-if: fix possible NULL pointer dereference of resource\n\nThe platform_get_resource_byname() can return NULL which would be\nimmediately dereferenced by resource_size(). Instead dereference it\nafter validating the resource.\n\nAddresses-Coverity: Dereference null return value', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47050 was patched at 2024-05-15

8821. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47051) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware()\n\npm_runtime_get_sync will increment pm usage counter even it failed.\nForgetting to putting operation will result in reference leak here.\nFix it by replacing it with pm_runtime_resume_and_get to keep usage\ncounter balanced.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47051 was patched at 2024-05-15

8822. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47054) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbus: qcom: Put child node before return\n\nPut child node before return to fix potential reference count leak.\nGenerally, the reference count of child is incremented and decremented\nautomatically in the macro for_each_available_child_of_node() and should\nbe decremented manually if the loop is broken in loop body.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47054 was patched at 2024-05-15

8823. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47055) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: require write permissions for locking and badblock ioctls\n\nMEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require\nwrite permission. Depending on the hardware MEMLOCK might even be\nwrite-once, e.g. for SPI-NOR flashes with their WP# tied to GND. OTPLOCK\nis always write-once.\n\nMEMSETBADBLOCK modifies the bad block table.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2021-47055 was patched at 2024-06-05

debian: CVE-2021-47055 was patched at 2024-05-15

oraclelinux: CVE-2021-47055 was patched at 2024-06-05

redhat: CVE-2021-47055 was patched at 2024-06-05

8824. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47056) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init\n\nADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2pf_shutdown()\nbefore calling adf_iov_putmsg()->mutex_lock(vf2pf_lock), however the\nvf2pf_lock is initialized in adf_dev_init(), which can fail and when it\nfail, the vf2pf_lock is either not initialized or destroyed, a subsequent\nuse of vf2pf_lock will cause issue.\nTo fix this issue, only set this flag if adf_dev_init() returns 0.\n\n[ 7.178404] BUG: KASAN: user-memory-access in __mutex_lock.isra.0+0x1ac/0x7c0\n[ 7.180345] Call Trace:\n[ 7.182576] mutex_lock+0xc9/0xd0\n[ 7.183257] adf_iov_putmsg+0x118/0x1a0 [intel_qat]\n[ 7.183541] adf_vf2pf_shutdown+0x4d/0x7b [intel_qat]\n[ 7.183834] adf_dev_shutdown+0x172/0x2b0 [intel_qat]\n[ 7.184127] adf_probe+0x5e9/0x600 [qat_dh895xccvf]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47056 was patched at 2024-05-15

8825. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47065) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrtw88: Fix array overrun in rtw_get_tx_power_params()\n\nUsing a kernel with the Undefined Behaviour Sanity Checker (UBSAN) enabled, the\nfollowing array overrun is logged:\n\n================================================================================\nUBSAN: array-index-out-of-bounds in /home/finger/wireless-drivers-next/drivers/net/wireless/realtek/rtw88/phy.c:1789:34\nindex 5 is out of range for type 'u8 [5]'\nCPU: 2 PID: 84 Comm: kworker/u16:3 Tainted: G O 5.12.0-rc5-00086-gd88bba47038e-dirty #651\nHardware name: TOSHIBA TECRA A50-A/TECRA A50-A, BIOS Version 4.50 09/29/2014\nWorkqueue: phy0 ieee80211_scan_work [mac80211]\nCall Trace:\n dump_stack+0x64/0x7c\n ubsan_epilogue+0x5/0x40\n __ubsan_handle_out_of_bounds.cold+0x43/0x48\n rtw_get_tx_power_params+0x83a/drivers/net/wireless/realtek/rtw88/0xad0 [rtw_core]\n ? rtw_pci_read16+0x20/0x20 [rtw_pci]\n ? check_hw_ready+0x50/0x90 [rtw_core]\n rtw_phy_get_tx_power_index+0x4d/0xd0 [rtw_core]\n rtw_phy_set_tx_power_level+0xee/0x1b0 [rtw_core]\n rtw_set_channel+0xab/0x110 [rtw_core]\n rtw_ops_config+0x87/0xc0 [rtw_core]\n ieee80211_hw_config+0x9d/0x130 [mac80211]\n ieee80211_scan_state_set_channel+0x81/0x170 [mac80211]\n ieee80211_scan_work+0x19f/0x2a0 [mac80211]\n process_one_work+0x1dd/0x3a0\n worker_thread+0x49/0x330\n ? rescuer_thread+0x3a0/0x3a0\n kthread+0x134/0x150\n ? kthread_create_worker_on_cpu+0x70/0x70\n ret_from_fork+0x22/0x30\n================================================================================\n\nThe statement where an array is being overrun is shown in the following snippet:\n\n\tif (rate <= DESC_RATE11M)\n\t\ttx_power = pwr_idx_2g->cck_base[group];\n\telse\n====>\t\ttx_power = pwr_idx_2g->bw40_base[group];\n\nThe associated arrays are defined in main.h as follows:\n\nstruct rtw_2g_txpwr_idx {\n\tu8 cck_base[6];\n\tu8 bw40_base[5];\n\tstruct rtw_2g_1s_pwr_idx_diff ht_1s_diff;\n\tstruct rtw_2g_ns_pwr_idx_diff ht_2s_diff;\n\tstruct rtw_2g_ns_pwr_idx_diff ht_3s_diff;\n\tstruct rtw_2g_ns_pwr_idx_diff ht_4s_diff;\n};\n\nThe problem arises because the value of group is 5 for channel 14. The trivial\nincrease in the dimension of bw40_base fails as this struct must match the layout of\nefuse. The fix is to add the rate as an argument to rtw_get_channel_group() and set\nthe group for channel 14 to 4 if rate <= DESC_RATE11M.\n\nThis patch fixes commit fa6dfe6bff24 ("rtw88: resolve order of tx power setting routines")', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47065 was patched at 2024-05-15

8826. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47069) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry\n\ndo_mq_timedreceive calls wq_sleep with a stack local address. The\nsender (do_mq_timedsend) uses this address to later call pipelined_send.\n\nThis leads to a very hard to trigger race where a do_mq_timedreceive\ncall might return and leave do_mq_timedsend to rely on an invalid\naddress, causing the following crash:\n\n RIP: 0010:wake_q_add_safe+0x13/0x60\n Call Trace:\n __x64_sys_mq_timedsend+0x2a9/0x490\n do_syscall_64+0x80/0x680\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n RIP: 0033:0x7f5928e40343\n\nThe race occurs as:\n\n1. do_mq_timedreceive calls wq_sleep with the address of `struct\n ext_wait_queue` on function stack (aliased as `ewq_addr` here) - it\n holds a valid `struct ext_wait_queue *` as long as the stack has not\n been overwritten.\n\n2. `ewq_addr` gets added to info->e_wait_q[RECV].list in wq_add, and\n do_mq_timedsend receives it via wq_get_first_waiter(info, RECV) to call\n __pipelined_op.\n\n3. Sender calls __pipelined_op::smp_store_release(&this->state,\n STATE_READY). Here is where the race window begins. (`this` is\n `ewq_addr`.)\n\n4. If the receiver wakes up now in do_mq_timedreceive::wq_sleep, it\n will see `state == STATE_READY` and break.\n\n5. do_mq_timedreceive returns, and `ewq_addr` is no longer guaranteed\n to be a `struct ext_wait_queue *` since it was on do_mq_timedreceive's\n stack. (Although the address may not get overwritten until another\n function happens to touch it, which means it can persist around for an\n indefinite time.)\n\n6. do_mq_timedsend::__pipelined_op() still believes `ewq_addr` is a\n `struct ext_wait_queue *`, and uses it to find a task_struct to pass to\n the wake_q_add_safe call. In the lucky case where nothing has\n overwritten `ewq_addr` yet, `ewq_addr->task` is the right task_struct.\n In the unlucky case, __pipelined_op::wake_q_add_safe gets handed a\n bogus address as the receiver's task_struct causing the crash.\n\ndo_mq_timedsend::__pipelined_op() should not dereference `this` after\nsetting STATE_READY, as the receiver counterpart is now free to return.\nChange __pipelined_op to call wake_q_add_safe on the receiver's\ntask_struct returned by get_task_struct, instead of dereferencing `this`\nwhich sits on the receiver's stack.\n\nAs Manfred pointed out, the race potentially also exists in\nipc/msg.c::expunge_all and ipc/sem.c::wake_up_sem_queue_prepare. Fix\nthose in the same way.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47069 was patched at 2024-05-15

8827. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47073) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios\n\ninit_dell_smbios_wmi() only registers the dell_smbios_wmi_driver on systems\nwhere the Dell WMI interface is supported. While exit_dell_smbios_wmi()\nunregisters it unconditionally, this leads to the following oops:\n\n[ 175.722921] ------------[ cut here ]------------\n[ 175.722925] Unexpected driver unregister!\n[ 175.722939] WARNING: CPU: 1 PID: 3630 at drivers/base/driver.c:194 driver_unregister+0x38/0x40\n...\n[ 175.723089] Call Trace:\n[ 175.723094] cleanup_module+0x5/0xedd [dell_smbios]\n...\n[ 175.723148] ---[ end trace 064c34e1ad49509d ]---\n\nMake the unregister happen on the same condition the register happens\nto fix this.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47073 was patched at 2024-05-15

8828. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47077) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qedf: Add pointer checks in qedf_update_link_speed()\n\nThe following trace was observed:\n\n [ 14.042059] Call Trace:\n [ 14.042061] <IRQ>\n [ 14.042068] qedf_link_update+0x144/0x1f0 [qedf]\n [ 14.042117] qed_link_update+0x5c/0x80 [qed]\n [ 14.042135] qed_mcp_handle_link_change+0x2d2/0x410 [qed]\n [ 14.042155] ? qed_set_ptt+0x70/0x80 [qed]\n [ 14.042170] ? qed_set_ptt+0x70/0x80 [qed]\n [ 14.042186] ? qed_rd+0x13/0x40 [qed]\n [ 14.042205] qed_mcp_handle_events+0x437/0x690 [qed]\n [ 14.042221] ? qed_set_ptt+0x70/0x80 [qed]\n [ 14.042239] qed_int_sp_dpc+0x3a6/0x3e0 [qed]\n [ 14.042245] tasklet_action_common.isra.14+0x5a/0x100\n [ 14.042250] __do_softirq+0xe4/0x2f8\n [ 14.042253] irq_exit+0xf7/0x100\n [ 14.042255] do_IRQ+0x7f/0xd0\n [ 14.042257] common_interrupt+0xf/0xf\n [ 14.042259] </IRQ>\n\nAPI qedf_link_update() is getting called from QED but by that time\nshost_data is not initialised. This results in a NULL pointer dereference\nwhen we try to dereference shost_data while updating supported_speeds.\n\nAdd a NULL pointer check before dereferencing shost_data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47077 was patched at 2024-05-15

8829. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47082) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntun: avoid double free in tun_free_netdev\n\nAvoid double free in tun_free_netdev() by moving the\ndev->tstats and tun->security allocs to a new ndo_init routine\n(tun_net_init()) that will be called by register_netdevice().\nndo_init is paired with the desctructor (tun_free_netdev()),\nso if there's an error in register_netdevice() the destructor\nwill handle the frees.\n\nBUG: KASAN: double-free or invalid-free in selinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605\n\nCPU: 0 PID: 25750 Comm: syz-executor416 Not tainted 5.16.0-rc2-syzk #1\nHardware name: Red Hat KVM, BIOS\nCall Trace:\n<TASK>\n__dump_stack lib/dump_stack.c:88 [inline]\ndump_stack_lvl+0x89/0xb5 lib/dump_stack.c:106\nprint_address_description.constprop.9+0x28/0x160 mm/kasan/report.c:247\nkasan_report_invalid_free+0x55/0x80 mm/kasan/report.c:372\n____kasan_slab_free mm/kasan/common.c:346 [inline]\n__kasan_slab_free+0x107/0x120 mm/kasan/common.c:374\nkasan_slab_free include/linux/kasan.h:235 [inline]\nslab_free_hook mm/slub.c:1723 [inline]\nslab_free_freelist_hook mm/slub.c:1749 [inline]\nslab_free mm/slub.c:3513 [inline]\nkfree+0xac/0x2d0 mm/slub.c:4561\nselinux_tun_dev_free_security+0x1a/0x20 security/selinux/hooks.c:5605\nsecurity_tun_dev_free_security+0x4f/0x90 security/security.c:2342\ntun_free_netdev+0xe6/0x150 drivers/net/tun.c:2215\nnetdev_run_todo+0x4df/0x840 net/core/dev.c:10627\nrtnl_unlock+0x13/0x20 net/core/rtnetlink.c:112\n__tun_chr_ioctl+0x80c/0x2870 drivers/net/tun.c:3302\ntun_chr_ioctl+0x2f/0x40 drivers/net/tun.c:3311\nvfs_ioctl fs/ioctl.c:51 [inline]\n__do_sys_ioctl fs/ioctl.c:874 [inline]\n__se_sys_ioctl fs/ioctl.c:860 [inline]\n__x64_sys_ioctl+0x19d/0x220 fs/ioctl.c:860\ndo_syscall_x64 arch/x86/entry/common.c:50 [inline]\ndo_syscall_64+0x3a/0x80 arch/x86/entry/common.c:80\nentry_SYSCALL_64_after_hwframe+0x44/0xae', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47082 was patched at 2024-05-15

8830. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47083) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: mediatek: fix global-out-of-bounds issue\n\nWhen eint virtual eint number is greater than gpio number,\nit maybe produce 'desc[eint_n]' size globle-out-of-bounds issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47083 was patched at 2024-05-15

8831. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47086) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nphonet/pep: refuse to enable an unbound pipe\n\nThis ioctl() implicitly assumed that the socket was already bound to\na valid local socket name, i.e. Phonet object. If the socket was not\nbound, two separate problems would occur:\n\n1) We'd send an pipe enablement request with an invalid source object.\n2) Later socket calls could BUG on the socket unexpectedly being\n connected yet not bound to a valid object.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47086 was patched at 2024-05-15

8832. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47087) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntee: optee: Fix incorrect page free bug\n\nPointer to the allocated pages (struct page *page) has already\nprogressed towards the end of allocation. It is incorrect to perform\n__free_pages(page, order) using this pointer as we would free any\narbitrary pages. Fix this by stop modifying the page pointer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47087 was patched at 2024-05-15

8833. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47088) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/dbgfs: protect targets destructions with kdamond_lock\n\nDAMON debugfs interface iterates current monitoring targets in\n'dbgfs_target_ids_read()' while holding the corresponding\n'kdamond_lock'. However, it also destructs the monitoring targets in\n'dbgfs_before_terminate()' without holding the lock. This can result in\na use_after_free bug. This commit avoids the race by protecting the\ndestruction with the corresponding 'kdamond_lock'.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47088 was patched at 2024-05-15

8834. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47090) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hwpoison: clear MF_COUNT_INCREASED before retrying get_any_page()\n\nHulk Robot reported a panic in put_page_testzero() when testing\nmadvise() with MADV_SOFT_OFFLINE. The BUG() is triggered when retrying\nget_any_page(). This is because we keep MF_COUNT_INCREASED flag in\nsecond try but the refcnt is not increased.\n\n page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)\n ------------[ cut here ]------------\n kernel BUG at include/linux/mm.h:737!\n invalid opcode: 0000 [#1] PREEMPT SMP\n CPU: 5 PID: 2135 Comm: sshd Tainted: G B 5.16.0-rc6-dirty #373\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\n RIP: release_pages+0x53f/0x840\n Call Trace:\n free_pages_and_swap_cache+0x64/0x80\n tlb_flush_mmu+0x6f/0x220\n unmap_page_range+0xe6c/0x12c0\n unmap_single_vma+0x90/0x170\n unmap_vmas+0xc4/0x180\n exit_mmap+0xde/0x3a0\n mmput+0xa3/0x250\n do_exit+0x564/0x1470\n do_group_exit+0x3b/0x100\n __do_sys_exit_group+0x13/0x20\n __x64_sys_exit_group+0x16/0x20\n do_syscall_64+0x34/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n Modules linked in:\n ---[ end trace e99579b570fe0649 ]---\n RIP: 0010:release_pages+0x53f/0x840', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47090 was patched at 2024-05-15

8835. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47091) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmac80211: fix locking in ieee80211_start_ap error path\n\nWe need to hold the local->mtx to release the channel context,\nas even encoded by the lockdep_assert_held() there. Fix it.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47091 was patched at 2024-05-15

8836. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47092) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: VMX: Always clear vmx->fail on emulation_required\n\nRevert a relatively recent change that set vmx->fail if the vCPU is in L2\nand emulation_required is true, as that behavior is completely bogus.\nSetting vmx->fail and synthesizing a VM-Exit is contradictory and wrong:\n\n (a) it's impossible to have both a VM-Fail and VM-Exit\n (b) vmcs.EXIT_REASON is not modified on VM-Fail\n (c) emulation_required refers to guest state and guest state checks are\n always VM-Exits, not VM-Fails.\n\nFor KVM specifically, emulation_required is handled before nested exits\nin __vmx_handle_exit(), thus setting vmx->fail has no immediate effect,\ni.e. KVM calls into handle_invalid_guest_state() and vmx->fail is ignored.\nSetting vmx->fail can ultimately result in a WARN in nested_vmx_vmexit()\nfiring when tearing down the VM as KVM never expects vmx->fail to be set\nwhen L2 is active, KVM always reflects those errors into L1.\n\n ------------[ cut here ]------------\n WARNING: CPU: 0 PID: 21158 at arch/x86/kvm/vmx/nested.c:4548\n nested_vmx_vmexit+0x16bd/0x17e0\n arch/x86/kvm/vmx/nested.c:4547\n Modules linked in:\n CPU: 0 PID: 21158 Comm: syz-executor.1 Not tainted 5.16.0-rc3-syzkaller #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n RIP: 0010:nested_vmx_vmexit+0x16bd/0x17e0 arch/x86/kvm/vmx/nested.c:4547\n Code: <0f> 0b e9 2e f8 ff ff e8 57 b3 5d 00 0f 0b e9 00 f1 ff ff 89 e9 80\n Call Trace:\n vmx_leave_nested arch/x86/kvm/vmx/nested.c:6220 [inline]\n nested_vmx_free_vcpu+0x83/0xc0 arch/x86/kvm/vmx/nested.c:330\n vmx_free_vcpu+0x11f/0x2a0 arch/x86/kvm/vmx/vmx.c:6799\n kvm_arch_vcpu_destroy+0x6b/0x240 arch/x86/kvm/x86.c:10989\n kvm_vcpu_destroy+0x29/0x90 arch/x86/kvm/../../../virt/kvm/kvm_main.c:441\n kvm_free_vcpus arch/x86/kvm/x86.c:11426 [inline]\n kvm_arch_destroy_vm+0x3ef/0x6b0 arch/x86/kvm/x86.c:11545\n kvm_destroy_vm arch/x86/kvm/../../../virt/kvm/kvm_main.c:1189 [inline]\n kvm_put_kvm+0x751/0xe40 arch/x86/kvm/../../../virt/kvm/kvm_main.c:1220\n kvm_vcpu_release+0x53/0x60 arch/x86/kvm/../../../virt/kvm/kvm_main.c:3489\n __fput+0x3fc/0x870 fs/file_table.c:280\n task_work_run+0x146/0x1c0 kernel/task_work.c:164\n exit_task_work include/linux/task_work.h:32 [inline]\n do_exit+0x705/0x24f0 kernel/exit.c:832\n do_group_exit+0x168/0x2d0 kernel/exit.c:929\n get_signal+0x1740/0x2120 kernel/signal.c:2852\n arch_do_signal_or_restart+0x9c/0x730 arch/x86/kernel/signal.c:868\n handle_signal_work kernel/entry/common.c:148 [inline]\n exit_to_user_mode_loop kernel/entry/common.c:172 [inline]\n exit_to_user_mode_prepare+0x191/0x220 kernel/entry/common.c:207\n __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]\n syscall_exit_to_user_mode+0x2e/0x70 kernel/entry/common.c:300\n do_syscall_64+0x53/0xd0 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x44/0xae', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47092 was patched at 2024-05-15

8837. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47093) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: intel_pmc_core: fix memleak on registration failure\n\nIn case device registration fails during module initialisation, the\nplatform device structure needs to be freed using platform_device_put()\nto properly free all resources (e.g. the device name).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47093 was patched at 2024-05-15

8838. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47095) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: ssif: initialize ssif_info->client early\n\nDuring probe ssif_info->client is dereferenced in error path. However,\nit is set when some of the error checking has already been done. This\ncauses following kernel crash if an error path is taken:\n\n[ 30.645593][ T674] ipmi_ssif 0-000e: ipmi_ssif: Not probing, Interface already present\n[ 30.657616][ T674] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000088\n...\n[ 30.657723][ T674] pc : __dev_printk+0x28/0xa0\n[ 30.657732][ T674] lr : _dev_err+0x7c/0xa0\n...\n[ 30.657772][ T674] Call trace:\n[ 30.657775][ T674] __dev_printk+0x28/0xa0\n[ 30.657778][ T674] _dev_err+0x7c/0xa0\n[ 30.657781][ T674] ssif_probe+0x548/0x900 [ipmi_ssif 62ce4b08badc1458fd896206d9ef69a3c31f3d3e]\n[ 30.657791][ T674] i2c_device_probe+0x37c/0x3c0\n...\n\nInitialize ssif_info->client before any error path can be taken. Clear\ni2c_client data in the error path to prevent the dangling pointer from\nleaking.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47095 was patched at 2024-05-15

8839. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47096) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: rawmidi - fix the uninitalized user_pversion\n\nThe user_pversion was uninitialized for the user space file structure\nin the open function, because the file private structure use\nkmalloc for the allocation.\n\nThe kernel ALSA sequencer code clears the file structure, so no additional\nfixes are required.\n\nBugLink: https://github.com/alsa-project/alsa-lib/issues/178', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47096 was patched at 2024-05-15

8840. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47097) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nInput: elantech - fix stack out of bound access in elantech_change_report_id()\n\nThe array param[] in elantech_change_report_id() must be at least 3\nbytes, because elantech_read_reg_params() is calling ps2_command() with\nPSMOUSE_CMD_GETINFO, that is going to access 3 bytes from param[], but\nit's defined in the stack as an array of 2 bytes, therefore we have a\npotential stack out-of-bounds access here, also confirmed by KASAN:\n\n[ 6.512374] BUG: KASAN: stack-out-of-bounds in __ps2_command+0x372/0x7e0\n[ 6.512397] Read of size 1 at addr ffff8881024d77c2 by task kworker/2:1/118\n\n[ 6.512416] CPU: 2 PID: 118 Comm: kworker/2:1 Not tainted 5.13.0-22-generic #22+arighi20211110\n[ 6.512428] Hardware name: LENOVO 20T8000QGE/20T8000QGE, BIOS R1AET32W (1.08 ) 08/14/2020\n[ 6.512436] Workqueue: events_long serio_handle_event\n[ 6.512453] Call Trace:\n[ 6.512462] show_stack+0x52/0x58\n[ 6.512474] dump_stack+0xa1/0xd3\n[ 6.512487] print_address_description.constprop.0+0x1d/0x140\n[ 6.512502] ? __ps2_command+0x372/0x7e0\n[ 6.512516] __kasan_report.cold+0x7d/0x112\n[ 6.512527] ? _raw_write_lock_irq+0x20/0xd0\n[ 6.512539] ? __ps2_command+0x372/0x7e0\n[ 6.512552] kasan_report+0x3c/0x50\n[ 6.512564] __asan_load1+0x6a/0x70\n[ 6.512575] __ps2_command+0x372/0x7e0\n[ 6.512589] ? ps2_drain+0x240/0x240\n[ 6.512601] ? dev_printk_emit+0xa2/0xd3\n[ 6.512612] ? dev_vprintk_emit+0xc5/0xc5\n[ 6.512621] ? __kasan_check_write+0x14/0x20\n[ 6.512634] ? mutex_lock+0x8f/0xe0\n[ 6.512643] ? __mutex_lock_slowpath+0x20/0x20\n[ 6.512655] ps2_command+0x52/0x90\n[ 6.512670] elantech_ps2_command+0x4f/0xc0 [psmouse]\n[ 6.512734] elantech_change_report_id+0x1e6/0x256 [psmouse]\n[ 6.512799] ? elantech_report_trackpoint.constprop.0.cold+0xd/0xd [psmouse]\n[ 6.512863] ? ps2_command+0x7f/0x90\n[ 6.512877] elantech_query_info.cold+0x6bd/0x9ed [psmouse]\n[ 6.512943] ? elantech_setup_ps2+0x460/0x460 [psmouse]\n[ 6.513005] ? psmouse_reset+0x69/0xb0 [psmouse]\n[ 6.513064] ? psmouse_attr_set_helper+0x2a0/0x2a0 [psmouse]\n[ 6.513122] ? phys_pmd_init+0x30e/0x521\n[ 6.513137] elantech_init+0x8a/0x200 [psmouse]\n[ 6.513200] ? elantech_init_ps2+0xf0/0xf0 [psmouse]\n[ 6.513249] ? elantech_query_info+0x440/0x440 [psmouse]\n[ 6.513296] ? synaptics_send_cmd+0x60/0x60 [psmouse]\n[ 6.513342] ? elantech_query_info+0x440/0x440 [psmouse]\n[ 6.513388] ? psmouse_try_protocol+0x11e/0x170 [psmouse]\n[ 6.513432] psmouse_extensions+0x65d/0x6e0 [psmouse]\n[ 6.513476] ? psmouse_try_protocol+0x170/0x170 [psmouse]\n[ 6.513519] ? mutex_unlock+0x22/0x40\n[ 6.513526] ? ps2_command+0x7f/0x90\n[ 6.513536] ? psmouse_probe+0xa3/0xf0 [psmouse]\n[ 6.513580] psmouse_switch_protocol+0x27d/0x2e0 [psmouse]\n[ 6.513624] psmouse_connect+0x272/0x530 [psmouse]\n[ 6.513669] serio_driver_probe+0x55/0x70\n[ 6.513679] really_probe+0x190/0x720\n[ 6.513689] driver_probe_device+0x160/0x1f0\n[ 6.513697] device_driver_attach+0x119/0x130\n[ 6.513705] ? device_driver_attach+0x130/0x130\n[ 6.513713] __driver_attach+0xe7/0x1a0\n[ 6.513720] ? device_driver_attach+0x130/0x130\n[ 6.513728] bus_for_each_dev+0xfb/0x150\n[ 6.513738] ? subsys_dev_iter_exit+0x10/0x10\n[ 6.513748] ? _raw_write_unlock_bh+0x30/0x30\n[ 6.513757] driver_attach+0x2d/0x40\n[ 6.513764] serio_handle_event+0x199/0x3d0\n[ 6.513775] process_one_work+0x471/0x740\n[ 6.513785] worker_thread+0x2d2/0x790\n[ 6.513794] ? process_one_work+0x740/0x740\n[ 6.513802] kthread+0x1b4/0x1e0\n[ 6.513809] ? set_kthread_struct+0x80/0x80\n[ 6.513816] ret_from_fork+0x22/0x30\n\n[ 6.513832] The buggy address belongs to the page:\n[ 6.513838] page:00000000bc35e189 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1024d7\n[ 6.513847] flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff)\n[ 6.513860] raw: 0\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47097 was patched at 2024-05-15

8841. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47100) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module\n\nHi,\n\nWhen testing install and uninstall of ipmi_si.ko and ipmi_msghandler.ko,\nthe system crashed.\n\nThe log as follows:\n[ 141.087026] BUG: unable to handle kernel paging request at ffffffffc09b3a5a\n[ 141.087241] PGD 8fe4c0d067 P4D 8fe4c0d067 PUD 8fe4c0f067 PMD 103ad89067 PTE 0\n[ 141.087464] Oops: 0010 [#1] SMP NOPTI\n[ 141.087580] CPU: 67 PID: 668 Comm: kworker/67:1 Kdump: loaded Not tainted 4.18.0.x86_64 #47\n[ 141.088009] Workqueue: events 0xffffffffc09b3a40\n[ 141.088009] RIP: 0010:0xffffffffc09b3a5a\n[ 141.088009] Code: Bad RIP value.\n[ 141.088009] RSP: 0018:ffffb9094e2c3e88 EFLAGS: 00010246\n[ 141.088009] RAX: 0000000000000000 RBX: ffff9abfdb1f04a0 RCX: 0000000000000000\n[ 141.088009] RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246\n[ 141.088009] RBP: 0000000000000000 R08: ffff9abfffee3cb8 R09: 00000000000002e1\n[ 141.088009] R10: ffffb9094cb73d90 R11: 00000000000f4240 R12: ffff9abfffee8700\n[ 141.088009] R13: 0000000000000000 R14: ffff9abfdb1f04a0 R15: ffff9abfdb1f04a8\n[ 141.088009] FS: 0000000000000000(0000) GS:ffff9abfffec0000(0000) knlGS:0000000000000000\n[ 141.088009] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 141.088009] CR2: ffffffffc09b3a30 CR3: 0000008fe4c0a001 CR4: 00000000007606e0\n[ 141.088009] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 141.088009] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 141.088009] PKRU: 55555554\n[ 141.088009] Call Trace:\n[ 141.088009] ? process_one_work+0x195/0x390\n[ 141.088009] ? worker_thread+0x30/0x390\n[ 141.088009] ? process_one_work+0x390/0x390\n[ 141.088009] ? kthread+0x10d/0x130\n[ 141.088009] ? kthread_flush_work_fn+0x10/0x10\n[ 141.088009] ? ret_from_fork+0x35/0x40] BUG: unable to handle kernel paging request at ffffffffc0b28a5a\n[ 200.223240] PGD 97fe00d067 P4D 97fe00d067 PUD 97fe00f067 PMD a580cbf067 PTE 0\n[ 200.223464] Oops: 0010 [#1] SMP NOPTI\n[ 200.223579] CPU: 63 PID: 664 Comm: kworker/63:1 Kdump: loaded Not tainted 4.18.0.x86_64 #46\n[ 200.224008] Workqueue: events 0xffffffffc0b28a40\n[ 200.224008] RIP: 0010:0xffffffffc0b28a5a\n[ 200.224008] Code: Bad RIP value.\n[ 200.224008] RSP: 0018:ffffbf3c8e2a3e88 EFLAGS: 00010246\n[ 200.224008] RAX: 0000000000000000 RBX: ffffa0799ad6bca0 RCX: 0000000000000000\n[ 200.224008] RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000246\n[ 200.224008] RBP: 0000000000000000 R08: ffff9fe43fde3cb8 R09: 00000000000000d5\n[ 200.224008] R10: ffffbf3c8cb53d90 R11: 00000000000f4240 R12: ffff9fe43fde8700\n[ 200.224008] R13: 0000000000000000 R14: ffffa0799ad6bca0 R15: ffffa0799ad6bca8\n[ 200.224008] FS: 0000000000000000(0000) GS:ffff9fe43fdc0000(0000) knlGS:0000000000000000\n[ 200.224008] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 200.224008] CR2: ffffffffc0b28a30 CR3: 00000097fe00a002 CR4: 00000000007606e0\n[ 200.224008] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 200.224008] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 200.224008] PKRU: 55555554\n[ 200.224008] Call Trace:\n[ 200.224008] ? process_one_work+0x195/0x390\n[ 200.224008] ? worker_thread+0x30/0x390\n[ 200.224008] ? process_one_work+0x390/0x390\n[ 200.224008] ? kthread+0x10d/0x130\n[ 200.224008] ? kthread_flush_work_fn+0x10/0x10\n[ 200.224008] ? ret_from_fork+0x35/0x40\n[ 200.224008] kernel fault(0x1) notification starting on CPU 63\n[ 200.224008] kernel fault(0x1) notification finished on CPU 63\n[ 200.224008] CR2: ffffffffc0b28a5a\n[ 200.224008] ---[ end trace c82a412d93f57412 ]---\n\nThe reason is as follows:\nT1: rmmod ipmi_si.\n ->ipmi_unregister_smi()\n -> ipmi_bmc_unregister()\n -> __ipmi_bmc_unregister()\n -> kref_put(&bmc->usecount, cleanup_bmc_device);\n -> schedule_work(&bmc->remove_work);\n\nT2: rmmod ipmi_msghandl\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47100 was patched at 2024-05-15

8842. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47101) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nasix: fix uninit-value in asix_mdio_read()\n\nasix_read_cmd() may read less than sizeof(smsr) bytes and in this case\nsmsr will be uninitialized.\n\nFail log:\nBUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline]\nBUG: KMSAN: uninit-value in asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497\nBUG: KMSAN: uninit-value in asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497\n asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline]\n asix_check_host_enable drivers/net/usb/asix_common.c:82 [inline] drivers/net/usb/asix_common.c:497\n asix_mdio_read+0x3c1/0xb00 drivers/net/usb/asix_common.c:497 drivers/net/usb/asix_common.c:497', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47101 was patched at 2024-05-15

8843. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47102) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: marvell: prestera: fix incorrect structure access\n\nIn line:\n\tupper = info->upper_dev;\nWe access upper_dev field, which is related only for particular events\n(e.g. event == NETDEV_CHANGEUPPER). So, this line cause invalid memory\naccess for another events,\nwhen ptr is not netdev_notifier_changeupper_info.\n\nThe KASAN logs are as follows:\n\n[ 30.123165] BUG: KASAN: stack-out-of-bounds in prestera_netdev_port_event.constprop.0+0x68/0x538 [prestera]\n[ 30.133336] Read of size 8 at addr ffff80000cf772b0 by task udevd/778\n[ 30.139866]\n[ 30.141398] CPU: 0 PID: 778 Comm: udevd Not tainted 5.16.0-rc3 #6\n[ 30.147588] Hardware name: DNI AmazonGo1 A7040 board (DT)\n[ 30.153056] Call trace:\n[ 30.155547] dump_backtrace+0x0/0x2c0\n[ 30.159320] show_stack+0x18/0x30\n[ 30.162729] dump_stack_lvl+0x68/0x84\n[ 30.166491] print_address_description.constprop.0+0x74/0x2b8\n[ 30.172346] kasan_report+0x1e8/0x250\n[ 30.176102] __asan_load8+0x98/0xe0\n[ 30.179682] prestera_netdev_port_event.constprop.0+0x68/0x538 [prestera]\n[ 30.186847] prestera_netdev_event_handler+0x1b4/0x1c0 [prestera]\n[ 30.193313] raw_notifier_call_chain+0x74/0xa0\n[ 30.197860] call_netdevice_notifiers_info+0x68/0xc0\n[ 30.202924] register_netdevice+0x3cc/0x760\n[ 30.207190] register_netdev+0x24/0x50\n[ 30.211015] prestera_device_register+0x8a0/0xba0 [prestera]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47102 was patched at 2024-05-15

8844. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47105) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: xsk: return xsk buffers back to pool when cleaning the ring\n\nCurrently we only NULL the xdp_buff pointer in the internal SW ring but\nwe never give it back to the xsk buffer pool. This means that buffers\ncan be leaked out of the buff pool and never be used again.\n\nAdd missing xsk_buff_free() call to the routine that is supposed to\nclean the entries that are left in the ring so that these buffers in the\numem can be used by other sockets.\n\nAlso, only go through the space that is actually left to be cleaned\ninstead of a whole ring.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47105 was patched at 2024-05-15

8845. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47108) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: hdmi: Perform NULL pointer check for mtk_hdmi_conf\n\nIn commit 41ca9caaae0b\n("drm/mediatek: hdmi: Add check for CEA modes only") a check\nfor CEA modes was added to function mtk_hdmi_bridge_mode_valid()\nin order to address possible issues on MT8167;\nmoreover, with commit c91026a938c2\n("drm/mediatek: hdmi: Add optional limit on maximal HDMI mode clock")\nanother similar check was introduced.\n\nUnfortunately though, at the time of writing, MT8173 does not provide\nany mtk_hdmi_conf structure and this is crashing the kernel with NULL\npointer upon entering mtk_hdmi_bridge_mode_valid(), which happens as\nsoon as a HDMI cable gets plugged in.\n\nTo fix this regression, add a NULL pointer check for hdmi->conf in the\nsaid function, restoring HDMI functionality and avoiding NULL pointer\nkernel panics.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47108 was patched at 2024-05-15

8846. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47109) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nneighbour: allow NUD_NOARP entries to be forced GCed\n\nIFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to\nfill up the neighbour table with enough entries that it will overflow for\nvalid connections after that.\n\nThis behaviour is more prevalent after commit 58956317c8de ("neighbor:\nImprove garbage collection") is applied, as it prevents removal from\nentries that are not NUD_FAILED, unless they are more than 5s old.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47109 was patched at 2024-05-15

8847. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47112) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/kvm: Teardown PV features on boot CPU as well\n\nVarious PV features (Async PF, PV EOI, steal time) work through memory\nshared with hypervisor and when we restore from hibernation we must\nproperly teardown all these features to make sure hypervisor doesn't\nwrite to stale locations after we jump to the previously hibernated kernel\n(which can try to place anything there). For secondary CPUs the job is\nalready done by kvm_cpu_down_prepare(), register syscore ops to do\nthe same for boot CPU.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47112 was patched at 2024-05-15

8848. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47113) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: abort in rename_exchange if we fail to insert the second ref\n\nError injection stress uncovered a problem where we'd leave a dangling\ninode ref if we failed during a rename_exchange. This happens because\nwe insert the inode ref for one side of the rename, and then for the\nother side. If this second inode ref insert fails we'll leave the first\none dangling and leave a corrupt file system behind. Fix this by\naborting if we did the insert for the first inode ref.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47113 was patched at 2024-05-15

8849. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47114) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix data corruption by fallocate\n\nWhen fallocate punches holes out of inode size, if original isize is in\nthe middle of last cluster, then the part from isize to the end of the\ncluster will be zeroed with buffer write, at that time isize is not yet\nupdated to match the new size, if writeback is kicked in, it will invoke\nocfs2_writepage()->block_write_full_page() where the pages out of inode\nsize will be dropped. That will cause file corruption. Fix this by\nzero out eof blocks when extending the inode size.\n\nRunning the following command with qemu-image 4.2.1 can get a corrupted\ncoverted image file easily.\n\n qemu-img convert -p -t none -T none -f qcow2 $qcow_image \\\n -O qcow2 -o compat=1.1 $qcow_image.conv\n\nThe usage of fallocate in qemu is like this, it first punches holes out\nof inode size, then extend the inode size.\n\n fallocate(11, FALLOC_FL_KEEP_SIZE|FALLOC_FL_PUNCH_HOLE, 2276196352, 65536) = 0\n fallocate(11, 0, 2276196352, 65536) = 0\n\nv1: https://www.spinics.net/lists/linux-fsdevel/msg193999.html\nv2: https://lore.kernel.org/linux-fsdevel/20210525093034.GB4112@quack2.suse.cz/T/', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47114 was patched at 2024-05-15

8850. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47117) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed\n\nWe got follow bug_on when run fsstress with injecting IO fault:\n[130747.323114] kernel BUG at fs/ext4/extents_status.c:762!\n[130747.323117] Internal error: Oops - BUG: 0 [#1] SMP\n......\n[130747.334329] Call trace:\n[130747.334553] ext4_es_cache_extent+0x150/0x168 [ext4]\n[130747.334975] ext4_cache_extents+0x64/0xe8 [ext4]\n[130747.335368] ext4_find_extent+0x300/0x330 [ext4]\n[130747.335759] ext4_ext_map_blocks+0x74/0x1178 [ext4]\n[130747.336179] ext4_map_blocks+0x2f4/0x5f0 [ext4]\n[130747.336567] ext4_mpage_readpages+0x4a8/0x7a8 [ext4]\n[130747.336995] ext4_readpage+0x54/0x100 [ext4]\n[130747.337359] generic_file_buffered_read+0x410/0xae8\n[130747.337767] generic_file_read_iter+0x114/0x190\n[130747.338152] ext4_file_read_iter+0x5c/0x140 [ext4]\n[130747.338556] __vfs_read+0x11c/0x188\n[130747.338851] vfs_read+0x94/0x150\n[130747.339110] ksys_read+0x74/0xf0\n\nThis patch's modification is according to Jan Kara's suggestion in:\nhttps://patchwork.ozlabs.org/project/linux-ext4/patch/20210428085158.3728201-1-yebin10@huawei.com/\n"I see. Now I understand your patch. Honestly, seeing how fragile is trying\nto fix extent tree after split has failed in the middle, I would probably\ngo even further and make sure we fix the tree properly in case of ENOSPC\nand EDQUOT (those are easily user triggerable). Anything else indicates a\nHW problem or fs corruption so I'd rather leave the extent tree as is and\ndon't try to fix it (which also means we will not create overlapping\nextents)."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47117 was patched at 2024-05-15

8851. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47120) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nHID: magicmouse: fix NULL-deref on disconnect\n\nCommit 9d7b18668956 ("HID: magicmouse: add support for Apple Magic\nTrackpad 2") added a sanity check for an Apple trackpad but returned\nsuccess instead of -ENODEV when the check failed. This means that the\nremove callback will dereference the never-initialised driver data\npointer when the driver is later unbound (e.g. on USB disconnect).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47120 was patched at 2024-05-15

8852. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47126) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions\n\nReported by syzbot:\nHEAD commit: 90c911ad Merge tag 'fixes' of git://git.kernel.org/pub/scm..\ngit tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master\ndashboard link: https://syzkaller.appspot.com/bug?extid=123aa35098fd3c000eb7\ncompiler: Debian clang version 11.0.1-2\n\n==================================================================\nBUG: KASAN: slab-out-of-bounds in fib6_nh_get_excptn_bucket net/ipv6/route.c:1604 [inline]\nBUG: KASAN: slab-out-of-bounds in fib6_nh_flush_exceptions+0xbd/0x360 net/ipv6/route.c:1732\nRead of size 8 at addr ffff8880145c78f8 by task syz-executor.4/17760\n\nCPU: 0 PID: 17760 Comm: syz-executor.4 Not tainted 5.12.0-rc8-syzkaller #0\nCall Trace:\n <IRQ>\n __dump_stack lib/dump_stack.c:79 [inline]\n dump_stack+0x202/0x31e lib/dump_stack.c:120\n print_address_description+0x5f/0x3b0 mm/kasan/report.c:232\n __kasan_report mm/kasan/report.c:399 [inline]\n kasan_report+0x15c/0x200 mm/kasan/report.c:416\n fib6_nh_get_excptn_bucket net/ipv6/route.c:1604 [inline]\n fib6_nh_flush_exceptions+0xbd/0x360 net/ipv6/route.c:1732\n fib6_nh_release+0x9a/0x430 net/ipv6/route.c:3536\n fib6_info_destroy_rcu+0xcb/0x1c0 net/ipv6/ip6_fib.c:174\n rcu_do_batch kernel/rcu/tree.c:2559 [inline]\n rcu_core+0x8f6/0x1450 kernel/rcu/tree.c:2794\n __do_softirq+0x372/0x7a6 kernel/softirq.c:345\n invoke_softirq kernel/softirq.c:221 [inline]\n __irq_exit_rcu+0x22c/0x260 kernel/softirq.c:422\n irq_exit_rcu+0x5/0x20 kernel/softirq.c:434\n sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1100\n </IRQ>\n asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:632\nRIP: 0010:lock_acquire+0x1f6/0x720 kernel/locking/lockdep.c:5515\nCode: f6 84 24 a1 00 00 00 02 0f 85 8d 02 00 00 f7 c3 00 02 00 00 49 bd 00 00 00 00 00 fc ff df 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 3d 00 00 00 00 00 4b c7 44 3d 09 00 00 00 00 43 c7 44 3d\nRSP: 0018:ffffc90009e06560 EFLAGS: 00000206\nRAX: 1ffff920013c0cc0 RBX: 0000000000000246 RCX: dffffc0000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffffc90009e066e0 R08: dffffc0000000000 R09: fffffbfff1f992b1\nR10: fffffbfff1f992b1 R11: 0000000000000000 R12: 0000000000000000\nR13: dffffc0000000000 R14: 0000000000000000 R15: 1ffff920013c0cb4\n rcu_lock_acquire+0x2a/0x30 include/linux/rcupdate.h:267\n rcu_read_lock include/linux/rcupdate.h:656 [inline]\n ext4_get_group_info+0xea/0x340 fs/ext4/ext4.h:3231\n ext4_mb_prefetch+0x123/0x5d0 fs/ext4/mballoc.c:2212\n ext4_mb_regular_allocator+0x8a5/0x28f0 fs/ext4/mballoc.c:2379\n ext4_mb_new_blocks+0xc6e/0x24f0 fs/ext4/mballoc.c:4982\n ext4_ext_map_blocks+0x2be3/0x7210 fs/ext4/extents.c:4238\n ext4_map_blocks+0xab3/0x1cb0 fs/ext4/inode.c:638\n ext4_getblk+0x187/0x6c0 fs/ext4/inode.c:848\n ext4_bread+0x2a/0x1c0 fs/ext4/inode.c:900\n ext4_append+0x1a4/0x360 fs/ext4/namei.c:67\n ext4_init_new_dir+0x337/0xa10 fs/ext4/namei.c:2768\n ext4_mkdir+0x4b8/0xc00 fs/ext4/namei.c:2814\n vfs_mkdir+0x45b/0x640 fs/namei.c:3819\n ovl_do_mkdir fs/overlayfs/overlayfs.h:161 [inline]\n ovl_mkdir_real+0x53/0x1a0 fs/overlayfs/dir.c:146\n ovl_create_real+0x280/0x490 fs/overlayfs/dir.c:193\n ovl_workdir_create+0x425/0x600 fs/overlayfs/super.c:788\n ovl_make_workdir+0xed/0x1140 fs/overlayfs/super.c:1355\n ovl_get_workdir fs/overlayfs/super.c:1492 [inline]\n ovl_fill_super+0x39ee/0x5370 fs/overlayfs/super.c:2035\n mount_nodev+0x52/0xe0 fs/super.c:1413\n legacy_get_tree+0xea/0x180 fs/fs_context.c:592\n vfs_get_tree+0x86/0x270 fs/super.c:1497\n do_new_mount fs/namespace.c:2903 [inline]\n path_mount+0x196f/0x2be0 fs/namespace.c:3233\n do_mount fs/namespace.c:3246 [inline]\n __do_sys_mount fs/namespace.c:3454 [inline]\n __se_sys_mount+0x2f9/0x3b0 fs/namespace.c:3431\n do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x4665f9\nCode: ff ff c3 66 2e 0f 1f 84 \n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47126 was patched at 2024-05-15

8853. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47128) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, lockdown, audit: Fix buggy SELinux lockdown permission checks\n\nCommit 59438b46471a ("security,lockdown,selinux: implement SELinux lockdown")\nadded an implementation of the locked_down LSM hook to SELinux, with the aim\nto restrict which domains are allowed to perform operations that would breach\nlockdown. This is indirectly also getting audit subsystem involved to report\nevents. The latter is problematic, as reported by Ondrej and Serhei, since it\ncan bring down the whole system via audit:\n\n 1) The audit events that are triggered due to calls to security_locked_down()\n can OOM kill a machine, see below details [0].\n\n 2) It also seems to be causing a deadlock via avc_has_perm()/slow_avc_audit()\n when trying to wake up kauditd, for example, when using trace_sched_switch()\n tracepoint, see details in [1]. Triggering this was not via some hypothetical\n corner case, but with existing tools like runqlat & runqslower from bcc, for\n example, which make use of this tracepoint. Rough call sequence goes like:\n\n rq_lock(rq) -> -------------------------+\n trace_sched_switch() -> |\n bpf_prog_xyz() -> +-> deadlock\n selinux_lockdown() -> |\n audit_log_end() -> |\n wake_up_interruptible() -> |\n try_to_wake_up() -> |\n rq_lock(rq) --------------+\n\nWhat's worse is that the intention of 59438b46471a to further restrict lockdown\nsettings for specific applications in respect to the global lockdown policy is\ncompletely broken for BPF. The SELinux policy rule for the current lockdown check\nlooks something like this:\n\n allow <who> <who> : lockdown { <reason> };\n\nHowever, this doesn't match with the 'current' task where the security_locked_down()\nis executed, example: httpd does a syscall. There is a tracing program attached\nto the syscall which triggers a BPF program to run, which ends up doing a\nbpf_probe_read_kernel{,_str}() helper call. The selinux_lockdown() hook does\nthe permission check against 'current', that is, httpd in this example. httpd\nhas literally zero relation to this tracing program, and it would be nonsensical\nhaving to write an SELinux policy rule against httpd to let the tracing helper\npass. The policy in this case needs to be against the entity that is installing\nthe BPF program. For example, if bpftrace would generate a histogram of syscall\ncounts by user space application:\n\n bpftrace -e 'tracepoint:raw_syscalls:sys_enter { @[comm] = count(); }'\n\nbpftrace would then go and generate a BPF program from this internally. One way\nof doing it [for the sake of the example] could be to call bpf_get_current_task()\nhelper and then access current->comm via one of bpf_probe_read_kernel{,_str}()\nhelpers. So the program itself has nothing to do with httpd or any other random\napp doing a syscall here. The BPF program _explicitly initiated_ the lockdown\ncheck. The allow/deny policy belongs in the context of bpftrace: meaning, you\nwant to grant bpftrace access to use these helpers, but other tracers on the\nsystem like my_random_tracer _not_.\n\nTherefore fix all three issues at the same time by taking a completely different\napproach for the security_locked_down() hook, that is, move the check into the\nprogram verification phase where we actually retrieve the BPF func proto. This\nalso reliably gets the task (current) that is trying to install the BPF tracing\nprogram, e.g. bpftrace/bcc/perf/systemtap/etc, and it also fixes the OOM since\nwe're moving this out of the BPF helper's fast-path which can be called several\nmillions of times per second.\n\nThe check is then also in line with other security_locked_down() hooks in the\nsystem where the enforcement is performed at open/load time, for example,\nopen_kcore() for /proc/kcore access or module_sig_check() for module signatures\njust to pick f\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47128 was patched at 2024-05-15

8854. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47129) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: skip expectations for confirmed conntrack\n\nnft_ct_expect_obj_eval() calls nf_ct_ext_add() for a confirmed\nconntrack entry. However, nf_ct_ext_add() can only be called for\n!nf_ct_is_confirmed().\n\n[ 1825.349056] WARNING: CPU: 0 PID: 1279 at net/netfilter/nf_conntrack_extend.c:48 nf_ct_xt_add+0x18e/0x1a0 [nf_conntrack]\n[ 1825.351391] RIP: 0010:nf_ct_ext_add+0x18e/0x1a0 [nf_conntrack]\n[ 1825.351493] Code: 41 5c 41 5d 41 5e 41 5f c3 41 bc 0a 00 00 00 e9 15 ff ff ff ba 09 00 00 00 31 f6 4c 89 ff e8 69 6c 3d e9 eb 96 45 31 ed eb cd <0f> 0b e9 b1 fe ff ff e8 86 79 14 e9 eb bf 0f 1f 40 00 0f 1f 44 00\n[ 1825.351721] RSP: 0018:ffffc90002e1f1e8 EFLAGS: 00010202\n[ 1825.351790] RAX: 000000000000000e RBX: ffff88814f5783c0 RCX: ffffffffc0e4f887\n[ 1825.351881] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff88814f578440\n[ 1825.351971] RBP: 0000000000000000 R08: 0000000000000000 R09: ffff88814f578447\n[ 1825.352060] R10: ffffed1029eaf088 R11: 0000000000000001 R12: ffff88814f578440\n[ 1825.352150] R13: ffff8882053f3a00 R14: 0000000000000000 R15: 0000000000000a20\n[ 1825.352240] FS: 00007f992261c900(0000) GS:ffff889faec00000(0000) knlGS:0000000000000000\n[ 1825.352343] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1825.352417] CR2: 000056070a4d1158 CR3: 000000015efe0000 CR4: 0000000000350ee0\n[ 1825.352508] Call Trace:\n[ 1825.352544] nf_ct_helper_ext_add+0x10/0x60 [nf_conntrack]\n[ 1825.352641] nft_ct_expect_obj_eval+0x1b8/0x1e0 [nft_ct]\n[ 1825.352716] nft_do_chain+0x232/0x850 [nf_tables]\n\nAdd the ct helper extension only for unconfirmed conntrack. Skip rule\nevaluation if the ct helper extension does not exist. Thus, you can\nonly create expectations from the first packet.\n\nIt should be possible to remove this limitation by adding a new action\nto attach a generic ct helper to the first packet. Then, use this ct\nhelper extension from follow up packets to create the ct expectation.\n\nWhile at it, add a missing check to skip the template conntrack too\nand remove check for IPCT_UNTRACK which is implicit to !ct.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47129 was patched at 2024-05-15

8855. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47130) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet: fix freeing unallocated p2pmem\n\nIn case p2p device was found but the p2p pool is empty, the nvme target\nis still trying to free the sgl from the p2p pool instead of the\nregular sgl pool and causing a crash (BUG() is called). Instead, assign\nthe p2p_dev for the request only if it was allocated from p2p pool.\n\nThis is the crash that was caused:\n\n[Sun May 30 19:13:53 2021] ------------[ cut here ]------------\n[Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518!\n[Sun May 30 19:13:53 2021] invalid opcode: 0000 [#1] SMP PTI\n...\n[Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518!\n...\n[Sun May 30 19:13:53 2021] RIP: 0010:gen_pool_free_owner+0xa8/0xb0\n...\n[Sun May 30 19:13:53 2021] Call Trace:\n[Sun May 30 19:13:53 2021] ------------[ cut here ]------------\n[Sun May 30 19:13:53 2021] pci_free_p2pmem+0x2b/0x70\n[Sun May 30 19:13:53 2021] pci_p2pmem_free_sgl+0x4f/0x80\n[Sun May 30 19:13:53 2021] nvmet_req_free_sgls+0x1e/0x80 [nvmet]\n[Sun May 30 19:13:53 2021] kernel BUG at lib/genalloc.c:518!\n[Sun May 30 19:13:53 2021] nvmet_rdma_release_rsp+0x4e/0x1f0 [nvmet_rdma]\n[Sun May 30 19:13:53 2021] nvmet_rdma_send_done+0x1c/0x60 [nvmet_rdma]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47130 was patched at 2024-05-15

8856. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47134) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nefi/fdt: fix panic when no valid fdt found\n\nsetup_arch() would invoke efi_init()->efi_get_fdt_params(). If no\nvalid fdt found then initial_boot_params will be null. So we\nshould stop further fdt processing here. I encountered this\nissue on risc-v.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47134 was patched at 2024-05-15

8857. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47136) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: zero-initialize tc skb extension on allocation\n\nFunction skb_ext_add() doesn't initialize created skb extension with any\nvalue and leaves it up to the user. However, since extension of type\nTC_SKB_EXT originally contained only single value tc_skb_ext->chain its\nusers used to just assign the chain value without setting whole extension\nmemory to zero first. This assumption changed when TC_SKB_EXT extension was\nextended with additional fields but not all users were updated to\ninitialize the new fields which leads to use of uninitialized memory\nafterwards. UBSAN log:\n\n[ 778.299821] UBSAN: invalid-load in net/openvswitch/flow.c:899:28\n[ 778.301495] load of value 107 is not a valid value for type '_Bool'\n[ 778.303215] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.12.0-rc7+ #2\n[ 778.304933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 778.307901] Call Trace:\n[ 778.308680] <IRQ>\n[ 778.309358] dump_stack+0xbb/0x107\n[ 778.310307] ubsan_epilogue+0x5/0x40\n[ 778.311167] __ubsan_handle_load_invalid_value.cold+0x43/0x48\n[ 778.312454] ? memset+0x20/0x40\n[ 778.313230] ovs_flow_key_extract.cold+0xf/0x14 [openvswitch]\n[ 778.314532] ovs_vport_receive+0x19e/0x2e0 [openvswitch]\n[ 778.315749] ? ovs_vport_find_upcall_portid+0x330/0x330 [openvswitch]\n[ 778.317188] ? create_prof_cpu_mask+0x20/0x20\n[ 778.318220] ? arch_stack_walk+0x82/0xf0\n[ 778.319153] ? secondary_startup_64_no_verify+0xb0/0xbb\n[ 778.320399] ? stack_trace_save+0x91/0xc0\n[ 778.321362] ? stack_trace_consume_entry+0x160/0x160\n[ 778.322517] ? lock_release+0x52e/0x760\n[ 778.323444] netdev_frame_hook+0x323/0x610 [openvswitch]\n[ 778.324668] ? ovs_netdev_get_vport+0xe0/0xe0 [openvswitch]\n[ 778.325950] __netif_receive_skb_core+0x771/0x2db0\n[ 778.327067] ? lock_downgrade+0x6e0/0x6f0\n[ 778.328021] ? lock_acquire+0x565/0x720\n[ 778.328940] ? generic_xdp_tx+0x4f0/0x4f0\n[ 778.329902] ? inet_gro_receive+0x2a7/0x10a0\n[ 778.330914] ? lock_downgrade+0x6f0/0x6f0\n[ 778.331867] ? udp4_gro_receive+0x4c4/0x13e0\n[ 778.332876] ? lock_release+0x52e/0x760\n[ 778.333808] ? dev_gro_receive+0xcc8/0x2380\n[ 778.334810] ? lock_downgrade+0x6f0/0x6f0\n[ 778.335769] __netif_receive_skb_list_core+0x295/0x820\n[ 778.336955] ? process_backlog+0x780/0x780\n[ 778.337941] ? mlx5e_rep_tc_netdevice_event_unregister+0x20/0x20 [mlx5_core]\n[ 778.339613] ? seqcount_lockdep_reader_access.constprop.0+0xa7/0xc0\n[ 778.341033] ? kvm_clock_get_cycles+0x14/0x20\n[ 778.342072] netif_receive_skb_list_internal+0x5f5/0xcb0\n[ 778.343288] ? __kasan_kmalloc+0x7a/0x90\n[ 778.344234] ? mlx5e_handle_rx_cqe_mpwrq+0x9e0/0x9e0 [mlx5_core]\n[ 778.345676] ? mlx5e_xmit_xdp_frame_mpwqe+0x14d0/0x14d0 [mlx5_core]\n[ 778.347140] ? __netif_receive_skb_list_core+0x820/0x820\n[ 778.348351] ? mlx5e_post_rx_mpwqes+0xa6/0x25d0 [mlx5_core]\n[ 778.349688] ? napi_gro_flush+0x26c/0x3c0\n[ 778.350641] napi_complete_done+0x188/0x6b0\n[ 778.351627] mlx5e_napi_poll+0x373/0x1b80 [mlx5_core]\n[ 778.352853] __napi_poll+0x9f/0x510\n[ 778.353704] ? mlx5_flow_namespace_set_mode+0x260/0x260 [mlx5_core]\n[ 778.355158] net_rx_action+0x34c/0xa40\n[ 778.356060] ? napi_threaded_poll+0x3d0/0x3d0\n[ 778.357083] ? sched_clock_cpu+0x18/0x190\n[ 778.358041] ? __common_interrupt+0x8e/0x1a0\n[ 778.359045] __do_softirq+0x1ce/0x984\n[ 778.359938] __irq_exit_rcu+0x137/0x1d0\n[ 778.360865] irq_exit_rcu+0xa/0x20\n[ 778.361708] common_interrupt+0x80/0xa0\n[ 778.362640] </IRQ>\n[ 778.363212] asm_common_interrupt+0x1e/0x40\n[ 778.364204] RIP: 0010:native_safe_halt+0xe/0x10\n[ 778.365273] Code: 4f ff ff ff 4c 89 e7 e8 50 3f 40 fe e9 dc fe ff ff 48 89 df e8 43 3f 40 fe eb 90 cc e9 07 00 00 00 0f 00 2d 74 05 62 00 fb f4 <c3> 90 e9 07 00 00 00 0f 00 2d 64 05 62 00 f4 c3 cc cc 0f 1f 44 00\n[ 778.369355] RSP: 0018:ffffffff84407e48 EFLAGS: 00000246\n[ 778.370570] RAX\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47136 was patched at 2024-05-15

8858. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47138) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncxgb4: avoid accessing registers when clearing filters\n\nHardware register having the server TID base can contain\ninvalid values when adapter is in bad state (for example,\ndue to AER fatal error). Reading these invalid values in the\nregister can lead to out-of-bound memory access. So, fix\nby using the saved server TID base when clearing filters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47138 was patched at 2024-05-15

8859. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47139) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: put off calling register_netdev() until client initialize complete\n\nCurrently, the netdevice is registered before client initializing\ncomplete. So there is a timewindow between netdevice available\nand usable. In this case, if user try to change the channel number\nor ring param, it may cause the hns3_set_rx_cpu_rmap() being called\ntwice, and report bug.\n\n[47199.416502] hns3 0000:35:00.0 eth1: set channels: tqp_num=1, rxfh=0\n[47199.430340] hns3 0000:35:00.0 eth1: already uninitialized\n[47199.438554] hns3 0000:35:00.0: rss changes from 4 to 1\n[47199.511854] hns3 0000:35:00.0: Channels changed, rss_size from 4 to 1, tqps from 4 to 1\n[47200.163524] ------------[ cut here ]------------\n[47200.171674] kernel BUG at lib/cpu_rmap.c:142!\n[47200.177847] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP\n[47200.185259] Modules linked in: hclge(+) hns3(-) hns3_cae(O) hns_roce_hw_v2 hnae3 vfio_iommu_type1 vfio_pci vfio_virqfd vfio pv680_mii(O) [last unloaded: hclge]\n[47200.205912] CPU: 1 PID: 8260 Comm: ethtool Tainted: G O 5.11.0-rc3+ #1\n[47200.215601] Hardware name: , xxxxxx 02/04/2021\n[47200.223052] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)\n[47200.230188] pc : cpu_rmap_add+0x38/0x40\n[47200.237472] lr : irq_cpu_rmap_add+0x84/0x140\n[47200.243291] sp : ffff800010e93a30\n[47200.247295] x29: ffff800010e93a30 x28: ffff082100584880\n[47200.254155] x27: 0000000000000000 x26: 0000000000000000\n[47200.260712] x25: 0000000000000000 x24: 0000000000000004\n[47200.267241] x23: ffff08209ba03000 x22: ffff08209ba038c0\n[47200.273789] x21: 000000000000003f x20: ffff0820e2bc1680\n[47200.280400] x19: ffff0820c970ec80 x18: 00000000000000c0\n[47200.286944] x17: 0000000000000000 x16: ffffb43debe4a0d0\n[47200.293456] x15: fffffc2082990600 x14: dead000000000122\n[47200.300059] x13: ffffffffffffffff x12: 000000000000003e\n[47200.306606] x11: ffff0820815b8080 x10: ffff53e411988000\n[47200.313171] x9 : 0000000000000000 x8 : ffff0820e2bc1700\n[47200.319682] x7 : 0000000000000000 x6 : 000000000000003f\n[47200.326170] x5 : 0000000000000040 x4 : ffff800010e93a20\n[47200.332656] x3 : 0000000000000004 x2 : ffff0820c970ec80\n[47200.339168] x1 : ffff0820e2bc1680 x0 : 0000000000000004\n[47200.346058] Call trace:\n[47200.349324] cpu_rmap_add+0x38/0x40\n[47200.354300] hns3_set_rx_cpu_rmap+0x6c/0xe0 [hns3]\n[47200.362294] hns3_reset_notify_init_enet+0x1cc/0x340 [hns3]\n[47200.370049] hns3_change_channels+0x40/0xb0 [hns3]\n[47200.376770] hns3_set_channels+0x12c/0x2a0 [hns3]\n[47200.383353] ethtool_set_channels+0x140/0x250\n[47200.389772] dev_ethtool+0x714/0x23d0\n[47200.394440] dev_ioctl+0x4cc/0x640\n[47200.399277] sock_do_ioctl+0x100/0x2a0\n[47200.404574] sock_ioctl+0x28c/0x470\n[47200.409079] __arm64_sys_ioctl+0xb4/0x100\n[47200.415217] el0_svc_common.constprop.0+0x84/0x210\n[47200.422088] do_el0_svc+0x28/0x34\n[47200.426387] el0_svc+0x28/0x70\n[47200.431308] el0_sync_handler+0x1a4/0x1b0\n[47200.436477] el0_sync+0x174/0x180\n[47200.441562] Code: 11000405 79000c45 f8247861 d65f03c0 (d4210000)\n[47200.448869] ---[ end trace a01efe4ce42e5f34 ]---\n\nThe process is like below:\nexcuting hns3_client_init\n|\nregister_netdev()\n| hns3_set_channels()\n| |\nhns3_set_rx_cpu_rmap() hns3_reset_notify_uninit_enet()\n| |\n| quit without calling function\n| hns3_free_rx_cpu_rmap for flag\n| HNS3_NIC_STATE_INITED is unset.\n| |\n| hns3_reset_notify_init_enet()\n| |\nset HNS3_NIC_STATE_INITED call hns3_set_rx_cpu_rmap()-- crash\n\nFix it by calling register_netdev() at the end of function\nhns3_client_init().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47139 was patched at 2024-05-15

8860. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47141) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Add NULL pointer checks when freeing irqs.\n\nWhen freeing notification blocks, we index priv->msix_vectors.\nIf we failed to allocate priv->msix_vectors (see abort_with_msix_vectors)\nthis could lead to a NULL pointer dereference if the driver is unloaded.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47141 was patched at 2024-05-15

8861. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47143) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: remove device from smcd_dev_list after failed device_add()\n\nIf the device_add() for a smcd_dev fails, there's no cleanup step that\nrolls back the earlier list_add(). The device subsequently gets freed,\nand we end up with a corrupted list.\n\nAdd some error handling that removes the device from the list.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47143 was patched at 2024-05-15

8862. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47144) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/amdgpu: fix refcount leak\n\n[Why]\nthe gem object rfb->base.obj[0] is get according to num_planes\nin amdgpufb_create, but is not put according to num_planes\n\n[How]\nput rfb->base.obj[0] in amdgpu_fbdev_destroy according to num_planes', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47144 was patched at 2024-05-15

8863. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47145) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not BUG_ON in link_to_fixup_dir\n\nWhile doing error injection testing I got the following panic\n\n kernel BUG at fs/btrfs/tree-log.c:1862!\n invalid opcode: 0000 [#1] SMP NOPTI\n CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ #305\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014\n RIP: 0010:link_to_fixup_dir+0xd5/0xe0\n RSP: 0018:ffffb5800180fa30 EFLAGS: 00010216\n RAX: fffffffffffffffb RBX: 00000000fffffffb RCX: ffff8f595287faf0\n RDX: ffffb5800180fa37 RSI: ffff8f5954978800 RDI: 0000000000000000\n RBP: ffff8f5953af9450 R08: 0000000000000019 R09: 0000000000000001\n R10: 000151f408682970 R11: 0000000120021001 R12: ffff8f5954978800\n R13: ffff8f595287faf0 R14: ffff8f5953c77dd0 R15: 0000000000000065\n FS: 00007fc5284c8c40(0000) GS:ffff8f59bbd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fc5287f47c0 CR3: 000000011275e002 CR4: 0000000000370ee0\n Call Trace:\n replay_one_buffer+0x409/0x470\n ? btree_read_extent_buffer_pages+0xd0/0x110\n walk_up_log_tree+0x157/0x1e0\n walk_log_tree+0xa6/0x1d0\n btrfs_recover_log_trees+0x1da/0x360\n ? replay_one_extent+0x7b0/0x7b0\n open_ctree+0x1486/0x1720\n btrfs_mount_root.cold+0x12/0xea\n ? __kmalloc_track_caller+0x12f/0x240\n legacy_get_tree+0x24/0x40\n vfs_get_tree+0x22/0xb0\n vfs_kern_mount.part.0+0x71/0xb0\n btrfs_mount+0x10d/0x380\n ? vfs_parse_fs_string+0x4d/0x90\n legacy_get_tree+0x24/0x40\n vfs_get_tree+0x22/0xb0\n path_mount+0x433/0xa10\n __x64_sys_mount+0xe3/0x120\n do_syscall_64+0x3d/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\nWe can get -EIO or any number of legitimate errors from\nbtrfs_search_slot(), panicing here is not the appropriate response. The\nerror path for this code handles errors properly, simply return the\nerror.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47145 was patched at 2024-05-15

8864. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47146) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmld: fix panic in mld_newpack()\n\nmld_newpack() doesn't allow to allocate high order page,\nonly order-0 allocation is allowed.\nIf headroom size is too large, a kernel panic could occur in skb_put().\n\nTest commands:\n ip netns del A\n ip netns del B\n ip netns add A\n ip netns add B\n ip link add veth0 type veth peer name veth1\n ip link set veth0 netns A\n ip link set veth1 netns B\n\n ip netns exec A ip link set lo up\n ip netns exec A ip link set veth0 up\n ip netns exec A ip -6 a a 2001:db8:0::1/64 dev veth0\n ip netns exec B ip link set lo up\n ip netns exec B ip link set veth1 up\n ip netns exec B ip -6 a a 2001:db8:0::2/64 dev veth1\n for i in {1..99}\n do\n let A=$i-1\n ip netns exec A ip link add ip6gre$i type ip6gre \\\n\tlocal 2001:db8:$A::1 remote 2001:db8:$A::2 encaplimit 100\n ip netns exec A ip -6 a a 2001:db8:$i::1/64 dev ip6gre$i\n ip netns exec A ip link set ip6gre$i up\n\n ip netns exec B ip link add ip6gre$i type ip6gre \\\n\tlocal 2001:db8:$A::2 remote 2001:db8:$A::1 encaplimit 100\n ip netns exec B ip -6 a a 2001:db8:$i::2/64 dev ip6gre$i\n ip netns exec B ip link set ip6gre$i up\n done\n\nSplat looks like:\nkernel BUG at net/core/skbuff.c:110!\ninvalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI\nCPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.12.0+ #891\nWorkqueue: ipv6_addrconf addrconf_dad_work\nRIP: 0010:skb_panic+0x15d/0x15f\nCode: 92 fe 4c 8b 4c 24 10 53 8b 4d 70 45 89 e0 48 c7 c7 00 ae 79 83\n41 57 41 56 41 55 48 8b 54 24 a6 26 f9 ff <0f> 0b 48 8b 6c 24 20 89\n34 24 e8 4a 4e 92 fe 8b 34 24 48 c7 c1 20\nRSP: 0018:ffff88810091f820 EFLAGS: 00010282\nRAX: 0000000000000089 RBX: ffff8881086e9000 RCX: 0000000000000000\nRDX: 0000000000000089 RSI: 0000000000000008 RDI: ffffed1020123efb\nRBP: ffff888005f6eac0 R08: ffffed1022fc0031 R09: ffffed1022fc0031\nR10: ffff888117e00187 R11: ffffed1022fc0030 R12: 0000000000000028\nR13: ffff888008284eb0 R14: 0000000000000ed8 R15: 0000000000000ec0\nFS: 0000000000000000(0000) GS:ffff888117c00000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f8b801c5640 CR3: 0000000033c2c006 CR4: 00000000003706f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600\n ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600\n skb_put.cold.104+0x22/0x22\n ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600\n ? rcu_read_lock_sched_held+0x91/0xc0\n mld_newpack+0x398/0x8f0\n ? ip6_mc_hdr.isra.26.constprop.46+0x600/0x600\n ? lock_contended+0xc40/0xc40\n add_grhead.isra.33+0x280/0x380\n add_grec+0x5ca/0xff0\n ? mld_sendpack+0xf40/0xf40\n ? lock_downgrade+0x690/0x690\n mld_send_initial_cr.part.34+0xb9/0x180\n ipv6_mc_dad_complete+0x15d/0x1b0\n addrconf_dad_completed+0x8d2/0xbb0\n ? lock_downgrade+0x690/0x690\n ? addrconf_rs_timer+0x660/0x660\n ? addrconf_dad_work+0x73c/0x10e0\n addrconf_dad_work+0x73c/0x10e0\n\nAllowing high order page allocation could fix this problem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47146 was patched at 2024-05-15

8865. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47147) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nptp: ocp: Fix a resource leak in an error handling path\n\nIf an error occurs after a successful 'pci_ioremap_bar()' call, it must be\nundone by a corresponding 'pci_iounmap()' call, as already done in the\nremove function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47147 was patched at 2024-05-15

8866. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47149) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fujitsu: fix potential null-ptr-deref\n\nIn fmvj18x_get_hwinfo(), if ioremap fails there will be NULL pointer\nderef. To fix this, check the return value of ioremap and return -1\nto the caller in case of failure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47149 was patched at 2024-05-15

8867. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47151) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: qcom: bcm-voter: add a missing of_node_put()\n\nAdd a missing of_node_put() in of_bcm_voter_get() to avoid the\nreference leak.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47151 was patched at 2024-05-15

8868. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47152) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix data stream corruption\n\nMaxim reported several issues when forcing a TCP transparent proxy\nto use the MPTCP protocol for the inbound connections. He also\nprovided a clean reproducer.\n\nThe problem boils down to 'mptcp_frag_can_collapse_to()' assuming\nthat only MPTCP will use the given page_frag.\n\nIf others - e.g. the plain TCP protocol - allocate page fragments,\nwe can end-up re-using already allocated memory for mptcp_data_frag.\n\nFix the issue ensuring that the to-be-expanded data fragment is\nlocated at the current page frag end.\n\nv1 -> v2:\n - added missing fixes tag (Mat)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47152 was patched at 2024-05-15

8869. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47153) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: i801: Don't generate an interrupt on bus reset\n\nNow that the i2c-i801 driver supports interrupts, setting the KILL bit\nin a attempt to recover from a timed out transaction triggers an\ninterrupt. Unfortunately, the interrupt handler (i801_isr) is not\nprepared for this situation and will try to process the interrupt as\nif it was signaling the end of a successful transaction. In the case\nof a block transaction, this can result in an out-of-range memory\naccess.\n\nThis condition was reproduced several times by syzbot:\nhttps://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e\nhttps://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e\nhttps://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e\nhttps://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb\nhttps://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a\nhttps://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79\n\nSo disable interrupts while trying to reset the bus. Interrupts will\nbe enabled again for the following transaction.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2021-47153 was patched at 2024-06-05

debian: CVE-2021-47153 was patched at 2024-05-15

oraclelinux: CVE-2021-47153 was patched at 2024-06-05

redhat: CVE-2021-47153 was patched at 2024-06-05

8870. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47158) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: sja1105: add error handling in sja1105_setup()\n\nIf any of sja1105_static_config_load(), sja1105_clocking_setup() or\nsja1105_devlink_setup() fails, we can't just return in the middle of\nsja1105_setup() or memory will leak. Add a cleanup path.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47158 was patched at 2024-05-15

8871. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47159) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: fix a crash if ->get_sset_count() fails\n\nIf ds->ops->get_sset_count() fails then it "count" is a negative error\ncode such as -EOPNOTSUPP. Because "i" is an unsigned int, the negative\nerror code is type promoted to a very high value and the loop will\ncorrupt memory until the system crashes.\n\nFix this by checking for error codes and changing the type of "i" to\njust int.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47159 was patched at 2024-05-15

8872. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47160) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: dsa: mt7530: fix VLAN traffic leaks\n\nPCR_MATRIX field was set to all 1's when VLAN filtering is enabled, but\nwas not reset when it is disabled, which may cause traffic leaks:\n\n\tip link add br0 type bridge vlan_filtering 1\n\tip link add br1 type bridge vlan_filtering 1\n\tip link set swp0 master br0\n\tip link set swp1 master br1\n\tip link set br0 type bridge vlan_filtering 0\n\tip link set br1 type bridge vlan_filtering 0\n\t# traffic in br0 and br1 will start leaking to each other\n\nAs port_bridge_{add,del} have set up PCR_MATRIX properly, remove the\nPCR_MATRIX write from mt7530_port_set_vlan_aware.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47160 was patched at 2024-05-15

8873. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47161) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-fsl-dspi: Fix a resource leak in an error handling path\n\n'dspi_request_dma()' should be undone by a 'dspi_release_dma()' call in the\nerror handling path of the probe function, as already done in the remove\nfunction', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47161 was patched at 2024-05-15

8874. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47162) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: skb_linearize the head skb when reassembling msgs\n\nIt's not a good idea to append the frag skb to a skb's frag_list if\nthe frag_list already has skbs from elsewhere, such as this skb was\ncreated by pskb_copy() where the frag_list was cloned (all the skbs\nin it were skb_get'ed) and shared by multiple skbs.\n\nHowever, the new appended frag skb should have been only seen by the\ncurrent skb. Otherwise, it will cause use after free crashes as this\nappended frag skb are seen by multiple skbs but it only got skb_get\ncalled once.\n\nThe same thing happens with a skb updated by pskb_may_pull() with a\nskb_cloned skb. Li Shuang has reported quite a few crashes caused\nby this when doing testing over macvlan devices:\n\n [] kernel BUG at net/core/skbuff.c:1970!\n [] Call Trace:\n [] skb_clone+0x4d/0xb0\n [] macvlan_broadcast+0xd8/0x160 [macvlan]\n [] macvlan_process_broadcast+0x148/0x150 [macvlan]\n [] process_one_work+0x1a7/0x360\n [] worker_thread+0x30/0x390\n\n [] kernel BUG at mm/usercopy.c:102!\n [] Call Trace:\n [] __check_heap_object+0xd3/0x100\n [] __check_object_size+0xff/0x16b\n [] simple_copy_to_iter+0x1c/0x30\n [] __skb_datagram_iter+0x7d/0x310\n [] __skb_datagram_iter+0x2a5/0x310\n [] skb_copy_datagram_iter+0x3b/0x90\n [] tipc_recvmsg+0x14a/0x3a0 [tipc]\n [] ____sys_recvmsg+0x91/0x150\n [] ___sys_recvmsg+0x7b/0xc0\n\n [] kernel BUG at mm/slub.c:305!\n [] Call Trace:\n [] <IRQ>\n [] kmem_cache_free+0x3ff/0x400\n [] __netif_receive_skb_core+0x12c/0xc40\n [] ? kmem_cache_alloc+0x12e/0x270\n [] netif_receive_skb_internal+0x3d/0xb0\n [] ? get_rx_page_info+0x8e/0xa0 [be2net]\n [] be_poll+0x6ef/0xd00 [be2net]\n [] ? irq_exit+0x4f/0x100\n [] net_rx_action+0x149/0x3b0\n\n ...\n\nThis patch is to fix it by linearizing the head skb if it has frag_list\nset in tipc_buf_append(). Note that we choose to do this before calling\nskb_unshare(), as __skb_linearize() will avoid skb_copy(). Also, we can\nnot just drop the frag_list either as the early time.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47162 was patched at 2024-05-15

8875. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47163) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: wait and exit until all work queues are done\n\nOn some host, a crash could be triggered simply by repeating these\ncommands several times:\n\n # modprobe tipc\n # tipc bearer enable media udp name UDP1 localip 127.0.0.1\n # rmmod tipc\n\n [] BUG: unable to handle kernel paging request at ffffffffc096bb00\n [] Workqueue: events 0xffffffffc096bb00\n [] Call Trace:\n [] ? process_one_work+0x1a7/0x360\n [] ? worker_thread+0x30/0x390\n [] ? create_worker+0x1a0/0x1a0\n [] ? kthread+0x116/0x130\n [] ? kthread_flush_work_fn+0x10/0x10\n [] ? ret_from_fork+0x35/0x40\n\nWhen removing the TIPC module, the UDP tunnel sock will be delayed to\nrelease in a work queue as sock_release() can't be done in rtnl_lock().\nIf the work queue is schedule to run after the TIPC module is removed,\nkernel will crash as the work queue function cleanup_beareri() code no\nlonger exists when trying to invoke it.\n\nTo fix it, this patch introduce a member wq_count in tipc_net to track\nthe numbers of work queues in schedule, and wait and exit until all\nwork queues are done in tipc_exit_net().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47163 was patched at 2024-05-15

8876. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47165) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/meson: fix shutdown crash when component not probed\n\nWhen main component is not probed, by example when the dw-hdmi module is\nnot loaded yet or in probe defer, the following crash appears on shutdown:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000038\n...\npc : meson_drv_shutdown+0x24/0x50\nlr : platform_drv_shutdown+0x20/0x30\n...\nCall trace:\nmeson_drv_shutdown+0x24/0x50\nplatform_drv_shutdown+0x20/0x30\ndevice_shutdown+0x158/0x360\nkernel_restart_prepare+0x38/0x48\nkernel_restart+0x18/0x68\n__do_sys_reboot+0x224/0x250\n__arm64_sys_reboot+0x24/0x30\n...\n\nSimply check if the priv struct has been allocated before using it.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47165 was patched at 2024-05-15

8877. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47166) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()\n\nThe value of mirror->pg_bytes_written should only be updated after a\nsuccessful attempt to flush out the requests on the list.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47166 was patched at 2024-05-15

8878. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47167) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Fix an Oopsable condition in __nfs_pageio_add_request()\n\nEnsure that nfs_pageio_error_cleanup() resets the mirror array contents,\nso that the structure reflects the fact that it is now empty.\nAlso change the test in nfs_pageio_do_add_request() to be more robust by\nchecking whether or not the list is empty rather than relying on the\nvalue of pg_count.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47167 was patched at 2024-05-15

8879. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47169) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'\n\nIn 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls\n'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the\nfirmware don't exists, function just return without initializing ports\nof 'rp2_card'. But now the interrupt handler function has been\nregistered, and when an interrupt comes, 'rp2_uart_interrupt' may access\nthose ports then causing NULL pointer dereference or other bugs.\n\nBecause the driver does some initialization work in 'rp2_fw_cb', in\norder to make the driver ready to handle interrupts, 'request_firmware'\nshould be used instead of asynchronous 'request_firmware_nowait'.\n\nThis report reveals it:\n\nINFO: trying to register non-static key.\nthe code is fine but needs lockdep annotation.\nturning off the locking correctness validator.\nCPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-\ngc9ba5276e321-prebuilt.qemu.org 04/01/2014\nCall Trace:\n <IRQ>\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0xec/0x156 lib/dump_stack.c:118\n assign_lock_key kernel/locking/lockdep.c:727 [inline]\n register_lock_class+0x14e5/0x1ba0 kernel/locking/lockdep.c:753\n __lock_acquire+0x187/0x3750 kernel/locking/lockdep.c:3303\n lock_acquire+0x124/0x340 kernel/locking/lockdep.c:3907\n __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline]\n _raw_spin_lock+0x32/0x50 kernel/locking/spinlock.c:144\n spin_lock include/linux/spinlock.h:329 [inline]\n rp2_ch_interrupt drivers/tty/serial/rp2.c:466 [inline]\n rp2_asic_interrupt.isra.9+0x15d/0x990 drivers/tty/serial/rp2.c:493\n rp2_uart_interrupt+0x49/0xe0 drivers/tty/serial/rp2.c:504\n __handle_irq_event_percpu+0xfb/0x770 kernel/irq/handle.c:149\n handle_irq_event_percpu+0x79/0x150 kernel/irq/handle.c:189\n handle_irq_event+0xac/0x140 kernel/irq/handle.c:206\n handle_fasteoi_irq+0x232/0x5c0 kernel/irq/chip.c:725\n generic_handle_irq_desc include/linux/irqdesc.h:155 [inline]\n handle_irq+0x230/0x3a0 arch/x86/kernel/irq_64.c:87\n do_IRQ+0xa7/0x1e0 arch/x86/kernel/irq.c:247\n common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670\n </IRQ>\nRIP: 0010:native_safe_halt+0x28/0x30 arch/x86/include/asm/irqflags.h:61\nCode: 00 00 55 be 04 00 00 00 48 c7 c7 00 c2 2f 8c 48 89 e5 e8 fb 31 e7 f8\n8b 05 75 af 8d 03 85 c0 7e 07 0f 00 2d 8a 61 65 00 fb f4 <5d> c3 90 90 90\n90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41\nRSP: 0018:ffff88806b71fcc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde\nRAX: 0000000000000000 RBX: ffffffff8bde7e48 RCX: ffffffff88a21285\nRDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8c2fc200\nRBP: ffff88806b71fcc8 R08: fffffbfff185f840 R09: fffffbfff185f840\nR10: 0000000000000001 R11: fffffbfff185f840 R12: 0000000000000002\nR13: ffffffff8bea18a0 R14: 0000000000000000 R15: 0000000000000000\n arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline]\n default_idle+0x6f/0x360 arch/x86/kernel/process.c:557\n arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:548\n default_idle_call+0x3b/0x60 kernel/sched/idle.c:93\n cpuidle_idle_call kernel/sched/idle.c:153 [inline]\n do_idle+0x2ab/0x3c0 kernel/sched/idle.c:263\n cpu_startup_entry+0xcb/0xe0 kernel/sched/idle.c:369\n start_secondary+0x3b8/0x4e0 arch/x86/kernel/smpboot.c:271\n secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243\nBUG: unable to handle kernel NULL pointer dereference at 0000000000000010\nPGD 8000000056d27067 P4D 8000000056d27067 PUD 56d28067 PMD 0\nOops: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-\ngc9ba5276e321-prebuilt.qemu.org 04/01/2014\nRIP: 0010:readl arch/x86/include/asm/io.h:59 [inline]\nRIP: 0010:rp2_ch_interrupt drivers/tty/serial/rp2.c:472 [inline]\nRIP: 0010:rp2_asic_interrupt.isra.9+0x181/0x990 drivers/tty/serial/rp2.c:\n493\nCo\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47169 was patched at 2024-05-15

8880. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47170) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: usbfs: Don't WARN about excessively large memory allocations\n\nSyzbot found that the kernel generates a WARNing if the user tries to\nsubmit a bulk transfer through usbfs with a buffer that is way too\nlarge. This isn't a bug in the kernel; it's merely an invalid request\nfrom the user and the usbfs code does handle it correctly.\n\nIn theory the same thing can happen with async transfers, or with the\npacket descriptor table for isochronous transfers.\n\nTo prevent the MM subsystem from complaining about these bad\nallocation requests, add the __GFP_NOWARN flag to the kmalloc calls\nfor these buffers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47170 was patched at 2024-05-15

8881. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47172) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7124: Fix potential overflow due to non sequential channel numbers\n\nChannel numbering must start at 0 and then not have any holes, or\nit is possible to overflow the available storage. Note this bug was\nintroduced as part of a fix to ensure we didn't rely on the ordering\nof child nodes. So we need to support arbitrary ordering but they all\nneed to be there somewhere.\n\nNote I hit this when using qemu to test the rest of this series.\nArguably this isn't the best fix, but it is probably the most minimal\noption for backporting etc.\n\nAlexandru's sign-off is here because he carried this patch in a larger\nset that Jonathan then applied.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47172 was patched at 2024-05-15

8882. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47174) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version\n\nArturo reported this backtrace:\n\n[709732.358791] WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernel_fpu_begin_mask+0xae/0xe0\n[709732.358793] Modules linked in: binfmt_misc nft_nat nft_chain_nat nf_nat nft_counter nft_ct nf_tables nf_conntrack_netlink nfnetlink 8021q garp stp mrp llc vrf intel_rapl_msr intel_rapl_common skx_edac nfit libnvdimm ipmi_ssif x86_pkg_temp_thermal intel_powerclamp coretemp crc32_pclmul mgag200 ghash_clmulni_intel drm_kms_helper cec aesni_intel drm libaes crypto_simd cryptd glue_helper mei_me dell_smbios iTCO_wdt evdev intel_pmc_bxt iTCO_vendor_support dcdbas pcspkr rapl dell_wmi_descriptor wmi_bmof sg i2c_algo_bit watchdog mei acpi_ipmi ipmi_si button nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ipmi_devintf ipmi_msghandler ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 dm_mod raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor sd_mod t10_pi crc_t10dif crct10dif_generic raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod ahci libahci tg3 libata xhci_pci libphy xhci_hcd ptp usbcore crct10dif_pclmul crct10dif_common bnxt_en crc32c_intel scsi_mod\n[709732.358941] pps_core i2c_i801 lpc_ich i2c_smbus wmi usb_common\n[709732.358957] CPU: 3 PID: 456 Comm: jbd2/dm-0-8 Not tainted 5.10.0-0.bpo.5-amd64 #1 Debian 5.10.24-1~bpo10+1\n[709732.358959] Hardware name: Dell Inc. PowerEdge R440/04JN2K, BIOS 2.9.3 09/23/2020\n[709732.358964] RIP: 0010:kernel_fpu_begin_mask+0xae/0xe0\n[709732.358969] Code: ae 54 24 04 83 e3 01 75 38 48 8b 44 24 08 65 48 33 04 25 28 00 00 00 75 33 48 83 c4 10 5b c3 65 8a 05 5e 21 5e 76 84 c0 74 92 <0f> 0b eb 8e f0 80 4f 01 40 48 81 c7 00 14 00 00 e8 dd fb ff ff eb\n[709732.358972] RSP: 0018:ffffbb9700304740 EFLAGS: 00010202\n[709732.358976] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000000001\n[709732.358979] RDX: ffffbb9700304970 RSI: ffff922fe1952e00 RDI: 0000000000000003\n[709732.358981] RBP: ffffbb9700304970 R08: ffff922fc868a600 R09: ffff922fc711e462\n[709732.358984] R10: 000000000000005f R11: ffff922ff0b27180 R12: ffffbb9700304960\n[709732.358987] R13: ffffbb9700304b08 R14: ffff922fc664b6c8 R15: ffff922fc664b660\n[709732.358990] FS: 0000000000000000(0000) GS:ffff92371fec0000(0000) knlGS:0000000000000000\n[709732.358993] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[709732.358996] CR2: 0000557a6655bdd0 CR3: 000000026020a001 CR4: 00000000007706e0\n[709732.358999] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[709732.359001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[709732.359003] PKRU: 55555554\n[709732.359005] Call Trace:\n[709732.359009] <IRQ>\n[709732.359035] nft_pipapo_avx2_lookup+0x4c/0x1cba [nf_tables]\n[709732.359046] ? sched_clock+0x5/0x10\n[709732.359054] ? sched_clock_cpu+0xc/0xb0\n[709732.359061] ? record_times+0x16/0x80\n[709732.359068] ? plist_add+0xc1/0x100\n[709732.359073] ? psi_group_change+0x47/0x230\n[709732.359079] ? skb_clone+0x4d/0xb0\n[709732.359085] ? enqueue_task_rt+0x22b/0x310\n[709732.359098] ? bnxt_start_xmit+0x1e8/0xaf0 [bnxt_en]\n[709732.359102] ? packet_rcv+0x40/0x4a0\n[709732.359121] nft_lookup_eval+0x59/0x160 [nf_tables]\n[709732.359133] nft_do_chain+0x350/0x500 [nf_tables]\n[709732.359152] ? nft_lookup_eval+0x59/0x160 [nf_tables]\n[709732.359163] ? nft_do_chain+0x364/0x500 [nf_tables]\n[709732.359172] ? fib4_rule_action+0x6d/0x80\n[709732.359178] ? fib_rules_lookup+0x107/0x250\n[709732.359184] nft_nat_do_chain+0x8a/0xf2 [nft_chain_nat]\n[709732.359193] nf_nat_inet_fn+0xea/0x210 [nf_nat]\n[709732.359202] nf_nat_ipv4_out+0x14/0xa0 [nf_nat]\n[709732.359207] nf_hook_slow+0x44/0xc0\n[709732.359214] ip_output+0xd2/0x100\n[709732.359221] ? __ip_finish_output+0x210/0x210\n[709732.359226] ip_forward+0x37d/0x4a0\n[709732.359232] ? ip4_key_hashfn+0xb0/0xb0\n[709732.359238] ip_subli\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47174 was patched at 2024-05-15

8883. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47175) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fq_pie: fix OOB access in the traffic path\n\nthe following script:\n\n # tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2\n # tc qdisc add dev eth0 clsact\n # tc filter add dev eth0 egress matchall action skbedit priority 0x10002\n # ping 192.0.2.2 -I eth0 -c2 -w1 -q\n\nproduces the following splat:\n\n BUG: KASAN: slab-out-of-bounds in fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie]\n Read of size 4 at addr ffff888171306924 by task ping/942\n\n CPU: 3 PID: 942 Comm: ping Not tainted 5.12.0+ #441\n Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014\n Call Trace:\n dump_stack+0x92/0xc1\n print_address_description.constprop.7+0x1a/0x150\n kasan_report.cold.13+0x7f/0x111\n fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie]\n __dev_queue_xmit+0x1034/0x2b10\n ip_finish_output2+0xc62/0x2120\n __ip_finish_output+0x553/0xea0\n ip_output+0x1ca/0x4d0\n ip_send_skb+0x37/0xa0\n raw_sendmsg+0x1c4b/0x2d00\n sock_sendmsg+0xdb/0x110\n __sys_sendto+0x1d7/0x2b0\n __x64_sys_sendto+0xdd/0x1b0\n do_syscall_64+0x3c/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n RIP: 0033:0x7fe69735c3eb\n Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 75 42 2c 00 41 89 ca 8b 00 85 c0 75 14 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 75 c3 0f 1f 40 00 41 57 4d 89 c7 41 56 41 89\n RSP: 002b:00007fff06d7fb38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c\n RAX: ffffffffffffffda RBX: 000055e961413700 RCX: 00007fe69735c3eb\n RDX: 0000000000000040 RSI: 000055e961413700 RDI: 0000000000000003\n RBP: 0000000000000040 R08: 000055e961410500 R09: 0000000000000010\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff06d81260\n R13: 00007fff06d7fb40 R14: 00007fff06d7fc30 R15: 000055e96140f0a0\n\n Allocated by task 917:\n kasan_save_stack+0x19/0x40\n __kasan_kmalloc+0x7f/0xa0\n __kmalloc_node+0x139/0x280\n fq_pie_init+0x555/0x8e8 [sch_fq_pie]\n qdisc_create+0x407/0x11b0\n tc_modify_qdisc+0x3c2/0x17e0\n rtnetlink_rcv_msg+0x346/0x8e0\n netlink_rcv_skb+0x120/0x380\n netlink_unicast+0x439/0x630\n netlink_sendmsg+0x719/0xbf0\n sock_sendmsg+0xe2/0x110\n ____sys_sendmsg+0x5ba/0x890\n ___sys_sendmsg+0xe9/0x160\n __sys_sendmsg+0xd3/0x170\n do_syscall_64+0x3c/0x80\n entry_SYSCALL_64_after_hwframe+0x44/0xae\n\n The buggy address belongs to the object at ffff888171306800\n which belongs to the cache kmalloc-256 of size 256\n The buggy address is located 36 bytes to the right of\n 256-byte region [ffff888171306800, ffff888171306900)\n The buggy address belongs to the page:\n page:00000000bcfb624e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x171306\n head:00000000bcfb624e order:1 compound_mapcount:0\n flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff)\n raw: 0017ffffc0010200 dead000000000100 dead000000000122 ffff888100042b40\n raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff888171306800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n ffff888171306880: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc\n >ffff888171306900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ^\n ffff888171306980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n ffff888171306a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n\nfix fq_pie traffic path to avoid selecting 'q->flows + q->flows_cnt' as a\nvalid flow: it's an address beyond the allocated memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47175 was patched at 2024-05-15

8884. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47176) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: add missing discipline function\n\nFix crash with illegal operation exception in dasd_device_tasklet.\nCommit b72949328869 ("s390/dasd: Prepare for additional path event handling")\nrenamed the verify_path function for ECKD but not for FBA and DIAG.\nThis leads to a panic when the path verification function is called for a\nFBA or DIAG device.\n\nFix by defining a wrapper function for dasd_generic_verify_path().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47176 was patched at 2024-05-15

8885. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47177) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix sysfs leak in alloc_iommu()\n\niommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent\nerrors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47177 was patched at 2024-05-15

8886. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47178) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Avoid smp_processor_id() in preemptible code\n\nThe BUG message "BUG: using smp_processor_id() in preemptible [00000000]\ncode" was observed for TCMU devices with kernel config DEBUG_PREEMPT.\n\nThe message was observed when blktests block/005 was run on TCMU devices\nwith fileio backend or user:zbc backend [1]. The commit 1130b499b4a7\n("scsi: target: tcm_loop: Use LIO wq cmd submission helper") triggered the\nsymptom. The commit modified work queue to handle commands and changed\n'current->nr_cpu_allowed' at smp_processor_id() call.\n\nThe message was also observed at system shutdown when TCMU devices were not\ncleaned up [2]. The function smp_processor_id() was called in SCSI host\nwork queue for abort handling, and triggered the BUG message. This symptom\nwas observed regardless of the commit 1130b499b4a7 ("scsi: target:\ntcm_loop: Use LIO wq cmd submission helper").\n\nTo avoid the preemptible code check at smp_processor_id(), get CPU ID with\nraw_smp_processor_id() instead. The CPU ID is used for performance\nimprovement then thread move to other CPU will not affect the code.\n\n[1]\n\n[ 56.468103] run blktests block/005 at 2021-05-12 14:16:38\n[ 57.369473] check_preemption_disabled: 85 callbacks suppressed\n[ 57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511\n[ 57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510\n[ 57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506\n[ 57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34\n[ 57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[ 57.369617] Call Trace:\n[ 57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507\n[ 57.369628] dump_stack+0x6d/0x89\n[ 57.369642] check_preemption_disabled+0xc8/0xd0\n[ 57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod]\n[ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod]\n[ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod]\n[ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop]\n[ 57.369744] scsi_queue_rq+0x38e/0xc40\n[ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0\n[ 57.369779] blk_mq_try_issue_directly+0x43/0x90\n[ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0\n[ 57.369812] submit_bio_noacct+0x46e/0x4e0\n[ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2d0\n[ 57.369859] ? set_init_blocksize.isra.0+0x60/0x60\n[ 57.369880] generic_file_read_iter+0x89/0x160\n[ 57.369898] blkdev_read_iter+0x44/0x60\n[ 57.369906] new_sync_read+0x102/0x170\n[ 57.369929] vfs_read+0xd4/0x160\n[ 57.369941] __x64_sys_pread64+0x6e/0xa0\n[ 57.369946] ? lockdep_hardirqs_on+0x79/0x100\n[ 57.369958] do_syscall_64+0x3a/0x70\n[ 57.369965] entry_SYSCALL_64_after_hwframe+0x44/0xae\n[ 57.369973] RIP: 0033:0x7f7ed4c1399f\n[ 57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b\n[ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011\n[ 57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f\n[ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009\n[ 57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001\n[ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70\n[ 57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568\n[ 57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34\n[ 57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018\n[ 57.370039] Call Trace:\n[ 57.370045] dump_stack+0x6d/0x89\n[ 57.370056] ch\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47178 was patched at 2024-05-15

8887. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47181) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: musb: tusb6010: check return value after calling platform_get_resource()\n\nIt will cause null-ptr-deref if platform_get_resource() returns NULL,\nwe need check the return value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47181 was patched at 2024-05-15

8888. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47182) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix scsi_mode_sense() buffer length handling\n\nSeveral problems exist with scsi_mode_sense() buffer length handling:\n\n 1) The allocation length field of the MODE SENSE(10) command is 16-bits,\n occupying bytes 7 and 8 of the CDB. With this command, access to mode\n pages larger than 255 bytes is thus possible. However, the CDB\n allocation length field is set by assigning len to byte 8 only, thus\n truncating buffer length larger than 255.\n\n 2) If scsi_mode_sense() is called with len smaller than 8 with\n sdev->use_10_for_ms set, or smaller than 4 otherwise, the buffer length\n is increased to 8 and 4 respectively, and the buffer is zero filled\n with these increased values, thus corrupting the memory following the\n buffer.\n\nFix these 2 problems by using put_unaligned_be16() to set the allocation\nlength field of MODE SENSE(10) CDB and by returning an error when len is\ntoo small.\n\nFurthermore, if len is larger than 255B, always try MODE SENSE(10) first,\neven if the device driver did not set sdev->use_10_for_ms. In case of\ninvalid opcode error for MODE SENSE(10), access to mode pages larger than\n255 bytes are not retried using MODE SENSE(6). To avoid buffer length\noverflows for the MODE_SENSE(10) case, check that len is smaller than 65535\nbytes.\n\nWhile at it, also fix the folowing:\n\n * Use get_unaligned_be16() to retrieve the mode data length and block\n descriptor length fields of the mode sense reply header instead of using\n an open coded calculation.\n\n * Fix the kdoc dbd argument explanation: the DBD bit stands for Disable\n Block Descriptor, which is the opposite of what the dbd argument\n description was.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47182 was patched at 2024-05-15

8889. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47183) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix link down processing to address NULL pointer dereference\n\nIf an FC link down transition while PLOGIs are outstanding to fabric well\nknown addresses, outstanding ABTS requests may result in a NULL pointer\ndereference. Driver unload requests may hang with repeated "2878" log\nmessages.\n\nThe Link down processing results in ABTS requests for outstanding ELS\nrequests. The Abort WQEs are sent for the ELSs before the driver had set\nthe link state to down. Thus the driver is sending the Abort with the\nexpectation that an ABTS will be sent on the wire. The Abort request is\nstalled waiting for the link to come up. In some conditions the driver may\nauto-complete the ELSs thus if the link does come up, the Abort completions\nmay reference an invalid structure.\n\nFix by ensuring that Abort set the flag to avoid link traffic if issued due\nto conditions where the link failed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47183 was patched at 2024-05-15

8890. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47184) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Fix NULL ptr dereference on VSI filter sync\n\nRemove the reason of null pointer dereference in sync VSI filters.\nAdded new I40E_VSI_RELEASING flag to signalize deleting and releasing\nof VSI resources to sync this thread with sync filters subtask.\nWithout this patch it is possible to start update the VSI filter list\nafter VSI is removed, that's causing a kernel oops.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47184 was patched at 2024-05-15

8891. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47185) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntty: tty_buffer: Fix the softlockup issue in flush_to_ldisc\n\nWhen running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup,\nwhich look like this one:\n\n Workqueue: events_unbound flush_to_ldisc\n Call trace:\n dump_backtrace+0x0/0x1ec\n show_stack+0x24/0x30\n dump_stack+0xd0/0x128\n panic+0x15c/0x374\n watchdog_timer_fn+0x2b8/0x304\n __run_hrtimer+0x88/0x2c0\n __hrtimer_run_queues+0xa4/0x120\n hrtimer_interrupt+0xfc/0x270\n arch_timer_handler_phys+0x40/0x50\n handle_percpu_devid_irq+0x94/0x220\n __handle_domain_irq+0x88/0xf0\n gic_handle_irq+0x84/0xfc\n el1_irq+0xc8/0x180\n slip_unesc+0x80/0x214 [slip]\n tty_ldisc_receive_buf+0x64/0x80\n tty_port_default_receive_buf+0x50/0x90\n flush_to_ldisc+0xbc/0x110\n process_one_work+0x1d4/0x4b0\n worker_thread+0x180/0x430\n kthread+0x11c/0x120\n\nIn the testcase pty04, The first process call the write syscall to send\ndata to the pty master. At the same time, the workqueue will do the\nflush_to_ldisc to pop data in a loop until there is no more data left.\nWhen the sender and workqueue running in different core, the sender sends\ndata fastly in full time which will result in workqueue doing work in loop\nfor a long time and occuring softlockup in flush_to_ldisc with kernel\nconfigured without preempt. So I add need_resched check and cond_resched\nin the flush_to_ldisc loop to avoid it.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2021-47185 was patched at 2024-06-05

debian: CVE-2021-47185 was patched at 2024-05-15

oraclelinux: CVE-2021-47185 was patched at 2024-06-05

redhat: CVE-2021-47185 was patched at 2024-06-05

8892. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47186) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: check for null after calling kmemdup\n\nkmemdup can return a null pointer so need to check for it, otherwise\nthe null key will be dereferenced later in tipc_crypto_key_xmit as\ncan be seen in the trace [1].\n\n\n[1] https://syzkaller.appspot.com/bug?id=bca180abb29567b189efdbdb34cbf7ba851c2a58', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47186 was patched at 2024-05-15

8893. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47187) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency\n\nThe entry/exit latency and minimum residency in state for the idle\nstates of MSM8998 were ..bad: first of all, for all of them the\ntimings were written for CPU sleep but the min-residency-us param\nwas miscalculated (supposedly, while porting this from downstream);\nThen, the power collapse states are setting PC on both the CPU\ncluster *and* the L2 cache, which have different timings: in the\nspecific case of L2 the times are higher so these ones should be\ntaken into account instead of the CPU ones.\n\nThis parameter misconfiguration was not giving particular issues\nbecause on MSM8998 there was no CPU scaling at all, so cluster/L2\npower collapse was rarely (if ever) hit.\nWhen CPU scaling is enabled, though, the wrong timings will produce\nSoC unstability shown to the user as random, apparently error-less,\nsudden reboots and/or lockups.\n\nThis set of parameters are stabilizing the SoC when CPU scaling is\nON and when power collapse is frequently hit.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47187 was patched at 2024-05-15

8894. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47188) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Improve SCSI abort handling\n\nThe following has been observed on a test setup:\n\nWARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecommand+0x468/0x65c\nCall trace:\n ufshcd_queuecommand+0x468/0x65c\n scsi_send_eh_cmnd+0x224/0x6a0\n scsi_eh_test_devices+0x248/0x418\n scsi_eh_ready_devs+0xc34/0xe58\n scsi_error_handler+0x204/0x80c\n kthread+0x150/0x1b4\n ret_from_fork+0x10/0x30\n\nThat warning is triggered by the following statement:\n\n\tWARN_ON(lrbp->cmd);\n\nFix this warning by clearing lrbp->cmd from the abort handler.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47188 was patched at 2024-05-15

8895. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47189) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix memory ordering between normal and ordered work functions\n\nOrdered work functions aren't guaranteed to be handled by the same thread\nwhich executed the normal work functions. The only way execution between\nnormal/ordered functions is synchronized is via the WORK_DONE_BIT,\nunfortunately the used bitops don't guarantee any ordering whatsoever.\n\nThis manifested as seemingly inexplicable crashes on ARM64, where\nasync_chunk::inode is seen as non-null in async_cow_submit which causes\nsubmit_compressed_extents to be called and crash occurs because\nasync_chunk::inode suddenly became NULL. The call trace was similar to:\n\n pc : submit_compressed_extents+0x38/0x3d0\n lr : async_cow_submit+0x50/0xd0\n sp : ffff800015d4bc20\n\n <registers omitted for brevity>\n\n Call trace:\n submit_compressed_extents+0x38/0x3d0\n async_cow_submit+0x50/0xd0\n run_ordered_work+0xc8/0x280\n btrfs_work_helper+0x98/0x250\n process_one_work+0x1f0/0x4ac\n worker_thread+0x188/0x504\n kthread+0x110/0x114\n ret_from_fork+0x10/0x18\n\nFix this by adding respective barrier calls which ensure that all\naccesses preceding setting of WORK_DONE_BIT are strictly ordered before\nsetting the flag. At the same time add a read barrier after reading of\nWORK_DONE_BIT in run_ordered_work which ensures all subsequent loads\nwould be strictly ordered after reading the bit. This in turn ensures\nare all accesses before WORK_DONE_BIT are going to be strictly ordered\nbefore any access that can occur in ordered_func.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47189 was patched at 2024-05-15

8896. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47191) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_debug: Fix out-of-bound read in resp_readcap16()\n\nThe following warning was observed running syzkaller:\n\n[ 3813.830724] sg_write: data in/out 65466/242 bytes for SCSI command 0x9e-- guessing data in;\n[ 3813.830724] program syz-executor not setting count and/or reply_len properly\n[ 3813.836956] ==================================================================\n[ 3813.839465] BUG: KASAN: stack-out-of-bounds in sg_copy_buffer+0x157/0x1e0\n[ 3813.841773] Read of size 4096 at addr ffff8883cf80f540 by task syz-executor/1549\n[ 3813.846612] Call Trace:\n[ 3813.846995] dump_stack+0x108/0x15f\n[ 3813.847524] print_address_description+0xa5/0x372\n[ 3813.848243] kasan_report.cold+0x236/0x2a8\n[ 3813.849439] check_memory_region+0x240/0x270\n[ 3813.850094] memcpy+0x30/0x80\n[ 3813.850553] sg_copy_buffer+0x157/0x1e0\n[ 3813.853032] sg_copy_from_buffer+0x13/0x20\n[ 3813.853660] fill_from_dev_buffer+0x135/0x370\n[ 3813.854329] resp_readcap16+0x1ac/0x280\n[ 3813.856917] schedule_resp+0x41f/0x1630\n[ 3813.858203] scsi_debug_queuecommand+0xb32/0x17e0\n[ 3813.862699] scsi_dispatch_cmd+0x330/0x950\n[ 3813.863329] scsi_request_fn+0xd8e/0x1710\n[ 3813.863946] __blk_run_queue+0x10b/0x230\n[ 3813.864544] blk_execute_rq_nowait+0x1d8/0x400\n[ 3813.865220] sg_common_write.isra.0+0xe61/0x2420\n[ 3813.871637] sg_write+0x6c8/0xef0\n[ 3813.878853] __vfs_write+0xe4/0x800\n[ 3813.883487] vfs_write+0x17b/0x530\n[ 3813.884008] ksys_write+0x103/0x270\n[ 3813.886268] __x64_sys_write+0x77/0xc0\n[ 3813.886841] do_syscall_64+0x106/0x360\n[ 3813.887415] entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nThis issue can be reproduced with the following syzkaller log:\n\nr0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\\x00', 0x26e1, 0x0)\nr1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd/3\\x00')\nopen_by_handle_at(r1, &(0x7f00000003c0)=ANY=[@ANYRESHEX], 0x602000)\nr2 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40782)\nwrite$binfmt_aout(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="00000000deff000000000000000000000000000000000000000000000000000047f007af9e107a41ec395f1bded7be24277a1501ff6196a83366f4e6362bc0ff2b247f68a972989b094b2da4fb3607fcf611a22dd04310d28c75039d"], 0x126)\n\nIn resp_readcap16() we get "int alloc_len" value -1104926854, and then pass\nthe huge arr_len to fill_from_dev_buffer(), but arr is only 32 bytes. This\nleads to OOB in sg_copy_buffer().\n\nTo solve this issue, define alloc_len as u32.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47191 was patched at 2024-05-15

8897. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47192) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: sysfs: Fix hang when device state is set via sysfs\n\nThis fixes a regression added with:\n\ncommit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after\nofflinining device")\n\nThe problem is that after iSCSI recovery, iscsid will call into the kernel\nto set the dev's state to running, and with that patch we now call\nscsi_rescan_device() with the state_mutex held. If the SCSI error handler\nthread is just starting to test the device in scsi_send_eh_cmnd() then it's\ngoing to try to grab the state_mutex.\n\nWe are then stuck, because when scsi_rescan_device() tries to send its I/O\nscsi_queue_rq() calls -> scsi_host_queue_ready() -> scsi_host_in_recovery()\nwhich will return true (the host state is still in recovery) and I/O will\njust be requeued. scsi_send_eh_cmnd() will then never be able to grab the\nstate_mutex to finish error handling.\n\nTo prevent the deadlock move the rescan-related code to after we drop the\nstate_mutex.\n\nThis also adds a check for if we are already in the running state. This\nprevents extra scans and helps the iscsid case where if the transport class\nhas already onlined the device during its recovery process then we don't\nneed userspace to do it again plus possibly block that daemon.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47192 was patched at 2024-05-15

8898. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47197) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: nullify cq->dbg pointer in mlx5_debug_cq_remove()\n\nPrior to this patch in case mlx5_core_destroy_cq() failed it proceeds\nto rest of destroy operations. mlx5_core_destroy_cq() could be called again\nby user and cause additional call of mlx5_debug_cq_remove().\ncq->dbg was not nullify in previous call and cause the crash.\n\nFix it by nullify cq->dbg pointer after removal.\n\nAlso proceed to destroy operations only if FW return 0\nfor MLX5_CMD_OP_DESTROY_CQ command.\n\ngeneral protection fault, probably for non-canonical address 0x2000300004058: 0000 [#1] SMP PTI\nCPU: 5 PID: 1228 Comm: python Not tainted 5.15.0-rc5_for_upstream_min_debug_2021_10_14_11_06 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:lockref_get+0x1/0x60\nCode: 5d e9 53 ff ff ff 48 8d 7f 70 e8 0a 2e 48 00 c7 85 d0 00 00 00 02\n00 00 00 c6 45 70 00 fb 5d c3 c3 cc cc cc cc cc cc cc cc 53 <48> 8b 17\n48 89 fb 85 d2 75 3d 48 89 d0 bf 64 00 00 00 48 89 c1 48\nRSP: 0018:ffff888137dd7a38 EFLAGS: 00010206\nRAX: 0000000000000000 RBX: ffff888107d5f458 RCX: 00000000fffffffe\nRDX: 000000000002c2b0 RSI: ffffffff8155e2e0 RDI: 0002000300004058\nRBP: ffff888137dd7a88 R08: 0002000300004058 R09: ffff8881144a9f88\nR10: 0000000000000000 R11: 0000000000000000 R12: ffff8881141d4000\nR13: ffff888137dd7c68 R14: ffff888137dd7d58 R15: ffff888137dd7cc0\nFS: 00007f4644f2a4c0(0000) GS:ffff8887a2d40000(0000)\nknlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055b4500f4380 CR3: 0000000114f7a003 CR4: 0000000000170ea0\nCall Trace:\n simple_recursive_removal+0x33/0x2e0\n ? debugfs_remove+0x60/0x60\n debugfs_remove+0x40/0x60\n mlx5_debug_cq_remove+0x32/0x70 [mlx5_core]\n mlx5_core_destroy_cq+0x41/0x1d0 [mlx5_core]\n devx_obj_cleanup+0x151/0x330 [mlx5_ib]\n ? __pollwait+0xd0/0xd0\n ? xas_load+0x5/0x70\n ? xa_load+0x62/0xa0\n destroy_hw_idr_uobject+0x20/0x80 [ib_uverbs]\n uverbs_destroy_uobject+0x3b/0x360 [ib_uverbs]\n uobj_destroy+0x54/0xa0 [ib_uverbs]\n ib_uverbs_cmd_verbs+0xaf2/0x1160 [ib_uverbs]\n ? uverbs_finalize_object+0xd0/0xd0 [ib_uverbs]\n ib_uverbs_ioctl+0xc4/0x1b0 [ib_uverbs]\n __x64_sys_ioctl+0x3e4/0x8e0', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47197 was patched at 2024-05-15

8899. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47199) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: CT, Fix multiple allocations and memleak of mod acts\n\nCT clear action offload adds additional mod hdr actions to the\nflow's original mod actions in order to clear the registers which\nhold ct_state.\nWhen such flow also includes encap action, a neigh update event\ncan cause the driver to unoffload the flow and then reoffload it.\n\nEach time this happens, the ct clear handling adds that same set\nof mod hdr actions to reset ct_state until the max of mod hdr\nactions is reached.\n\nAlso the driver never releases the allocated mod hdr actions and\ncausing a memleak.\n\nFix above two issues by moving CT clear mod acts allocation\ninto the parsing actions phase and only use it when offloading the rule.\nThe release of mod acts will be done in the normal flow_put().\n\n backtrace:\n [<000000007316e2f3>] krealloc+0x83/0xd0\n [<00000000ef157de1>] mlx5e_mod_hdr_alloc+0x147/0x300 [mlx5_core]\n [<00000000970ce4ae>] mlx5e_tc_match_to_reg_set_and_get_id+0xd7/0x240 [mlx5_core]\n [<0000000067c5fa17>] mlx5e_tc_match_to_reg_set+0xa/0x20 [mlx5_core]\n [<00000000d032eb98>] mlx5_tc_ct_entry_set_registers.isra.0+0x36/0xc0 [mlx5_core]\n [<00000000fd23b869>] mlx5_tc_ct_flow_offload+0x272/0x1f10 [mlx5_core]\n [<000000004fc24acc>] mlx5e_tc_offload_fdb_rules.part.0+0x150/0x620 [mlx5_core]\n [<00000000dc741c17>] mlx5e_tc_encap_flows_add+0x489/0x690 [mlx5_core]\n [<00000000e92e49d7>] mlx5e_rep_update_flows+0x6e4/0x9b0 [mlx5_core]\n [<00000000f60f5602>] mlx5e_rep_neigh_update+0x39a/0x5d0 [mlx5_core]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47199 was patched at 2024-05-15

8900. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47200) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/prime: Fix use after free in mmap with drm_gem_ttm_mmap\n\ndrm_gem_ttm_mmap() drops a reference to the gem object on success. If\nthe gem object's refcount == 1 on entry to drm_gem_prime_mmap(), that\ndrop will free the gem object, and the subsequent drm_gem_object_get()\nwill be a UAF. Fix by grabbing a reference before calling the mmap\nhelper.\n\nThis issue was forseen when the reference dropping was adding in\ncommit 9786b65bc61ac ("drm/ttm: fix mmap refcounting"):\n "For that to work properly the drm_gem_object_get() call in\n drm_gem_ttm_mmap() must be moved so it happens before calling\n obj->funcs->mmap(), otherwise the gem refcount would go down\n to zero."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47200 was patched at 2024-05-15

8901. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47201) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\niavf: free q_vectors before queues in iavf_disable_vf\n\niavf_free_queues() clears adapter->num_active_queues, which\niavf_free_q_vectors() relies on, so swap the order of these two function\ncalls in iavf_disable_vf(). This resolves a panic encountered when the\ninterface is disabled and then later brought up again after PF\ncommunication is restored.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47201 was patched at 2024-05-15

8902. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47202) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: Fix NULL pointer dereferences in of_thermal_ functions\n\nof_parse_thermal_zones() parses the thermal-zones node and registers a\nthermal_zone device for each subnode. However, if a thermal zone is\nconsuming a thermal sensor and that thermal sensor device hasn't probed\nyet, an attempt to set trip_point_*_temp for that thermal zone device\ncan cause a NULL pointer dereference. Fix it.\n\n console:/sys/class/thermal/thermal_zone87 # echo 120000 > trip_point_0_temp\n ...\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n ...\n Call trace:\n of_thermal_set_trip_temp+0x40/0xc4\n trip_point_temp_store+0xc0/0x1dc\n dev_attr_store+0x38/0x88\n sysfs_kf_write+0x64/0xc0\n kernfs_fop_write_iter+0x108/0x1d0\n vfs_write+0x2f4/0x368\n ksys_write+0x7c/0xec\n __arm64_sys_write+0x20/0x30\n el0_svc_common.llvm.7279915941325364641+0xbc/0x1bc\n do_el0_svc+0x28/0xa0\n el0_svc+0x14/0x24\n el0_sync_handler+0x88/0xec\n el0_sync+0x1c0/0x200\n\nWhile at it, fix the possible NULL pointer dereference in other\nfunctions as well: of_thermal_get_temp(), of_thermal_set_emul_temp(),\nof_thermal_get_trend().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47202 was patched at 2024-05-15

8903. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47203) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()\n\nWhen parsing the txq list in lpfc_drain_txq(), the driver attempts to pass\nthe requests to the adapter. If such an attempt fails, a local "fail_msg"\nstring is set and a log message output. The job is then added to a\ncompletions list for cancellation.\n\nProcessing of any further jobs from the txq list continues, but since\n"fail_msg" remains set, jobs are added to the completions list regardless\nof whether a wqe was passed to the adapter. If successfully added to\ntxcmplq, jobs are added to both lists resulting in list corruption.\n\nFix by clearing the fail_msg string after adding a job to the completions\nlist. This stops the subsequent jobs from being added to the completions\nlist unless they had an appropriate failure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47203 was patched at 2024-05-15

8904. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47206) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: host: ohci-tmio: check return value after calling platform_get_resource()\n\nIt will cause null-ptr-deref if platform_get_resource() returns NULL,\nwe need check the return value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47206 was patched at 2024-05-15

8905. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47207) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: gus: fix null pointer dereference on pointer block\n\nThe pointer block return from snd_gf1_dma_next_block could be\nnull, so there is a potential null pointer dereference issue.\nFix this by adding a null check before dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47207 was patched at 2024-05-15

8906. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47211) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: fix null pointer dereference on pointer cs_desc\n\nThe pointer cs_desc return from snd_usb_find_clock_source could\nbe null, so there is a potential null pointer dereference issue.\nFix this by adding a null check before dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47211 was patched at 2024-05-15

8907. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47212) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Update error handler for UCTX and UMEM\n\nIn the fast unload flow, the device state is set to internal error,\nwhich indicates that the driver started the destroy process.\nIn this case, when a destroy command is being executed, it should return\nMLX5_CMD_STAT_OK.\nFix MLX5_CMD_OP_DESTROY_UCTX and MLX5_CMD_OP_DESTROY_UMEM to return OK\ninstead of EIO.\n\nThis fixes a call trace in the umem release process -\n[ 2633.536695] Call Trace:\n[ 2633.537518] ib_uverbs_remove_one+0xc3/0x140 [ib_uverbs]\n[ 2633.538596] remove_client_context+0x8b/0xd0 [ib_core]\n[ 2633.539641] disable_device+0x8c/0x130 [ib_core]\n[ 2633.540615] __ib_unregister_device+0x35/0xa0 [ib_core]\n[ 2633.541640] ib_unregister_device+0x21/0x30 [ib_core]\n[ 2633.542663] __mlx5_ib_remove+0x38/0x90 [mlx5_ib]\n[ 2633.543640] auxiliary_bus_remove+0x1e/0x30 [auxiliary]\n[ 2633.544661] device_release_driver_internal+0x103/0x1f0\n[ 2633.545679] bus_remove_device+0xf7/0x170\n[ 2633.546640] device_del+0x181/0x410\n[ 2633.547606] mlx5_rescan_drivers_locked.part.10+0x63/0x160 [mlx5_core]\n[ 2633.548777] mlx5_unregister_device+0x27/0x40 [mlx5_core]\n[ 2633.549841] mlx5_uninit_one+0x21/0xc0 [mlx5_core]\n[ 2633.550864] remove_one+0x69/0xe0 [mlx5_core]\n[ 2633.551819] pci_device_remove+0x3b/0xc0\n[ 2633.552731] device_release_driver_internal+0x103/0x1f0\n[ 2633.553746] unbind_store+0xf6/0x130\n[ 2633.554657] kernfs_fop_write+0x116/0x190\n[ 2633.555567] vfs_write+0xa5/0x1a0\n[ 2633.556407] ksys_write+0x4f/0xb0\n[ 2633.557233] do_syscall_64+0x5b/0x1a0\n[ 2633.558071] entry_SYSCALL_64_after_hwframe+0x65/0xca\n[ 2633.559018] RIP: 0033:0x7f9977132648\n[ 2633.559821] Code: 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 55 6f 2d 00 8b 00 85 c0 75 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 49 89 d4 55\n[ 2633.562332] RSP: 002b:00007fffb1a83888 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[ 2633.563472] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f9977132648\n[ 2633.564541] RDX: 000000000000000c RSI: 000055b90546e230 RDI: 0000000000000001\n[ 2633.565596] RBP: 000055b90546e230 R08: 00007f9977406860 R09: 00007f9977a54740\n[ 2633.566653] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f99774056e0\n[ 2633.567692] R13: 000000000000000c R14: 00007f9977400880 R15: 000000000000000c\n[ 2633.568725] ---[ end trace 10b4fe52945e544d ]---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47212 was patched at 2024-05-15

8908. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47214) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhugetlb, userfaultfd: fix reservation restore on userfaultfd error\n\nCurrently in the is_continue case in hugetlb_mcopy_atomic_pte(), if we\nbail out using "goto out_release_unlock;" in the cases where idx >=\nsize, or !huge_pte_none(), the code will detect that new_pagecache_page\n== false, and so call restore_reserve_on_error(). In this case I see\nrestore_reserve_on_error() delete the reservation, and the following\ncall to remove_inode_hugepages() will increment h->resv_hugepages\ncausing a 100% reproducible leak.\n\nWe should treat the is_continue case similar to adding a page into the\npagecache and set new_pagecache_page to true, to indicate that there is\nno reservation to restore on the error path, and we need not call\nrestore_reserve_on_error(). Rename new_pagecache_page to\npage_in_pagecache to make that clear.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47214 was patched at 2024-05-15

8909. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47215) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: kTLS, Fix crash in RX resync flow\n\nFor the TLS RX resync flow, we maintain a list of TLS contexts\nthat require some attention, to communicate their resync information\nto the HW.\nHere we fix list corruptions, by protecting the entries against\nmovements coming from resync_handle_seq_match(), until their resync\nhandling in napi is fully completed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47215 was patched at 2024-05-15

8910. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47216) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: advansys: Fix kernel pointer leak\n\nPointers should be printed with %p or %px rather than cast to 'unsigned\nlong' and printed with %lx.\n\nChange %lx to %p to print the hashed pointer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47216 was patched at 2024-05-15

8911. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47217) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/hyperv: Fix NULL deref in set_hv_tscchange_cb() if Hyper-V setup fails\n\nCheck for a valid hv_vp_index array prior to derefencing hv_vp_index when\nsetting Hyper-V's TSC change callback. If Hyper-V setup failed in\nhyperv_init(), the kernel will still report that it's running under\nHyper-V, but will have silently disabled nearly all functionality.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000010\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP\n CPU: 4 PID: 1 Comm: swapper/0 Not tainted 5.15.0-rc2+ #75\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n RIP: 0010:set_hv_tscchange_cb+0x15/0xa0\n Code: <8b> 04 82 8b 15 12 17 85 01 48 c1 e0 20 48 0d ee 00 01 00 f6 c6 08\n ...\n Call Trace:\n kvm_arch_init+0x17c/0x280\n kvm_init+0x31/0x330\n vmx_init+0xba/0x13a\n do_one_initcall+0x41/0x1c0\n kernel_init_freeable+0x1f2/0x23b\n kernel_init+0x16/0x120\n ret_from_fork+0x22/0x30', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47217 was patched at 2024-05-15

8912. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47218) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nselinux: fix NULL-pointer dereference when hashtab allocation fails\n\nWhen the hash table slot array allocation fails in hashtab_init(),\nh->size is left initialized with a non-zero value, but the h->htable\npointer is NULL. This may then cause a NULL pointer dereference, since\nthe policydb code relies on the assumption that even after a failed\nhashtab_init(), hashtab_map() and hashtab_destroy() can be safely called\non it. Yet, these detect an empty hashtab only by looking at the size.\n\nFix this by making sure that hashtab_init() always leaves behind a valid\nempty hashtab when the allocation fails.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47218 was patched at 2024-05-15

8913. Unknown Vulnerability Type - Linux Kernel (CVE-2021-47219) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()\n\nThe following issue was observed running syzkaller:\n\nBUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:377 [inline]\nBUG: KASAN: slab-out-of-bounds in sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831\nRead of size 2132 at addr ffff8880aea95dc8 by task syz-executor.0/9815\n\nCPU: 0 PID: 9815 Comm: syz-executor.0 Not tainted 4.19.202-00874-gfc0fe04215a9 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0xe4/0x14a lib/dump_stack.c:118\n print_address_description+0x73/0x280 mm/kasan/report.c:253\n kasan_report_error mm/kasan/report.c:352 [inline]\n kasan_report+0x272/0x370 mm/kasan/report.c:410\n memcpy+0x1f/0x50 mm/kasan/kasan.c:302\n memcpy include/linux/string.h:377 [inline]\n sg_copy_buffer+0x150/0x1c0 lib/scatterlist.c:831\n fill_from_dev_buffer+0x14f/0x340 drivers/scsi/scsi_debug.c:1021\n resp_report_tgtpgs+0x5aa/0x770 drivers/scsi/scsi_debug.c:1772\n schedule_resp+0x464/0x12f0 drivers/scsi/scsi_debug.c:4429\n scsi_debug_queuecommand+0x467/0x1390 drivers/scsi/scsi_debug.c:5835\n scsi_dispatch_cmd+0x3fc/0x9b0 drivers/scsi/scsi_lib.c:1896\n scsi_request_fn+0x1042/0x1810 drivers/scsi/scsi_lib.c:2034\n __blk_run_queue_uncond block/blk-core.c:464 [inline]\n __blk_run_queue+0x1a4/0x380 block/blk-core.c:484\n blk_execute_rq_nowait+0x1c2/0x2d0 block/blk-exec.c:78\n sg_common_write.isra.19+0xd74/0x1dc0 drivers/scsi/sg.c:847\n sg_write.part.23+0x6e0/0xd00 drivers/scsi/sg.c:716\n sg_write+0x64/0xa0 drivers/scsi/sg.c:622\n __vfs_write+0xed/0x690 fs/read_write.c:485\nkill_bdev:block_device:00000000e138492c\n vfs_write+0x184/0x4c0 fs/read_write.c:549\n ksys_write+0x107/0x240 fs/read_write.c:599\n do_syscall_64+0xc2/0x560 arch/x86/entry/common.c:293\n entry_SYSCALL_64_after_hwframe+0x49/0xbe\n\nWe get 'alen' from command its type is int. If userspace passes a large\nlength we will get a negative 'alen'.\n\nSwitch n, alen, and rlen to u32.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47219 was patched at 2024-05-15

8914. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48627) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvt: fix memory overlapping when deleting chars in the buffer\n\nA memory overlapping copy occurs when deleting a long line. This memory\noverlapping copy can cause data corruption when scr_memcpyw is optimized\nto memcpy because memcpy does not ensure its behavior if the destination\nbuffer overlaps with the source buffer. The line buffer is not always\nbroken, because the memcpy utilizes the hardware acceleration, whose\nresult is not deterministic.\n\nFix this problem by using replacing the scr_memcpyw with scr_memmovew.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2022-48627 was patched at 2024-06-05

debian: CVE-2022-48627 was patched at 2024-05-15

oraclelinux: CVE-2022-48627 was patched at 2024-06-05

redhat: CVE-2022-48627 was patched at 2024-06-05

8915. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48628) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nceph: drop messages from MDS when unmounting\n\nWhen unmounting all the dirty buffers will be flushed and after\nthe last osd request is finished the last reference of the i_count\nwill be released. Then it will flush the dirty cap/snap to MDSs,\nand the unmounting won't wait the possible acks, which will ihold\nthe inodes when updating the metadata locally but makes no sense\nany more, of this. This will make the evict_inodes() to skip these\ninodes.\n\nIf encrypt is enabled the kernel generate a warning when removing\nthe encrypt keys when the skipped inodes still hold the keyring:\n\nWARNING: CPU: 4 PID: 168846 at fs/crypto/keyring.c:242 fscrypt_destroy_keyring+0x7e/0xd0\nCPU: 4 PID: 168846 Comm: umount Tainted: G S 6.1.0-rc5-ceph-g72ead199864c #1\nHardware name: Supermicro SYS-5018R-WR/X10SRW-F, BIOS 2.0 12/17/2015\nRIP: 0010:fscrypt_destroy_keyring+0x7e/0xd0\nRSP: 0018:ffffc9000b277e28 EFLAGS: 00010202\nRAX: 0000000000000002 RBX: ffff88810d52ac00 RCX: ffff88810b56aa00\nRDX: 0000000080000000 RSI: ffffffff822f3a09 RDI: ffff888108f59000\nRBP: ffff8881d394fb88 R08: 0000000000000028 R09: 0000000000000000\nR10: 0000000000000001 R11: 11ff4fe6834fcd91 R12: ffff8881d394fc40\nR13: ffff888108f59000 R14: ffff8881d394f800 R15: 0000000000000000\nFS: 00007fd83f6f1080(0000) GS:ffff88885fd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f918d417000 CR3: 000000017f89a005 CR4: 00000000003706e0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n<TASK>\ngeneric_shutdown_super+0x47/0x120\nkill_anon_super+0x14/0x30\nceph_kill_sb+0x36/0x90 [ceph]\ndeactivate_locked_super+0x29/0x60\ncleanup_mnt+0xb8/0x140\ntask_work_run+0x67/0xb0\nexit_to_user_mode_prepare+0x23d/0x240\nsyscall_exit_to_user_mode+0x25/0x60\ndo_syscall_64+0x40/0x80\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7fd83dc39e9b\n\nLater the kernel will crash when iput() the inodes and dereferencing\nthe "sb->s_master_keys", which has been released by the\ngeneric_shutdown_super().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48628 was patched at 2024-05-15

8916. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48629) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qcom-rng - ensure buffer for generate is completely filled\n\nThe generate function in struct rng_alg expects that the destination\nbuffer is completely filled if the function returns 0. qcom_rng_read()\ncan run into a situation where the buffer is partially filled with\nrandomness and the remaining part of the buffer is zeroed since\nqcom_rng_generate() doesn't check the return value. This issue can\nbe reproduced by running the following from libkcapi:\n\n kcapi-rng -b 9000000 > OUTFILE\n\nThe generated OUTFILE will have three huge sections that contain all\nzeros, and this is caused by the code where the test\n'val & PRNG_STATUS_DATA_AVAIL' fails.\n\nLet's fix this issue by ensuring that qcom_rng_read() always returns\nwith a full buffer if the function returns success. Let's also have\nqcom_rng_generate() return the correct value.\n\nHere's some statistics from the ent project\n(https://www.fourmilab.ch/random/) that shows information about the\nquality of the generated numbers:\n\n $ ent -c qcom-random-before\n Value Char Occurrences Fraction\n 0 606748 0.067416\n 1 33104 0.003678\n 2 33001 0.003667\n ...\n 253 � 32883 0.003654\n 254 � 33035 0.003671\n 255 � 33239 0.003693\n\n Total: 9000000 1.000000\n\n Entropy = 7.811590 bits per byte.\n\n Optimum compression would reduce the size\n of this 9000000 byte file by 2 percent.\n\n Chi square distribution for 9000000 samples is 9329962.81, and\n randomly would exceed this value less than 0.01 percent of the\n times.\n\n Arithmetic mean value of data bytes is 119.3731 (127.5 = random).\n Monte Carlo value for Pi is 3.197293333 (error 1.77 percent).\n Serial correlation coefficient is 0.159130 (totally uncorrelated =\n 0.0).\n\nWithout this patch, the results of the chi-square test is 0.01%, and\nthe numbers are certainly not random according to ent's project page.\nThe results improve with this patch:\n\n $ ent -c qcom-random-after\n Value Char Occurrences Fraction\n 0 35432 0.003937\n 1 35127 0.003903\n 2 35424 0.003936\n ...\n 253 � 35201 0.003911\n 254 � 34835 0.003871\n 255 � 35368 0.003930\n\n Total: 9000000 1.000000\n\n Entropy = 7.999979 bits per byte.\n\n Optimum compression would reduce the size\n of this 9000000 byte file by 0 percent.\n\n Chi square distribution for 9000000 samples is 258.77, and randomly\n would exceed this value 42.24 percent of the times.\n\n Arithmetic mean value of data bytes is 127.5006 (127.5 = random).\n Monte Carlo value for Pi is 3.141277333 (error 0.01 percent).\n Serial correlation coefficient is 0.000468 (totally uncorrelated =\n 0.0).\n\nThis change was tested on a Nexus 5 phone (msm8974 SoC).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48629 was patched at 2024-05-15

8917. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48631) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0\n\nWhen walking through an inode extents, the ext4_ext_binsearch_idx() function\nassumes that the extent header has been previously validated. However, there\nare no checks that verify that the number of entries (eh->eh_entries) is\nnon-zero when depth is > 0. And this will lead to problems because the\nEXT_FIRST_INDEX() and EXT_LAST_INDEX() will return garbage and result in this:\n\n[ 135.245946] ------------[ cut here ]------------\n[ 135.247579] kernel BUG at fs/ext4/extents.c:2258!\n[ 135.249045] invalid opcode: 0000 [#1] PREEMPT SMP\n[ 135.250320] CPU: 2 PID: 238 Comm: tmp118 Not tainted 5.19.0-rc8+ #4\n[ 135.252067] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b-rebuilt.opensuse.org 04/01/2014\n[ 135.255065] RIP: 0010:ext4_ext_map_blocks+0xc20/0xcb0\n[ 135.256475] Code:\n[ 135.261433] RSP: 0018:ffffc900005939f8 EFLAGS: 00010246\n[ 135.262847] RAX: 0000000000000024 RBX: ffffc90000593b70 RCX: 0000000000000023\n[ 135.264765] RDX: ffff8880038e5f10 RSI: 0000000000000003 RDI: ffff8880046e922c\n[ 135.266670] RBP: ffff8880046e9348 R08: 0000000000000001 R09: ffff888002ca580c\n[ 135.268576] R10: 0000000000002602 R11: 0000000000000000 R12: 0000000000000024\n[ 135.270477] R13: 0000000000000000 R14: 0000000000000024 R15: 0000000000000000\n[ 135.272394] FS: 00007fdabdc56740(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\n[ 135.274510] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 135.276075] CR2: 00007ffc26bd4f00 CR3: 0000000006261004 CR4: 0000000000170ea0\n[ 135.277952] Call Trace:\n[ 135.278635] <TASK>\n[ 135.279247] ? preempt_count_add+0x6d/0xa0\n[ 135.280358] ? percpu_counter_add_batch+0x55/0xb0\n[ 135.281612] ? _raw_read_unlock+0x18/0x30\n[ 135.282704] ext4_map_blocks+0x294/0x5a0\n[ 135.283745] ? xa_load+0x6f/0xa0\n[ 135.284562] ext4_mpage_readpages+0x3d6/0x770\n[ 135.285646] read_pages+0x67/0x1d0\n[ 135.286492] ? folio_add_lru+0x51/0x80\n[ 135.287441] page_cache_ra_unbounded+0x124/0x170\n[ 135.288510] filemap_get_pages+0x23d/0x5a0\n[ 135.289457] ? path_openat+0xa72/0xdd0\n[ 135.290332] filemap_read+0xbf/0x300\n[ 135.291158] ? _raw_spin_lock_irqsave+0x17/0x40\n[ 135.292192] new_sync_read+0x103/0x170\n[ 135.293014] vfs_read+0x15d/0x180\n[ 135.293745] ksys_read+0xa1/0xe0\n[ 135.294461] do_syscall_64+0x3c/0x80\n[ 135.295284] entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nThis patch simply adds an extra check in __ext4_ext_check(), verifying that\neh_entries is not 0 when eh_depth is > 0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48631 was patched at 2024-05-15

8918. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48632) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()\n\nmemcpy() is called in a loop while 'operation->length' upper bound\nis not checked and 'data_idx' also increments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48632 was patched at 2024-05-15

8919. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48633) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix WARN_ON(lock->magic != lock) error\n\npsb_gem_unpin() calls dma_resv_lock() but the underlying ww_mutex\ngets destroyed by drm_gem_object_release() move the\ndrm_gem_object_release() call in psb_gem_free_object() to after\nthe unpin to fix the below warning:\n\n[ 79.693962] ------------[ cut here ]------------\n[ 79.693992] DEBUG_LOCKS_WARN_ON(lock->magic != lock)\n[ 79.694015] WARNING: CPU: 0 PID: 240 at kernel/locking/mutex.c:582 __ww_mutex_lock.constprop.0+0x569/0xfb0\n[ 79.694052] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer qrtr bnep ath9k ath9k_common ath9k_hw snd_hda_codec_realtek snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi snd_hda_intel ath3k snd_intel_dspcfg mac80211 snd_intel_sdw_acpi btusb snd_hda_codec btrtl btbcm btintel btmtk bluetooth at24 snd_hda_core snd_hwdep uvcvideo snd_seq libarc4 videobuf2_vmalloc ath videobuf2_memops videobuf2_v4l2 videobuf2_common snd_seq_device videodev acer_wmi intel_powerclamp coretemp mc snd_pcm joydev sparse_keymap ecdh_generic pcspkr wmi_bmof cfg80211 i2c_i801 i2c_smbus snd_timer snd r8169 rfkill lpc_ich soundcore acpi_cpufreq zram rtsx_pci_sdmmc mmc_core serio_raw rtsx_pci gma500_gfx(E) video wmi ip6_tables ip_tables i2c_dev fuse\n[ 79.694436] CPU: 0 PID: 240 Comm: plymouthd Tainted: G W E 6.0.0-rc3+ #490\n[ 79.694457] Hardware name: Packard Bell dot s/SJE01_CT, BIOS V1.10 07/23/2013\n[ 79.694469] RIP: 0010:__ww_mutex_lock.constprop.0+0x569/0xfb0\n[ 79.694496] Code: ff 85 c0 0f 84 15 fb ff ff 8b 05 ca 3c 11 01 85 c0 0f 85 07 fb ff ff 48 c7 c6 30 cb 84 aa 48 c7 c7 a3 e1 82 aa e8 ac 29 f8 ff <0f> 0b e9 ed fa ff ff e8 5b 83 8a ff 85 c0 74 10 44 8b 0d 98 3c 11\n[ 79.694513] RSP: 0018:ffffad1dc048bbe0 EFLAGS: 00010282\n[ 79.694623] RAX: 0000000000000028 RBX: 0000000000000000 RCX: 0000000000000000\n[ 79.694636] RDX: 0000000000000001 RSI: ffffffffaa8b0ffc RDI: 00000000ffffffff\n[ 79.694650] RBP: ffffad1dc048bc80 R08: 0000000000000000 R09: ffffad1dc048ba90\n[ 79.694662] R10: 0000000000000003 R11: ffffffffaad62fe8 R12: ffff9ff302103138\n[ 79.694675] R13: ffff9ff306ec8000 R14: ffff9ff307779078 R15: ffff9ff3014c0270\n[ 79.694690] FS: 00007ff1cccf1740(0000) GS:ffff9ff3bc200000(0000) knlGS:0000000000000000\n[ 79.694705] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 79.694719] CR2: 0000559ecbcb4420 CR3: 0000000013210000 CR4: 00000000000006f0\n[ 79.694734] Call Trace:\n[ 79.694749] <TASK>\n[ 79.694761] ? __schedule+0x47f/0x1670\n[ 79.694796] ? psb_gem_unpin+0x27/0x1a0 [gma500_gfx]\n[ 79.694830] ? lock_is_held_type+0xe3/0x140\n[ 79.694864] ? ww_mutex_lock+0x38/0xa0\n[ 79.694885] ? __cond_resched+0x1c/0x30\n[ 79.694902] ww_mutex_lock+0x38/0xa0\n[ 79.694925] psb_gem_unpin+0x27/0x1a0 [gma500_gfx]\n[ 79.694964] psb_gem_unpin+0x199/0x1a0 [gma500_gfx]\n[ 79.694996] drm_gem_object_release_handle+0x50/0x60\n[ 79.695020] ? drm_gem_object_handle_put_unlocked+0xf0/0xf0\n[ 79.695042] idr_for_each+0x4b/0xb0\n[ 79.695066] ? _raw_spin_unlock_irqrestore+0x30/0x60\n[ 79.695095] drm_gem_release+0x1c/0x30\n[ 79.695118] drm_file_free.part.0+0x1ea/0x260\n[ 79.695150] drm_release+0x6a/0x120\n[ 79.695175] __fput+0x9f/0x260\n[ 79.695203] task_work_run+0x59/0xa0\n[ 79.695227] do_exit+0x387/0xbe0\n[ 79.695250] ? seqcount_lockdep_reader_access.constprop.0+0x82/0x90\n[ 79.695275] ? lockdep_hardirqs_on+0x7d/0x100\n[ 79.695304] do_group_exit+0x33/0xb0\n[ 79.695331] __x64_sys_exit_group+0x14/0x20\n[ 79.695353] do_syscall_64+0x58/0x80\n[ 79.695376] ? up_read+0x17/0x20\n[ 79.695401] ? lock_is_held_type+0xe3/0x140\n[ 79.695429] ? asm_exc_page_fault+0x22/0x30\n[ 79.695450] ? lockdep_hardirqs_on+0x7d/0x100\n[ 79.695473] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 79.695493] RIP: 0033:0x7ff1ccefe3f1\n[ 79.695516] Code: Unable to access opcode bytes at RIP 0x7ff1ccefe3c7.\n[ 79.695607] RSP: 002b:00007ffed4413378 EFLAGS: \n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48633 was patched at 2024-05-15

8920. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48634) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/gma500: Fix BUG: sleeping function called from invalid context errors\n\ngma_crtc_page_flip() was holding the event_lock spinlock while calling\ncrtc_funcs->mode_set_base() which takes ww_mutex.\n\nThe only reason to hold event_lock is to clear gma_crtc->page_flip_event\non mode_set_base() errors.\n\nInstead unlock it after setting gma_crtc->page_flip_event and on\nerrors re-take the lock and clear gma_crtc->page_flip_event it\nit is still set.\n\nThis fixes the following WARN/stacktrace:\n\n[ 512.122953] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:870\n[ 512.123004] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 1253, name: gnome-shell\n[ 512.123031] preempt_count: 1, expected: 0\n[ 512.123048] RCU nest depth: 0, expected: 0\n[ 512.123066] INFO: lockdep is turned off.\n[ 512.123080] irq event stamp: 0\n[ 512.123094] hardirqs last enabled at (0): [<0000000000000000>] 0x0\n[ 512.123134] hardirqs last disabled at (0): [<ffffffff8d0ec28c>] copy_process+0x9fc/0x1de0\n[ 512.123176] softirqs last enabled at (0): [<ffffffff8d0ec28c>] copy_process+0x9fc/0x1de0\n[ 512.123207] softirqs last disabled at (0): [<0000000000000000>] 0x0\n[ 512.123233] Preemption disabled at:\n[ 512.123241] [<0000000000000000>] 0x0\n[ 512.123275] CPU: 3 PID: 1253 Comm: gnome-shell Tainted: G W 5.19.0+ #1\n[ 512.123304] Hardware name: Packard Bell dot s/SJE01_CT, BIOS V1.10 07/23/2013\n[ 512.123323] Call Trace:\n[ 512.123346] <TASK>\n[ 512.123370] dump_stack_lvl+0x5b/0x77\n[ 512.123412] __might_resched.cold+0xff/0x13a\n[ 512.123458] ww_mutex_lock+0x1e/0xa0\n[ 512.123495] psb_gem_pin+0x2c/0x150 [gma500_gfx]\n[ 512.123601] gma_pipe_set_base+0x76/0x240 [gma500_gfx]\n[ 512.123708] gma_crtc_page_flip+0x95/0x130 [gma500_gfx]\n[ 512.123808] drm_mode_page_flip_ioctl+0x57d/0x5d0\n[ 512.123897] ? drm_mode_cursor2_ioctl+0x10/0x10\n[ 512.123936] drm_ioctl_kernel+0xa1/0x150\n[ 512.123984] drm_ioctl+0x21f/0x420\n[ 512.124025] ? drm_mode_cursor2_ioctl+0x10/0x10\n[ 512.124070] ? rcu_read_lock_bh_held+0xb/0x60\n[ 512.124104] ? lock_release+0x1ef/0x2d0\n[ 512.124161] __x64_sys_ioctl+0x8d/0xd0\n[ 512.124203] do_syscall_64+0x58/0x80\n[ 512.124239] ? do_syscall_64+0x67/0x80\n[ 512.124267] ? trace_hardirqs_on_prepare+0x55/0xe0\n[ 512.124300] ? do_syscall_64+0x67/0x80\n[ 512.124340] ? rcu_read_lock_sched_held+0x10/0x80\n[ 512.124377] entry_SYSCALL_64_after_hwframe+0x63/0xcd\n[ 512.124411] RIP: 0033:0x7fcc4a70740f\n[ 512.124442] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 18 48 8b 44 24 18 64 48 2b 04 25 28 00 00\n[ 512.124470] RSP: 002b:00007ffda73f5390 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n[ 512.124503] RAX: ffffffffffffffda RBX: 000055cc9e474500 RCX: 00007fcc4a70740f\n[ 512.124524] RDX: 00007ffda73f5420 RSI: 00000000c01864b0 RDI: 0000000000000009\n[ 512.124544] RBP: 00007ffda73f5420 R08: 000055cc9c0b0cb0 R09: 0000000000000034\n[ 512.124564] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000c01864b0\n[ 512.124584] R13: 0000000000000009 R14: 000055cc9df484d0 R15: 000055cc9af5d0c0\n[ 512.124647] </TASK>', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48634 was patched at 2024-05-15

8921. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48635) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfsdax: Fix infinite loop in dax_iomap_rw()\n\nI got an infinite loop and a WARNING report when executing a tail command\nin virtiofs.\n\n WARNING: CPU: 10 PID: 964 at fs/iomap/iter.c:34 iomap_iter+0x3a2/0x3d0\n Modules linked in:\n CPU: 10 PID: 964 Comm: tail Not tainted 5.19.0-rc7\n Call Trace:\n <TASK>\n dax_iomap_rw+0xea/0x620\n ? __this_cpu_preempt_check+0x13/0x20\n fuse_dax_read_iter+0x47/0x80\n fuse_file_read_iter+0xae/0xd0\n new_sync_read+0xfe/0x180\n ? 0xffffffff81000000\n vfs_read+0x14d/0x1a0\n ksys_read+0x6d/0xf0\n __x64_sys_read+0x1a/0x20\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe tail command will call read() with a count of 0. In this case,\niomap_iter() will report this WARNING, and always return 1 which casuing\nthe infinite loop in dax_iomap_rw().\n\nFixing by checking count whether is 0 in dax_iomap_rw().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48635 was patched at 2024-05-15

8922. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48636) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup\n\nFix Oops in dasd_alias_get_start_dev() function caused by the pavgroup\npointer being NULL.\n\nThe pavgroup pointer is checked on the entrance of the function but\nwithout the lcu->lock being held. Therefore there is a race window\nbetween dasd_alias_get_start_dev() and _lcu_update() which sets\npavgroup to NULL with the lcu->lock held.\n\nFix by checking the pavgroup pointer with lcu->lock held.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48636 was patched at 2024-05-15

8923. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48638) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncgroup: cgroup_get_from_id() must check the looked-up kn is a directory\n\ncgroup has to be one kernfs dir, otherwise kernel panic is caused,\nespecially cgroup id is provide from userspace.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48638 was patched at 2024-05-15

8924. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48639) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix possible refcount leak in tc_new_tfilter()\n\ntfilter_put need to be called to put the refount got by tp->ops->get to\navoid possible refcount leak when chain->tmplt_ops != NULL and\nchain->tmplt_ops != tp->ops.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48639 was patched at 2024-05-15

8925. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48640) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix NULL deref in bond_rr_gen_slave_id\n\nFix a NULL dereference of the struct bonding.rr_tx_counter member because\nif a bond is initially created with an initial mode != zero (Round Robin)\nthe memory required for the counter is never created and when the mode is\nchanged there is never any attempt to verify the memory is allocated upon\nswitching modes.\n\nThis causes the following Oops on an aarch64 machine:\n [ 334.686773] Unable to handle kernel paging request at virtual address ffff2c91ac905000\n [ 334.694703] Mem abort info:\n [ 334.697486] ESR = 0x0000000096000004\n [ 334.701234] EC = 0x25: DABT (current EL), IL = 32 bits\n [ 334.706536] SET = 0, FnV = 0\n [ 334.709579] EA = 0, S1PTW = 0\n [ 334.712719] FSC = 0x04: level 0 translation fault\n [ 334.717586] Data abort info:\n [ 334.720454] ISV = 0, ISS = 0x00000004\n [ 334.724288] CM = 0, WnR = 0\n [ 334.727244] swapper pgtable: 4k pages, 48-bit VAs, pgdp=000008044d662000\n [ 334.733944] [ffff2c91ac905000] pgd=0000000000000000, p4d=0000000000000000\n [ 334.740734] Internal error: Oops: 96000004 [#1] SMP\n [ 334.745602] Modules linked in: bonding tls veth rfkill sunrpc arm_spe_pmu vfat fat acpi_ipmi ipmi_ssif ixgbe igb i40e mdio ipmi_devintf ipmi_msghandler arm_cmn arm_dsu_pmu cppc_cpufreq acpi_tad fuse zram crct10dif_ce ast ghash_ce sbsa_gwdt nvme drm_vram_helper drm_ttm_helper nvme_core ttm xgene_hwmon\n [ 334.772217] CPU: 7 PID: 2214 Comm: ping Not tainted 6.0.0-rc4-00133-g64ae13ed4784 #4\n [ 334.779950] Hardware name: GIGABYTE R272-P31-00/MP32-AR1-00, BIOS F18v (SCP: 1.08.20211002) 12/01/2021\n [ 334.789244] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n [ 334.796196] pc : bond_rr_gen_slave_id+0x40/0x124 [bonding]\n [ 334.801691] lr : bond_xmit_roundrobin_slave_get+0x38/0xdc [bonding]\n [ 334.807962] sp : ffff8000221733e0\n [ 334.811265] x29: ffff8000221733e0 x28: ffffdbac8572d198 x27: ffff80002217357c\n [ 334.818392] x26: 000000000000002a x25: ffffdbacb33ee000 x24: ffff07ff980fa000\n [ 334.825519] x23: ffffdbacb2e398ba x22: ffff07ff98102000 x21: ffff07ff981029c0\n [ 334.832646] x20: 0000000000000001 x19: ffff07ff981029c0 x18: 0000000000000014\n [ 334.839773] x17: 0000000000000000 x16: ffffdbacb1004364 x15: 0000aaaabe2f5a62\n [ 334.846899] x14: ffff07ff8e55d968 x13: ffff07ff8e55db30 x12: 0000000000000000\n [ 334.854026] x11: ffffdbacb21532e8 x10: 0000000000000001 x9 : ffffdbac857178ec\n [ 334.861153] x8 : ffff07ff9f6e5a28 x7 : 0000000000000000 x6 : 000000007c2b3742\n [ 334.868279] x5 : ffff2c91ac905000 x4 : ffff2c91ac905000 x3 : ffff07ff9f554400\n [ 334.875406] x2 : ffff2c91ac905000 x1 : 0000000000000001 x0 : ffff07ff981029c0\n [ 334.882532] Call trace:\n [ 334.884967] bond_rr_gen_slave_id+0x40/0x124 [bonding]\n [ 334.890109] bond_xmit_roundrobin_slave_get+0x38/0xdc [bonding]\n [ 334.896033] __bond_start_xmit+0x128/0x3a0 [bonding]\n [ 334.901001] bond_start_xmit+0x54/0xb0 [bonding]\n [ 334.905622] dev_hard_start_xmit+0xb4/0x220\n [ 334.909798] __dev_queue_xmit+0x1a0/0x720\n [ 334.913799] arp_xmit+0x3c/0xbc\n [ 334.916932] arp_send_dst+0x98/0xd0\n [ 334.920410] arp_solicit+0xe8/0x230\n [ 334.923888] neigh_probe+0x60/0xb0\n [ 334.927279] __neigh_event_send+0x3b0/0x470\n [ 334.931453] neigh_resolve_output+0x70/0x90\n [ 334.935626] ip_finish_output2+0x158/0x514\n [ 334.939714] __ip_finish_output+0xac/0x1a4\n [ 334.943800] ip_finish_output+0x40/0xfc\n [ 334.947626] ip_output+0xf8/0x1a4\n [ 334.950931] ip_send_skb+0x5c/0x100\n [ 334.954410] ip_push_pending_frames+0x3c/0x60\n [ 334.958758] raw_sendmsg+0x458/0x6d0\n [ 334.962325] inet_sendmsg+0x50/0x80\n [ 334.965805] sock_sendmsg+0x60/0x6c\n [ 334.969286] __sys_sendto+0xc8/0x134\n [ 334.972853] __arm64_sys_sendto+0x34/0x4c\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48640 was patched at 2024-05-15

8926. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48643) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix nft_counters_enabled underflow at nf_tables_addchain()\n\nsyzbot is reporting underflow of nft_counters_enabled counter at\nnf_tables_addchain() [1], for commit 43eb8949cfdffa76 ("netfilter:\nnf_tables: do not leave chain stats enabled on error") missed that\nnf_tables_chain_destroy() after nft_basechain_init() in the error path of\nnf_tables_addchain() decrements the counter because nft_basechain_init()\nmakes nft_is_base_chain() return true by setting NFT_CHAIN_BASE flag.\n\nIncrement the counter immediately after returning from\nnft_basechain_init().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48643 was patched at 2024-05-15

8927. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48645) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: deny offload of tc-based TSN features on VF interfaces\n\nTSN features on the ENETC (taprio, cbs, gate, police) are configured\nthrough a mix of command BD ring messages and port registers:\nenetc_port_rd(), enetc_port_wr().\n\nPort registers are a region of the ENETC memory map which are only\naccessible from the PCIe Physical Function. They are not accessible from\nthe Virtual Functions.\n\nMoreover, attempting to access these registers crashes the kernel:\n\n$ echo 1 > /sys/bus/pci/devices/0000\\:00\\:00.0/sriov_numvfs\npci 0000:00:01.0: [1957:ef00] type 00 class 0x020001\nfsl_enetc_vf 0000:00:01.0: Adding to iommu group 15\nfsl_enetc_vf 0000:00:01.0: enabling device (0000 -> 0002)\nfsl_enetc_vf 0000:00:01.0 eno0vf0: renamed from eth0\n$ tc qdisc replace dev eno0vf0 root taprio num_tc 8 map 0 1 2 3 4 5 6 7 \\\n\tqueues 1@0 1@1 1@2 1@3 1@4 1@5 1@6 1@7 base-time 0 \\\n\tsched-entry S 0x7f 900000 sched-entry S 0x80 100000 flags 0x2\nUnable to handle kernel paging request at virtual address ffff800009551a08\nInternal error: Oops: 96000007 [#1] PREEMPT SMP\npc : enetc_setup_tc_taprio+0x170/0x47c\nlr : enetc_setup_tc_taprio+0x16c/0x47c\nCall trace:\n enetc_setup_tc_taprio+0x170/0x47c\n enetc_setup_tc+0x38/0x2dc\n taprio_change+0x43c/0x970\n taprio_init+0x188/0x1e0\n qdisc_create+0x114/0x470\n tc_modify_qdisc+0x1fc/0x6c0\n rtnetlink_rcv_msg+0x12c/0x390\n\nSplit enetc_setup_tc() into separate functions for the PF and for the\nVF drivers. Also remove enetc_qos.o from being included into\nenetc-vf.ko, since it serves absolutely no purpose there.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48645 was patched at 2024-05-15

8928. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48646) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsfc/siena: fix null pointer dereference in efx_hard_start_xmit\n\nLike in previous patch for sfc, prevent potential (but unlikely) NULL\npointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48646 was patched at 2024-05-15

8929. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48647) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix TX channel offset when using legacy interrupts\n\nIn legacy interrupt mode the tx_channel_offset was hardcoded to 1, but\nthat's not correct if efx_sepparate_tx_channels is false. In that case,\nthe offset is 0 because the tx queues are in the single existing channel\nat index 0, together with the rx queue.\n\nWithout this fix, as soon as you try to send any traffic, it tries to\nget the tx queues from an uninitialized channel getting these errors:\n WARNING: CPU: 1 PID: 0 at drivers/net/ethernet/sfc/tx.c:540 efx_hard_start_xmit+0x12e/0x170 [sfc]\n [...]\n RIP: 0010:efx_hard_start_xmit+0x12e/0x170 [sfc]\n [...]\n Call Trace:\n <IRQ>\n dev_hard_start_xmit+0xd7/0x230\n sch_direct_xmit+0x9f/0x360\n __dev_queue_xmit+0x890/0xa40\n [...]\n BUG: unable to handle kernel NULL pointer dereference at 0000000000000020\n [...]\n RIP: 0010:efx_hard_start_xmit+0x153/0x170 [sfc]\n [...]\n Call Trace:\n <IRQ>\n dev_hard_start_xmit+0xd7/0x230\n sch_direct_xmit+0x9f/0x360\n __dev_queue_xmit+0x890/0xa40\n [...]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48647 was patched at 2024-05-15

8930. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48648) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: fix null pointer dereference in efx_hard_start_xmit\n\nTrying to get the channel from the tx_queue variable here is wrong\nbecause we can only be here if tx_queue is NULL, so we shouldn't\ndereference it. As the above comment in the code says, this is very\nunlikely to happen, but it's wrong anyway so let's fix it.\n\nI hit this issue because of a different bug that caused tx_queue to be\nNULL. If that happens, this is the error message that we get here:\n BUG: unable to handle kernel NULL pointer dereference at 0000000000000020\n [...]\n RIP: 0010:efx_hard_start_xmit+0x153/0x170 [sfc]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48648 was patched at 2024-05-15

8931. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48651) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: Fix out-of-bound bugs caused by unset skb->mac_header\n\nIf an AF_PACKET socket is used to send packets through ipvlan and the\ndefault xmit function of the AF_PACKET socket is changed from\ndev_queue_xmit() to packet_direct_xmit() via setsockopt() with the option\nname of PACKET_QDISC_BYPASS, the skb->mac_header may not be reset and\nremains as the initial value of 65535, this may trigger slab-out-of-bounds\nbugs as following:\n\n=================================================================\nUG: KASAN: slab-out-of-bounds in ipvlan_xmit_mode_l2+0xdb/0x330 [ipvlan]\nPU: 2 PID: 1768 Comm: raw_send Kdump: loaded Not tainted 6.0.0-rc4+ #6\nardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-1.fc33\nall Trace:\nprint_address_description.constprop.0+0x1d/0x160\nprint_report.cold+0x4f/0x112\nkasan_report+0xa3/0x130\nipvlan_xmit_mode_l2+0xdb/0x330 [ipvlan]\nipvlan_start_xmit+0x29/0xa0 [ipvlan]\n__dev_direct_xmit+0x2e2/0x380\npacket_direct_xmit+0x22/0x60\npacket_snd+0x7c9/0xc40\nsock_sendmsg+0x9a/0xa0\n__sys_sendto+0x18a/0x230\n__x64_sys_sendto+0x74/0x90\ndo_syscall_64+0x3b/0x90\nentry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nThe root cause is:\n 1. packet_snd() only reset skb->mac_header when sock->type is SOCK_RAW\n and skb->protocol is not specified as in packet_parse_headers()\n\n 2. packet_direct_xmit() doesn't reset skb->mac_header as dev_queue_xmit()\n\nIn this case, skb->mac_header is 65535 when ipvlan_xmit_mode_l2() is\ncalled. So when ipvlan_xmit_mode_l2() gets mac header with eth_hdr() which\nuse "skb->head + skb->mac_header", out-of-bound access occurs.\n\nThis patch replaces eth_hdr() with skb_eth_hdr() in ipvlan_xmit_mode_l2()\nand reset mac header in multicast to solve this out-of-bound bug.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48651 was patched at 2024-05-15

8932. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48652) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix crash by keep old cfg when update TCs more than queues\n\nThere are problems if allocated queues less than Traffic Classes.\n\nCommit a632b2a4c920 ("ice: ethtool: Prohibit improper channel config\nfor DCB") already disallow setting less queues than TCs.\n\nAnother case is if we first set less queues, and later update more TCs\nconfig due to LLDP, ice_vsi_cfg_tc() will failed but left dirty\nnum_txq/rxq and tc_cfg in vsi, that will cause invalid pointer access.\n\n[ 95.968089] ice 0000:3b:00.1: More TCs defined than queues/rings allocated.\n[ 95.968092] ice 0000:3b:00.1: Trying to use more Rx queues (8), than were allocated (1)!\n[ 95.968093] ice 0000:3b:00.1: Failed to config TC for VSI index: 0\n[ 95.969621] general protection fault: 0000 [#1] SMP NOPTI\n[ 95.969705] CPU: 1 PID: 58405 Comm: lldpad Kdump: loaded Tainted: G U W O --------- -t - 4.18.0 #1\n[ 95.969867] Hardware name: O.E.M/BC11SPSCB10, BIOS 8.23 12/30/2021\n[ 95.969992] RIP: 0010:devm_kmalloc+0xa/0x60\n[ 95.970052] Code: 5c ff ff ff 31 c0 5b 5d 41 5c c3 b8 f4 ff ff ff eb f4 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 89 d1 <8b> 97 60 02 00 00 48 8d 7e 18 48 39 f7 72 3f 55 89 ce 53 48 8b 4c\n[ 95.970344] RSP: 0018:ffffc9003f553888 EFLAGS: 00010206\n[ 95.970425] RAX: dead000000000200 RBX: ffffea003c425b00 RCX: 00000000006080c0\n[ 95.970536] RDX: 00000000006080c0 RSI: 0000000000000200 RDI: dead000000000200\n[ 95.970648] RBP: dead000000000200 R08: 00000000000463c0 R09: ffff888ffa900000\n[ 95.970760] R10: 0000000000000000 R11: 0000000000000002 R12: ffff888ff6b40100\n[ 95.970870] R13: ffff888ff6a55018 R14: 0000000000000000 R15: ffff888ff6a55460\n[ 95.970981] FS: 00007f51b7d24700(0000) GS:ffff88903ee80000(0000) knlGS:0000000000000000\n[ 95.971108] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 95.971197] CR2: 00007fac5410d710 CR3: 0000000f2c1de002 CR4: 00000000007606e0\n[ 95.971309] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 95.971419] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 95.971530] PKRU: 55555554\n[ 95.971573] Call Trace:\n[ 95.971622] ice_setup_rx_ring+0x39/0x110 [ice]\n[ 95.971695] ice_vsi_setup_rx_rings+0x54/0x90 [ice]\n[ 95.971774] ice_vsi_open+0x25/0x120 [ice]\n[ 95.971843] ice_open_internal+0xb8/0x1f0 [ice]\n[ 95.971919] ice_ena_vsi+0x4f/0xd0 [ice]\n[ 95.971987] ice_dcb_ena_dis_vsi.constprop.5+0x29/0x90 [ice]\n[ 95.972082] ice_pf_dcb_cfg+0x29a/0x380 [ice]\n[ 95.972154] ice_dcbnl_setets+0x174/0x1b0 [ice]\n[ 95.972220] dcbnl_ieee_set+0x89/0x230\n[ 95.972279] ? dcbnl_ieee_del+0x150/0x150\n[ 95.972341] dcb_doit+0x124/0x1b0\n[ 95.972392] rtnetlink_rcv_msg+0x243/0x2f0\n[ 95.972457] ? dcb_doit+0x14d/0x1b0\n[ 95.972510] ? __kmalloc_node_track_caller+0x1d3/0x280\n[ 95.972591] ? rtnl_calcit.isra.31+0x100/0x100\n[ 95.972661] netlink_rcv_skb+0xcf/0xf0\n[ 95.972720] netlink_unicast+0x16d/0x220\n[ 95.972781] netlink_sendmsg+0x2ba/0x3a0\n[ 95.975891] sock_sendmsg+0x4c/0x50\n[ 95.979032] ___sys_sendmsg+0x2e4/0x300\n[ 95.982147] ? kmem_cache_alloc+0x13e/0x190\n[ 95.985242] ? __wake_up_common_lock+0x79/0x90\n[ 95.988338] ? __check_object_size+0xac/0x1b0\n[ 95.991440] ? _copy_to_user+0x22/0x30\n[ 95.994539] ? move_addr_to_user+0xbb/0xd0\n[ 95.997619] ? __sys_sendmsg+0x53/0x80\n[ 96.000664] __sys_sendmsg+0x53/0x80\n[ 96.003747] do_syscall_64+0x5b/0x1d0\n[ 96.006862] entry_SYSCALL_64_after_hwframe+0x65/0xca\n\nOnly update num_txq/rxq when passed check, and restore tc_cfg if setup\nqueue map failed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48652 was patched at 2024-05-15

8933. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48653) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Don't double unplug aux on peer initiated reset\n\nIn the IDC callback that is accessed when the aux drivers request a reset,\nthe function to unplug the aux devices is called. This function is also\ncalled in the ice_prepare_for_reset function. This double call is causing\na "scheduling while atomic" BUG.\n\n[ 662.676430] ice 0000:4c:00.0 rocep76s0: cqp opcode = 0x1 maj_err_code = 0xffff min_err_code = 0x8003\n\n[ 662.676609] ice 0000:4c:00.0 rocep76s0: [Modify QP Cmd Error][op_code=8] status=-29 waiting=1 completion_err=1 maj=0xffff min=0x8003\n\n[ 662.815006] ice 0000:4c:00.0 rocep76s0: ICE OICR event notification: oicr = 0x10000003\n\n[ 662.815014] ice 0000:4c:00.0 rocep76s0: critical PE Error, GLPE_CRITERR=0x00011424\n\n[ 662.815017] ice 0000:4c:00.0 rocep76s0: Requesting a reset\n\n[ 662.815475] BUG: scheduling while atomic: swapper/37/0/0x00010002\n\n[ 662.815475] BUG: scheduling while atomic: swapper/37/0/0x00010002\n[ 662.815477] Modules linked in: rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs rfkill 8021q garp mrp stp llc vfat fat rpcrdma intel_rapl_msr intel_rapl_common sunrpc i10nm_edac rdma_ucm nfit ib_srpt libnvdimm ib_isert iscsi_target_mod x86_pkg_temp_thermal intel_powerclamp coretemp target_core_mod snd_hda_intel ib_iser snd_intel_dspcfg libiscsi snd_intel_sdw_acpi scsi_transport_iscsi kvm_intel iTCO_wdt rdma_cm snd_hda_codec kvm iw_cm ipmi_ssif iTCO_vendor_support snd_hda_core irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel snd_hwdep snd_seq snd_seq_device rapl snd_pcm snd_timer isst_if_mbox_pci pcspkr isst_if_mmio irdma intel_uncore idxd acpi_ipmi joydev isst_if_common snd mei_me idxd_bus ipmi_si soundcore i2c_i801 mei ipmi_devintf i2c_smbus i2c_ismt ipmi_msghandler acpi_power_meter acpi_pad rv(OE) ib_uverbs ib_cm ib_core xfs libcrc32c ast i2c_algo_bit drm_vram_helper drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm_ttm_helpe\n r ttm\n[ 662.815546] nvme nvme_core ice drm crc32c_intel i40e t10_pi wmi pinctrl_emmitsburg dm_mirror dm_region_hash dm_log dm_mod fuse\n[ 662.815557] Preemption disabled at:\n[ 662.815558] [<0000000000000000>] 0x0\n[ 662.815563] CPU: 37 PID: 0 Comm: swapper/37 Kdump: loaded Tainted: G S OE 5.17.1 #2\n[ 662.815566] Hardware name: Intel Corporation D50DNP/D50DNP, BIOS SE5C6301.86B.6624.D18.2111021741 11/02/2021\n[ 662.815568] Call Trace:\n[ 662.815572] <IRQ>\n[ 662.815574] dump_stack_lvl+0x33/0x42\n[ 662.815581] __schedule_bug.cold.147+0x7d/0x8a\n[ 662.815588] __schedule+0x798/0x990\n[ 662.815595] schedule+0x44/0xc0\n[ 662.815597] schedule_preempt_disabled+0x14/0x20\n[ 662.815600] __mutex_lock.isra.11+0x46c/0x490\n[ 662.815603] ? __ibdev_printk+0x76/0xc0 [ib_core]\n[ 662.815633] device_del+0x37/0x3d0\n[ 662.815639] ice_unplug_aux_dev+0x1a/0x40 [ice]\n[ 662.815674] ice_schedule_reset+0x3c/0xd0 [ice]\n[ 662.815693] irdma_iidc_event_handler.cold.7+0xb6/0xd3 [irdma]\n[ 662.815712] ? bitmap_find_next_zero_area_off+0x45/0xa0\n[ 662.815719] ice_send_event_to_aux+0x54/0x70 [ice]\n[ 662.815741] ice_misc_intr+0x21d/0x2d0 [ice]\n[ 662.815756] __handle_irq_event_percpu+0x4c/0x180\n[ 662.815762] handle_irq_event_percpu+0xf/0x40\n[ 662.815764] handle_irq_event+0x34/0x60\n[ 662.815766] handle_edge_irq+0x9a/0x1c0\n[ 662.815770] __common_interrupt+0x62/0x100\n[ 662.815774] common_interrupt+0xb4/0xd0\n[ 662.815779] </IRQ>\n[ 662.815780] <TASK>\n[ 662.815780] asm_common_interrupt+0x1e/0x40\n[ 662.815785] RIP: 0010:cpuidle_enter_state+0xd6/0x380\n[ 662.815789] Code: 49 89 c4 0f 1f 44 00 00 31 ff e8 65 d7 95 ff 45 84 ff 74 12 9c 58 f6 c4 02 0f 85 64 02 00 00 31 ff e8 ae c5 9c ff fb 45 85 f6 <0f> 88 12 01 00 00 49 63 d6 4c 2b 24 24 48 8d 04 52 48 8d 04 82 49\n[ 662.815791] RSP: 0018:ff2c2c4f18edbe80 EFLAGS: 00000202\n[ 662.815793] RAX: ff280805df140000 RBX: 0000000000000002 RCX: 000000000000001f\n[ 662.815795] RDX: 0000009a52da2d08 R\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48653 was patched at 2024-05-15

8934. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48663) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: mockup: fix NULL pointer dereference when removing debugfs\n\nWe now remove the device's debugfs entries when unbinding the driver.\nThis now causes a NULL-pointer dereference on module exit because the\nplatform devices are unregistered *after* the global debugfs directory\nhas been recursively removed. Fix it by unregistering the devices first.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48663 was patched at 2024-05-15

8935. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48664) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix hang during unmount when stopping a space reclaim worker\n\nOften when running generic/562 from fstests we can hang during unmount,\nresulting in a trace like this:\n\n Sep 07 11:52:00 debian9 unknown: run fstests generic/562 at 2022-09-07 11:52:00\n Sep 07 11:55:32 debian9 kernel: INFO: task umount:49438 blocked for more than 120 seconds.\n Sep 07 11:55:32 debian9 kernel: Not tainted 6.0.0-rc2-btrfs-next-122 #1\n Sep 07 11:55:32 debian9 kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.\n Sep 07 11:55:32 debian9 kernel: task:umount state:D stack: 0 pid:49438 ppid: 25683 flags:0x00004000\n Sep 07 11:55:32 debian9 kernel: Call Trace:\n Sep 07 11:55:32 debian9 kernel: <TASK>\n Sep 07 11:55:32 debian9 kernel: __schedule+0x3c8/0xec0\n Sep 07 11:55:32 debian9 kernel: ? rcu_read_lock_sched_held+0x12/0x70\n Sep 07 11:55:32 debian9 kernel: schedule+0x5d/0xf0\n Sep 07 11:55:32 debian9 kernel: schedule_timeout+0xf1/0x130\n Sep 07 11:55:32 debian9 kernel: ? lock_release+0x224/0x4a0\n Sep 07 11:55:32 debian9 kernel: ? lock_acquired+0x1a0/0x420\n Sep 07 11:55:32 debian9 kernel: ? trace_hardirqs_on+0x2c/0xd0\n Sep 07 11:55:32 debian9 kernel: __wait_for_common+0xac/0x200\n Sep 07 11:55:32 debian9 kernel: ? usleep_range_state+0xb0/0xb0\n Sep 07 11:55:32 debian9 kernel: __flush_work+0x26d/0x530\n Sep 07 11:55:32 debian9 kernel: ? flush_workqueue_prep_pwqs+0x140/0x140\n Sep 07 11:55:32 debian9 kernel: ? trace_clock_local+0xc/0x30\n Sep 07 11:55:32 debian9 kernel: __cancel_work_timer+0x11f/0x1b0\n Sep 07 11:55:32 debian9 kernel: ? close_ctree+0x12b/0x5b3 [btrfs]\n Sep 07 11:55:32 debian9 kernel: ? __trace_bputs+0x10b/0x170\n Sep 07 11:55:32 debian9 kernel: close_ctree+0x152/0x5b3 [btrfs]\n Sep 07 11:55:32 debian9 kernel: ? evict_inodes+0x166/0x1c0\n Sep 07 11:55:32 debian9 kernel: generic_shutdown_super+0x71/0x120\n Sep 07 11:55:32 debian9 kernel: kill_anon_super+0x14/0x30\n Sep 07 11:55:32 debian9 kernel: btrfs_kill_super+0x12/0x20 [btrfs]\n Sep 07 11:55:32 debian9 kernel: deactivate_locked_super+0x2e/0xa0\n Sep 07 11:55:32 debian9 kernel: cleanup_mnt+0x100/0x160\n Sep 07 11:55:32 debian9 kernel: task_work_run+0x59/0xa0\n Sep 07 11:55:32 debian9 kernel: exit_to_user_mode_prepare+0x1a6/0x1b0\n Sep 07 11:55:32 debian9 kernel: syscall_exit_to_user_mode+0x16/0x40\n Sep 07 11:55:32 debian9 kernel: do_syscall_64+0x48/0x90\n Sep 07 11:55:32 debian9 kernel: entry_SYSCALL_64_after_hwframe+0x63/0xcd\n Sep 07 11:55:32 debian9 kernel: RIP: 0033:0x7fcde59a57a7\n Sep 07 11:55:32 debian9 kernel: RSP: 002b:00007ffe914217c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6\n Sep 07 11:55:32 debian9 kernel: RAX: 0000000000000000 RBX: 00007fcde5ae8264 RCX: 00007fcde59a57a7\n Sep 07 11:55:32 debian9 kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055b57556cdd0\n Sep 07 11:55:32 debian9 kernel: RBP: 000055b57556cba0 R08: 0000000000000000 R09: 00007ffe91420570\n Sep 07 11:55:32 debian9 kernel: R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n Sep 07 11:55:32 debian9 kernel: R13: 000055b57556cdd0 R14: 000055b57556ccb8 R15: 0000000000000000\n Sep 07 11:55:32 debian9 kernel: </TASK>\n\nWhat happens is the following:\n\n1) The cleaner kthread tries to start a transaction to delete an unused\n block group, but the metadata reservation can not be satisfied right\n away, so a reservation ticket is created and it starts the async\n metadata reclaim task (fs_info->async_reclaim_work);\n\n2) Writeback for all the filler inodes with an i_size of 2K starts\n (generic/562 creates a lot of 2K files with the goal of filling\n metadata space). We try to create an inline extent for them, but we\n fail when trying to insert the inline extent with -ENOSPC (at\n cow_file_range_inline()) - since this is not critical, we fallback\n to non-inline mode (back to cow_file_range()), reserve extents\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48664 was patched at 2024-05-15

8936. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48665) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix overflow for large capacity partition\n\nUsing int type for sector index, there will be overflow in a large\ncapacity partition.\n\nFor example, if storage with sector size of 512 bytes and partition\ncapacity is larger than 2TB, there will be overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48665 was patched at 2024-05-15

8937. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48667) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: fix temporary data corruption in insert range\n\ninsert range doesn't discard the affected cached region\nso can risk temporarily corrupting file data.\n\nAlso includes some minor cleanup (avoiding rereading\ninode size repeatedly unnecessarily) to make it clearer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48667 was patched at 2024-05-15

8938. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48668) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb3: fix temporary data corruption in collapse range\n\ncollapse range doesn't discard the affected cached region\nso can risk temporarily corrupting the file data. This\nfixes xfstest generic/031\n\nI also decided to merge a minor cleanup to this into the same patch\n(avoiding rereading inode size repeatedly unnecessarily) to make it\nclearer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48668 was patched at 2024-05-15

8939. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48669) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Fix potential memleak in papr_get_attr()\n\n`buf` is allocated in papr_get_attr(), and krealloc() of `buf`\ncould fail. We need to free the original `buf` in the case of failure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2022-48669 was patched at 2024-06-05

debian: CVE-2022-48669 was patched at 2024-05-15

oraclelinux: CVE-2022-48669 was patched at 2024-06-05

redhat: CVE-2022-48669 was patched at 2024-06-05

ubuntu: CVE-2022-48669 was patched at 2024-06-07, 2024-06-11, 2024-06-14

8940. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48690) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nice: Fix DMA mappings leak\n\nFix leak, when user changes ring parameters.\nDuring reallocation of RX buffers, new DMA mappings are created for\nthose buffers. New buffers with different RX ring count should\nsubstitute older ones, but those buffers were freed in ice_vsi_cfg_rxq\nand reallocated again with ice_alloc_rx_buf. kfree on rx_buf caused\nleak of already mapped DMA.\nReallocate ZC with xdp_buf struct, when BPF program loads. Reallocate\nback to rx_buf, when BPF program unloads.\nIf BPF program is loaded/unloaded and XSK pools are created, reallocate\nRX queues accordingly in XDP_SETUP_XSK_POOL handler.\n\nSteps for reproduction:\nwhile :\ndo\n\tfor ((i=0; i<=8160; i=i+32))\n\tdo\n\t\tethtool -G enp130s0f0 rx $i tx $i\n\t\tsleep 0.5\n\t\tethtool -g enp130s0f0\n\tdone\ndone', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48690 was patched at 2024-05-15

8941. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48696) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: spi: Reserve space for register address/padding\n\nCurrently the max_raw_read and max_raw_write limits in regmap_spi struct\ndo not take into account the additional size of the transmitted register\naddress and padding. This may result in exceeding the maximum permitted\nSPI message size, which could cause undefined behaviour, e.g. data\ncorruption.\n\nFix regmap_get_spi_bus() to properly adjust the above mentioned limits\nby reserving space for the register address/padding as set in the regmap\nconfiguration.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48696 was patched at 2024-05-15

8942. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48699) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsched/debug: fix dentry leak in update_sched_domain_debugfs\n\nKuyo reports that the pattern of using debugfs_remove(debugfs_lookup())\nleaks a dentry and with a hotplug stress test, the machine eventually\nruns out of memory.\n\nFix this up by using the newly created debugfs_lookup_and_remove() call\ninstead which properly handles the dentry reference counting logic.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48699 was patched at 2024-05-15

8943. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48700) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/type1: Unpin zero pages\n\nThere's currently a reference count leak on the zero page. We increment\nthe reference via pin_user_pages_remote(), but the page is later handled\nas an invalid/reserved page, therefore it's not accounted against the\nuser and not unpinned by our put_pfn().\n\nIntroducing special zero page handling in put_pfn() would resolve the\nleak, but without accounting of the zero page, a single user could\nstill create enough mappings to generate a reference count overflow.\n\nThe zero page is always resident, so for our purposes there's no reason\nto keep it pinned. Therefore, add a loop to walk pages returned from\npin_user_pages_remote() and unpin any zero pages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48700 was patched at 2024-05-15

8944. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48702) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()\n\nThe voice allocator sometimes begins allocating from near the end of the\narray and then wraps around, however snd_emu10k1_pcm_channel_alloc()\naccesses the newly allocated voices as if it never wrapped around.\n\nThis results in out of bounds access if the first voice has a high enough\nindex so that first_voice + requested_voice_count > NUM_G (64).\nThe more voices are requested, the more likely it is for this to occur.\n\nThis was initially discovered using PipeWire, however it can be reproduced\nby calling aplay multiple times with 16 channels:\naplay -r 48000 -D plughw:CARD=Live,DEV=3 -c 16 /dev/zero\n\nUBSAN: array-index-out-of-bounds in sound/pci/emu10k1/emupcm.c:127:40\nindex 65 is out of range for type 'snd_emu10k1_voice [64]'\nCPU: 1 PID: 31977 Comm: aplay Tainted: G W IOE 6.0.0-rc2-emu10k1+ #7\nHardware name: ASUSTEK COMPUTER INC P5W DH Deluxe/P5W DH Deluxe, BIOS 3002 07/22/2010\nCall Trace:\n<TASK>\ndump_stack_lvl+0x49/0x63\ndump_stack+0x10/0x16\nubsan_epilogue+0x9/0x3f\n__ubsan_handle_out_of_bounds.cold+0x44/0x49\nsnd_emu10k1_playback_hw_params+0x3bc/0x420 [snd_emu10k1]\nsnd_pcm_hw_params+0x29f/0x600 [snd_pcm]\nsnd_pcm_common_ioctl+0x188/0x1410 [snd_pcm]\n? exit_to_user_mode_prepare+0x35/0x170\n? do_syscall_64+0x69/0x90\n? syscall_exit_to_user_mode+0x26/0x50\n? do_syscall_64+0x69/0x90\n? exit_to_user_mode_prepare+0x35/0x170\nsnd_pcm_ioctl+0x27/0x40 [snd_pcm]\n__x64_sys_ioctl+0x95/0xd0\ndo_syscall_64+0x5c/0x90\n? do_syscall_64+0x69/0x90\n? do_syscall_64+0x69/0x90\nentry_SYSCALL_64_after_hwframe+0x63/0xcd', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48702 was patched at 2024-05-15

8945. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48703) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR\n\nIn some case, the GDDV returns a package with a buffer which has\nzero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10).\n\nThen the data_vault_read() got NULL point dereference problem when\naccessing the 0x10 value in data_vault.\n\n[ 71.024560] BUG: kernel NULL pointer dereference, address:\n0000000000000010\n\nThis patch uses ZERO_OR_NULL_PTR() for checking ZERO_SIZE_PTR or\nNULL value in data_vault.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48703 was patched at 2024-05-15

8946. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48704) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: add a force flush to delay work when radeon\n\nAlthough radeon card fence and wait for gpu to finish processing current batch rings,\nthere is still a corner case that radeon lockup work queue may not be fully flushed,\nand meanwhile the radeon_suspend_kms() function has called pci_set_power_state() to\nput device in D3hot state.\nPer PCI spec rev 4.0 on 5.3.1.4.1 D3hot State.\n> Configuration and Message requests are the only TLPs accepted by a Function in\n> the D3hot state. All other received Requests must be handled as Unsupported Requests,\n> and all received Completions may optionally be handled as Unexpected Completions.\nThis issue will happen in following logs:\nUnable to handle kernel paging request at virtual address 00008800e0008010\nCPU 0 kworker/0:3(131): Oops 0\npc = [<ffffffff811bea5c>] ra = [<ffffffff81240844>] ps = 0000 Tainted: G W\npc is at si_gpu_check_soft_reset+0x3c/0x240\nra is at si_dma_is_lockup+0x34/0xd0\nv0 = 0000000000000000 t0 = fff08800e0008010 t1 = 0000000000010000\nt2 = 0000000000008010 t3 = fff00007e3c00000 t4 = fff00007e3c00258\nt5 = 000000000000ffff t6 = 0000000000000001 t7 = fff00007ef078000\ns0 = fff00007e3c016e8 s1 = fff00007e3c00000 s2 = fff00007e3c00018\ns3 = fff00007e3c00000 s4 = fff00007fff59d80 s5 = 0000000000000000\ns6 = fff00007ef07bd98\na0 = fff00007e3c00000 a1 = fff00007e3c016e8 a2 = 0000000000000008\na3 = 0000000000000001 a4 = 8f5c28f5c28f5c29 a5 = ffffffff810f4338\nt8 = 0000000000000275 t9 = ffffffff809b66f8 t10 = ff6769c5d964b800\nt11= 000000000000b886 pv = ffffffff811bea20 at = 0000000000000000\ngp = ffffffff81d89690 sp = 00000000aa814126\nDisabling lock debugging due to kernel taint\nTrace:\n[<ffffffff81240844>] si_dma_is_lockup+0x34/0xd0\n[<ffffffff81119610>] radeon_fence_check_lockup+0xd0/0x290\n[<ffffffff80977010>] process_one_work+0x280/0x550\n[<ffffffff80977350>] worker_thread+0x70/0x7c0\n[<ffffffff80977410>] worker_thread+0x130/0x7c0\n[<ffffffff80982040>] kthread+0x200/0x210\n[<ffffffff809772e0>] worker_thread+0x0/0x7c0\n[<ffffffff80981f8c>] kthread+0x14c/0x210\n[<ffffffff80911658>] ret_from_kernel_thread+0x18/0x20\n[<ffffffff80981e40>] kthread+0x0/0x210\n Code: ad3e0008 43f0074a ad7e0018 ad9e0020 8c3001e8 40230101\n <88210000> 4821ed21\nSo force lockup work queue flush to fix this problem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48704 was patched at 2024-05-15

8947. Unknown Vulnerability Type - Linux Kernel (CVE-2022-48705) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7921e: fix crash in chip reset fail\n\nIn case of drv own fail in reset, we may need to run mac_reset several\ntimes. The sequence would trigger system crash as the log below.\n\nBecause we do not re-enable/schedule "tx_napi" before disable it again,\nthe process would keep waiting for state change in napi_diable(). To\navoid the problem and keep status synchronize for each run, goto final\nresource handling if drv own failed.\n\n[ 5857.353423] mt7921e 0000:3b:00.0: driver own failed\n[ 5858.433427] mt7921e 0000:3b:00.0: Timeout for driver own\n[ 5859.633430] mt7921e 0000:3b:00.0: driver own failed\n[ 5859.633444] ------------[ cut here ]------------\n[ 5859.633446] WARNING: CPU: 6 at kernel/kthread.c:659 kthread_park+0x11d\n[ 5859.633717] Workqueue: mt76 mt7921_mac_reset_work [mt7921_common]\n[ 5859.633728] RIP: 0010:kthread_park+0x11d/0x150\n[ 5859.633736] RSP: 0018:ffff8881b676fc68 EFLAGS: 00010202\n......\n[ 5859.633766] Call Trace:\n[ 5859.633768] <TASK>\n[ 5859.633771] mt7921e_mac_reset+0x176/0x6f0 [mt7921e]\n[ 5859.633778] mt7921_mac_reset_work+0x184/0x3a0 [mt7921_common]\n[ 5859.633785] ? mt7921_mac_set_timing+0x520/0x520 [mt7921_common]\n[ 5859.633794] ? __kasan_check_read+0x11/0x20\n[ 5859.633802] process_one_work+0x7ee/0x1320\n[ 5859.633810] worker_thread+0x53c/0x1240\n[ 5859.633818] kthread+0x2b8/0x370\n[ 5859.633824] ? process_one_work+0x1320/0x1320\n[ 5859.633828] ? kthread_complete_and_exit+0x30/0x30\n[ 5859.633834] ret_from_fork+0x1f/0x30\n[ 5859.633842] </TASK>', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48705 was patched at 2024-05-15

8948. Unknown Vulnerability Type - Linux Kernel (CVE-2023-49100) - Low [150]

Description: {'vulners_cve_data_all': 'Trusted Firmware-A (TF-A) before 2.10 has a potential read out-of-bounds in the SDEI service. The input parameter passed in register x1 is not validated well enough in the function sdei_interrupt_bind. The parameter is passed to a call to plat_ic_get_interrupt_type. It can be any arbitrary value passing checks in the function plat_ic_is_sgi. A compromised Normal World (Linux kernel) can enable a root-privileged attacker to issue arbitrary SMC calls. Using this primitive, he can control the content of registers x0 through x6, which are used to send parameters to TF-A. Out-of-bounds addresses can be read in the context of TF-A (EL3). Because the read value is never returned to non-secure memory or in registers, no leak is possible. An attacker can still crash TF-A, however.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49100 was patched at 2024-05-15

8949. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52476) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/lbr: Filter vsyscall addresses\n\nWe found that a panic can occur when a vsyscall is made while LBR sampling\nis active. If the vsyscall is interrupted (NMI) for perf sampling, this\ncall sequence can occur (most recent at top):\n\n __insn_get_emulate_prefix()\n insn_get_emulate_prefix()\n insn_get_prefixes()\n insn_get_opcode()\n decode_branch_type()\n get_branch_type()\n intel_pmu_lbr_filter()\n intel_pmu_handle_irq()\n perf_event_nmi_handler()\n\nWithin __insn_get_emulate_prefix() at frame 0, a macro is called:\n\n peek_nbyte_next(insn_byte_t, insn, i)\n\nWithin this macro, this dereference occurs:\n\n (insn)->next_byte\n\nInspecting registers at this point, the value of the next_byte field is the\naddress of the vsyscall made, for example the location of the vsyscall\nversion of gettimeofday() at 0xffffffffff600000. The access to an address\nin the vsyscall region will trigger an oops due to an unhandled page fault.\n\nTo fix the bug, filtering for vsyscalls can be done when\ndetermining the branch type. This patch will return\na "none" branch if a kernel address if found to lie in the\nvsyscall region.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52476 was patched at 2024-05-15

oraclelinux: CVE-2023-52476 was patched at 2024-05-02

8950. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52477) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: hub: Guard against accesses to uninitialized BOS descriptors\n\nMany functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h\naccess fields inside udev->bos without checking if it was allocated and\ninitialized. If usb_get_bos_descriptor() fails for whatever\nreason, udev->bos will be NULL and those accesses will result in a\ncrash:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000018\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 5 PID: 17818 Comm: kworker/5:1 Tainted: G W 5.15.108-18910-gab0e1cb584e1 #1 <HASH:1f9e 1>\nHardware name: Google Kindred/Kindred, BIOS Google_Kindred.12672.413.0 02/03/2021\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:hub_port_reset+0x193/0x788\nCode: 89 f7 e8 20 f7 15 00 48 8b 43 08 80 b8 96 03 00 00 03 75 36 0f b7 88 92 03 00 00 81 f9 10 03 00 00 72 27 48 8b 80 a8 03 00 00 <48> 83 78 18 00 74 19 48 89 df 48 8b 75 b0 ba 02 00 00 00 4c 89 e9\nRSP: 0018:ffffab740c53fcf8 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffffa1bc5f678000 RCX: 0000000000000310\nRDX: fffffffffffffdff RSI: 0000000000000286 RDI: ffffa1be9655b840\nRBP: ffffab740c53fd70 R08: 00001b7d5edaa20c R09: ffffffffb005e060\nR10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000\nR13: ffffab740c53fd3e R14: 0000000000000032 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffffa1be96540000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000018 CR3: 000000022e80c005 CR4: 00000000003706e0\nCall Trace:\nhub_event+0x73f/0x156e\n? hub_activate+0x5b7/0x68f\nprocess_one_work+0x1a2/0x487\nworker_thread+0x11a/0x288\nkthread+0x13a/0x152\n? process_one_work+0x487/0x487\n? kthread_associate_blkcg+0x70/0x70\nret_from_fork+0x1f/0x30\n\nFall back to a default behavior if the BOS descriptor isn't accessible\nand skip all the functionalities that depend on it: LPM support checks,\nSuper Speed capabilitiy checks, U1/U2 states setup.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-52477 was patched at 2024-06-05

debian: CVE-2023-52477 was patched at 2024-05-15

oraclelinux: CVE-2023-52477 was patched at 2024-06-05

redhat: CVE-2023-52477 was patched at 2024-06-05

8951. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52478) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nHID: logitech-hidpp: Fix kernel crash on receiver USB disconnect\n\nhidpp_connect_event() has *four* time-of-check vs time-of-use (TOCTOU)\nraces when it races with itself.\n\nhidpp_connect_event() primarily runs from a workqueue but it also runs\non probe() and if a "device-connected" packet is received by the hw\nwhen the thread running hidpp_connect_event() from probe() is waiting on\nthe hw, then a second thread running hidpp_connect_event() will be\nstarted from the workqueue.\n\nThis opens the following races (note the below code is simplified):\n\n1. Retrieving + printing the protocol (harmless race):\n\n\tif (!hidpp->protocol_major) {\n\t\thidpp_root_get_protocol_version()\n\t\thidpp->protocol_major = response.rap.params[0];\n\t}\n\nWe can actually see this race hit in the dmesg in the abrt output\nattached to rhbz#2227968:\n\n[ 3064.624215] logitech-hidpp-device 0003:046D:4071.0049: HID++ 4.5 device connected.\n[ 3064.658184] logitech-hidpp-device 0003:046D:4071.0049: HID++ 4.5 device connected.\n\nTesting with extra logging added has shown that after this the 2 threads\ntake turn grabbing the hw access mutex (send_mutex) so they ping-pong\nthrough all the other TOCTOU cases managing to hit all of them:\n\n2. Updating the name to the HIDPP name (harmless race):\n\n\tif (hidpp->name == hdev->name) {\n\t\t...\n\t\thidpp->name = new_name;\n\t}\n\n3. Initializing the power_supply class for the battery (problematic!):\n\nhidpp_initialize_battery()\n{\n if (hidpp->battery.ps)\n return 0;\n\n\tprobe_battery(); /* Blocks, threads take turns executing this */\n\n\thidpp->battery.desc.properties =\n\t\tdevm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL);\n\n\thidpp->battery.ps =\n\t\tdevm_power_supply_register(&hidpp->hid_dev->dev,\n\t\t\t\t\t &hidpp->battery.desc, cfg);\n}\n\n4. Creating delayed input_device (potentially problematic):\n\n\tif (hidpp->delayed_input)\n\t\treturn;\n\n\thidpp->delayed_input = hidpp_allocate_input(hdev);\n\nThe really big problem here is 3. Hitting the race leads to the following\nsequence:\n\n\thidpp->battery.desc.properties =\n\t\tdevm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL);\n\n\thidpp->battery.ps =\n\t\tdevm_power_supply_register(&hidpp->hid_dev->dev,\n\t\t\t\t\t &hidpp->battery.desc, cfg);\n\n\t...\n\n\thidpp->battery.desc.properties =\n\t\tdevm_kmemdup(dev, hidpp_battery_props, cnt, GFP_KERNEL);\n\n\thidpp->battery.ps =\n\t\tdevm_power_supply_register(&hidpp->hid_dev->dev,\n\t\t\t\t\t &hidpp->battery.desc, cfg);\n\nSo now we have registered 2 power supplies for the same battery,\nwhich looks a bit weird from userspace's pov but this is not even\nthe really big problem.\n\nNotice how:\n\n1. This is all devm-maganaged\n2. The hidpp->battery.desc struct is shared between the 2 power supplies\n3. hidpp->battery.desc.properties points to the result from the second\n devm_kmemdup()\n\nThis causes a use after free scenario on USB disconnect of the receiver:\n1. The last registered power supply class device gets unregistered\n2. The memory from the last devm_kmemdup() call gets freed,\n hidpp->battery.desc.properties now points to freed memory\n3. The first registered power supply class device gets unregistered,\n this involves sending a remove uevent to userspace which invokes\n power_supply_uevent() to fill the uevent data\n4. power_supply_uevent() uses hidpp->battery.desc.properties which\n now points to freed memory leading to backtraces like this one:\n\nSep 22 20:01:35 eric kernel: BUG: unable to handle page fault for address: ffffb2140e017f08\n...\nSep 22 20:01:35 eric kernel: Workqueue: usb_hub_wq hub_event\nSep 22 20:01:35 eric kernel: RIP: 0010:power_supply_uevent+0xee/0x1d0\n...\nSep 22 20:01:35 eric kernel: ? asm_exc_page_fault+0x26/0x30\nSep 22 20:01:35 eric kernel: ? power_supply_uevent+0xee/0x1d0\nSep 22 20:01:35 eric kernel: ? power_supply_uevent+0x10d/0x1d0\nSep 22 20:01:35 eric kernel: dev_uevent+0x10f/0x2d0\nSep 22 20:01:35 eric kernel: kobject_uevent_env+0x291/0x680\nSep 22 20:01:35 eric kernel: \n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52478 was patched at 2024-05-15

8952. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52479) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix uaf in smb20_oplock_break_ack\n\ndrop reference after use opinfo.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52479 was patched at 2024-05-15

8953. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52481) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: errata: Add Cortex-A520 speculative unprivileged load workaround\n\nImplement the workaround for ARM Cortex-A520 erratum 2966298. On an\naffected Cortex-A520 core, a speculatively executed unprivileged load\nmight leak data from a privileged load via a cache side channel. The\nissue only exists for loads within a translation regime with the same\ntranslation (e.g. same ASID and VMID). Therefore, the issue only affects\nthe return to EL0.\n\nThe workaround is to execute a TLBI before returning to EL0 after all\nloads of privileged data. A non-shareable TLBI to any address is\nsufficient.\n\nThe workaround isn't necessary if page table isolation (KPTI) is\nenabled, but for simplicity it will be. Page table isolation should\nnormally be disabled for Cortex-A520 as it supports the CSV3 feature\nand the E0PD feature (used when KASLR is enabled).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52481 was patched at 2024-05-15

8954. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52482) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/srso: Add SRSO mitigation for Hygon processors\n\nAdd mitigation for the speculative return stack overflow vulnerability\nwhich exists on Hygon processors too.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52482 was patched at 2024-05-06, 2024-05-15

8955. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52483) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmctp: perform route lookups under a RCU read-side lock\n\nOur current route lookups (mctp_route_lookup and mctp_route_lookup_null)\ntraverse the net's route list without the RCU read lock held. This means\nthe route lookup is subject to preemption, resulting in an potential\ngrace period expiry, and so an eventual kfree() while we still have the\nroute pointer.\n\nAdd the proper read-side critical section locks around the route\nlookups, preventing premption and a possible parallel kfree.\n\nThe remaining net->mctp.routes accesses are already under a\nrcu_read_lock, or protected by the RTNL for updates.\n\nBased on an analysis from Sili Luo <rootlab@huawei.com>, where\nintroducing a delay in the route lookup could cause a UAF on\nsimultaneous sendmsg() and route deletion.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52483 was patched at 2024-05-15

8956. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52484) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range\n\nWhen running an SVA case, the following soft lockup is triggered:\n--------------------------------------------------------------------\nwatchdog: BUG: soft lockup - CPU#244 stuck for 26s!\npstate: 83400009 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)\npc : arm_smmu_cmdq_issue_cmdlist+0x178/0xa50\nlr : arm_smmu_cmdq_issue_cmdlist+0x150/0xa50\nsp : ffff8000d83ef290\nx29: ffff8000d83ef290 x28: 000000003b9aca00 x27: 0000000000000000\nx26: ffff8000d83ef3c0 x25: da86c0812194a0e8 x24: 0000000000000000\nx23: 0000000000000040 x22: ffff8000d83ef340 x21: ffff0000c63980c0\nx20: 0000000000000001 x19: ffff0000c6398080 x18: 0000000000000000\nx17: 0000000000000000 x16: 0000000000000000 x15: ffff3000b4a3bbb0\nx14: ffff3000b4a30888 x13: ffff3000b4a3cf60 x12: 0000000000000000\nx11: 0000000000000000 x10: 0000000000000000 x9 : ffffc08120e4d6bc\nx8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000048cfa\nx5 : 0000000000000000 x4 : 0000000000000001 x3 : 000000000000000a\nx2 : 0000000080000000 x1 : 0000000000000000 x0 : 0000000000000001\nCall trace:\n arm_smmu_cmdq_issue_cmdlist+0x178/0xa50\n __arm_smmu_tlb_inv_range+0x118/0x254\n arm_smmu_tlb_inv_range_asid+0x6c/0x130\n arm_smmu_mm_invalidate_range+0xa0/0xa4\n __mmu_notifier_invalidate_range_end+0x88/0x120\n unmap_vmas+0x194/0x1e0\n unmap_region+0xb4/0x144\n do_mas_align_munmap+0x290/0x490\n do_mas_munmap+0xbc/0x124\n __vm_munmap+0xa8/0x19c\n __arm64_sys_munmap+0x28/0x50\n invoke_syscall+0x78/0x11c\n el0_svc_common.constprop.0+0x58/0x1c0\n do_el0_svc+0x34/0x60\n el0_svc+0x2c/0xd4\n el0t_64_sync_handler+0x114/0x140\n el0t_64_sync+0x1a4/0x1a8\n--------------------------------------------------------------------\n\nNote that since 6.6-rc1 the arm_smmu_mm_invalidate_range above is renamed\nto "arm_smmu_mm_arch_invalidate_secondary_tlbs", yet the problem remains.\n\nThe commit 06ff87bae8d3 ("arm64: mm: remove unused functions and variable\nprotoypes") fixed a similar lockup on the CPU MMU side. Yet, it can occur\nto SMMU too, since arm_smmu_mm_arch_invalidate_secondary_tlbs() is called\ntypically next to MMU tlb flush function, e.g.\n\ttlb_flush_mmu_tlbonly {\n\t\ttlb_flush {\n\t\t\t__flush_tlb_range {\n\t\t\t\t// check MAX_TLBI_OPS\n\t\t\t}\n\t\t}\n\t\tmmu_notifier_arch_invalidate_secondary_tlbs {\n\t\t\tarm_smmu_mm_arch_invalidate_secondary_tlbs {\n\t\t\t\t// does not check MAX_TLBI_OPS\n\t\t\t}\n\t\t}\n\t}\n\nClone a CMDQ_MAX_TLBI_OPS from the MAX_TLBI_OPS in tlbflush.h, since in an\nSVA case SMMU uses the CPU page table, so it makes sense to align with the\ntlbflush code. Then, replace per-page TLBI commands with a single per-asid\nTLBI command, if the request size hits this threshold.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52484 was patched at 2024-05-15

8957. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52485) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Wake DMCUB before sending a command\n\n[Why]\nWe can hang in place trying to send commands when the DMCUB isn't\npowered on.\n\n[How]\nFor functions that execute within a DC context or DC lock we can\nwrap the direct calls to dm_execute_dmub_cmd/list with code that\nexits idle power optimizations and reallows once we're done with\nthe command submission on success.\n\nFor DM direct submissions the DM will need to manage the enter/exit\nsequencing manually.\n\nWe cannot invoke a DMCUB command directly within the DM execution\nhelper or we can deadlock.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52485 was patched at 2024-05-15

8958. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52486) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: Don't unref the same fb many times by mistake due to deadlock handling\n\nIf we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl()\nwe proceed to unref the fb and then retry the whole thing from the top.\nBut we forget to reset the fb pointer back to NULL, and so if we then\nget another error during the retry, before the fb lookup, we proceed\nthe unref the same fb again without having gotten another reference.\nThe end result is that the fb will (eventually) end up being freed\nwhile it's still in use.\n\nReset fb to NULL once we've unreffed it to avoid doing it again\nuntil we've done another fb lookup.\n\nThis turned out to be pretty easy to hit on a DG2 when doing async\nflips (and CONFIG_DEBUG_WW_MUTEX_SLOWPATH=y). The first symptom I\nsaw that drm_closefb() simply got stuck in a busy loop while walking\nthe framebuffer list. Fortunately I was able to convince it to oops\ninstead, and from there it was easier to track down the culprit.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52486 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52486 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

8959. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52488) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO\n\nThe SC16IS7XX IC supports a burst mode to access the FIFOs where the\ninitial register address is sent ($00), followed by all the FIFO data\nwithout having to resend the register address each time. In this mode, the\nIC doesn't increment the register address for each R/W byte.\n\nThe regmap_raw_read() and regmap_raw_write() are functions which can\nperform IO over multiple registers. They are currently used to read/write\nfrom/to the FIFO, and although they operate correctly in this burst mode on\nthe SPI bus, they would corrupt the regmap cache if it was not disabled\nmanually. The reason is that when the R/W size is more than 1 byte, these\nfunctions assume that the register address is incremented and handle the\ncache accordingly.\n\nConvert FIFO R/W functions to use the regmap _noinc_ versions in order to\nremove the manual cache control which was a workaround when using the\n_raw_ versions. FIFO registers are properly declared as volatile so\ncache will not be used/updated for FIFO accesses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52488 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52488 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

8960. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52489) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/sparsemem: fix race in accessing memory_section->usage\n\nThe below race is observed on a PFN which falls into the device memory\nregion with the system memory configuration where PFN's are such that\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL]. Since normal zone start and end\npfn contains the device memory PFN's as well, the compaction triggered\nwill try on the device memory PFN's too though they end up in NOP(because\npfn_to_online_page() returns NULL for ZONE_DEVICE memory sections). When\nfrom other core, the section mappings are being removed for the\nZONE_DEVICE region, that the PFN in question belongs to, on which\ncompaction is currently being operated is resulting into the kernel crash\nwith CONFIG_SPASEMEM_VMEMAP enabled. The crash logs can be seen at [1].\n\ncompact_zone()\t\t\tmemunmap_pages\n-------------\t\t\t---------------\n__pageblock_pfn_to_page\n ......\n (a)pfn_valid():\n valid_section()//return true\n\t\t\t (b)__remove_pages()->\n\t\t\t\t sparse_remove_section()->\n\t\t\t\t section_deactivate():\n\t\t\t\t [Free the array ms->usage and set\n\t\t\t\t ms->usage = NULL]\n pfn_section_valid()\n [Access ms->usage which\n is NULL]\n\nNOTE: From the above it can be said that the race is reduced to between\nthe pfn_valid()/pfn_section_valid() and the section deactivate with\nSPASEMEM_VMEMAP enabled.\n\nThe commit b943f045a9af("mm/sparse: fix kernel crash with\npfn_section_valid check") tried to address the same problem by clearing\nthe SECTION_HAS_MEM_MAP with the expectation of valid_section() returns\nfalse thus ms->usage is not accessed.\n\nFix this issue by the below steps:\n\na) Clear SECTION_HAS_MEM_MAP before freeing the ->usage.\n\nb) RCU protected read side critical section will either return NULL\n when SECTION_HAS_MEM_MAP is cleared or can successfully access ->usage.\n\nc) Free the ->usage with kfree_rcu() and set ms->usage = NULL. No\n attempt will be made to access ->usage after this as the\n SECTION_HAS_MEM_MAP is cleared thus valid_section() return false.\n\nThanks to David/Pavan for their inputs on this patch.\n\n[1] https://lore.kernel.org/linux-mm/994410bb-89aa-d987-1f50-f514903c55aa@quicinc.com/\n\nOn Snapdragon SoC, with the mentioned memory configuration of PFN's as\n[ZONE_NORMAL ZONE_DEVICE ZONE_NORMAL], we are able to see bunch of\nissues daily while testing on a device farm.\n\nFor this particular issue below is the log. Though the below log is\nnot directly pointing to the pfn_section_valid(){ ms->usage;}, when we\nloaded this dump on T32 lauterbach tool, it is pointing.\n\n[ 540.578056] Unable to handle kernel NULL pointer dereference at\nvirtual address 0000000000000000\n[ 540.578068] Mem abort info:\n[ 540.578070] ESR = 0x0000000096000005\n[ 540.578073] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 540.578077] SET = 0, FnV = 0\n[ 540.578080] EA = 0, S1PTW = 0\n[ 540.578082] FSC = 0x05: level 1 translation fault\n[ 540.578085] Data abort info:\n[ 540.578086] ISV = 0, ISS = 0x00000005\n[ 540.578088] CM = 0, WnR = 0\n[ 540.579431] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBSBTYPE=--)\n[ 540.579436] pc : __pageblock_pfn_to_page+0x6c/0x14c\n[ 540.579454] lr : compact_zone+0x994/0x1058\n[ 540.579460] sp : ffffffc03579b510\n[ 540.579463] x29: ffffffc03579b510 x28: 0000000000235800 x27:000000000000000c\n[ 540.579470] x26: 0000000000235c00 x25: 0000000000000068 x24:ffffffc03579b640\n[ 540.579477] x23: 0000000000000001 x22: ffffffc03579b660 x21:0000000000000000\n[ 540.579483] x20: 0000000000235bff x19: ffffffdebf7e3940 x18:ffffffdebf66d140\n[ 540.579489] x17: 00000000739ba063 x16: 00000000739ba063 x15:00000000009f4bff\n[ 540.579495] x14: 0000008000000000 x13: 0000000000000000 x12:0000000000000001\n[ 540.579501] x11: 0000000000000000 x10: 0000000000000000 x9 :ffffff897d2cd440\n[ 540.579507] x8 : 0000000000000000 x7 : 0000000000000000 x6 :ffffffc03579b5b4\n[ 540.579512] x5 : 0000000000027f25 x4 : ffffffc03579b5b8 x3 :0000000000000\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-52489 was patched at 2024-05-22

debian: CVE-2023-52489 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2023-52489 was patched at 2024-05-02, 2024-05-23

redhat: CVE-2023-52489 was patched at 2024-05-22

ubuntu: CVE-2023-52489 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

8961. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52492) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fix NULL pointer in channel unregistration function\n\n__dma_async_device_channel_register() can fail. In case of failure,\nchan->local is freed (with free_percpu()), and chan->local is nullified.\nWhen dma_async_device_unregister() is called (because of managed API or\nintentionally by DMA controller driver), channels are unconditionally\nunregistered, leading to this NULL pointer:\n[ 1.318693] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\n[...]\n[ 1.484499] Call trace:\n[ 1.486930] device_del+0x40/0x394\n[ 1.490314] device_unregister+0x20/0x7c\n[ 1.494220] __dma_async_device_channel_unregister+0x68/0xc0\n\nLook at dma_async_device_register() function error path, channel device\nunregistration is done only if chan->local is not NULL.\n\nThen add the same condition at the beginning of\n__dma_async_device_channel_unregister() function, to avoid NULL pointer\nissue whatever the API used to reach this function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52492 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52492 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

8962. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52493) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbus: mhi: host: Drop chan lock before queuing buffers\n\nEnsure read and write locks for the channel are not taken in succession by\ndropping the read lock from parse_xfer_event() such that a callback given\nto client can potentially queue buffers and acquire the write lock in that\nprocess. Any queueing of buffers should be done without channel read lock\nacquired as it can result in multiple locks and a soft lockup.\n\n[mani: added fixes tag and cc'ed stable]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52493 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52493 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

8963. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52497) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix lz4 inplace decompression\n\nCurrently EROFS can map another compressed buffer for inplace\ndecompression, that was used to handle the cases that some pages of\ncompressed data are actually not in-place I/O.\n\nHowever, like most simple LZ77 algorithms, LZ4 expects the compressed\ndata is arranged at the end of the decompressed buffer and it\nexplicitly uses memmove() to handle overlapping:\n __________________________________________________________\n |_ direction of decompression --> ____ |_ compressed data _|\n\nAlthough EROFS arranges compressed data like this, it typically maps two\nindividual virtual buffers so the relative order is uncertain.\nPreviously, it was hardly observed since LZ4 only uses memmove() for\nshort overlapped literals and x86/arm64 memmove implementations seem to\ncompletely cover it up and they don't have this issue. Juhyung reported\nthat EROFS data corruption can be found on a new Intel x86 processor.\nAfter some analysis, it seems that recent x86 processors with the new\nFSRM feature expose this issue with "rep movsb".\n\nLet's strictly use the decompressed buffer for lz4 inplace\ndecompression for now. Later, as an useful improvement, we could try\nto tie up these two buffers together in the correct order.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52497 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52497 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

8964. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52498) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPM: sleep: Fix possible deadlocks in core system-wide PM code\n\nIt is reported that in low-memory situations the system-wide resume core\ncode deadlocks, because async_schedule_dev() executes its argument\nfunction synchronously if it cannot allocate memory (and not only in\nthat case) and that function attempts to acquire a mutex that is already\nheld. Executing the argument function synchronously from within\ndpm_async_fn() may also be problematic for ordering reasons (it may\ncause a consumer device's resume callback to be invoked before a\nrequisite supplier device's one, for example).\n\nAddress this by changing the code in question to use\nasync_schedule_dev_nocall() for scheduling the asynchronous\nexecution of device suspend and resume functions and to directly\nrun them synchronously if async_schedule_dev_nocall() returns false.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52498 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52498 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

8965. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52499) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/47x: Fix 47x syscall return crash\n\nEddie reported that newer kernels were crashing during boot on his 476\nFSP2 system:\n\n kernel tried to execute user page (b7ee2000) - exploit attempt? (uid: 0)\n BUG: Unable to handle kernel instruction fetch\n Faulting instruction address: 0xb7ee2000\n Oops: Kernel access of bad area, sig: 11 [#1]\n BE PAGE_SIZE=4K FSP-2\n Modules linked in:\n CPU: 0 PID: 61 Comm: mount Not tainted 6.1.55-d23900f.ppcnf-fsp2 #1\n Hardware name: ibm,fsp2 476fpe 0x7ff520c0 FSP-2\n NIP:\xa0 b7ee2000 LR: 8c008000 CTR: 00000000\n REGS: bffebd83 TRAP: 0400\xa0\xa0 Not tainted (6.1.55-d23900f.ppcnf-fs p2)\n MSR:\xa0 00000030 <IR,DR>\xa0 CR: 00001000\xa0 XER: 20000000\n GPR00: c00110ac bffebe63 bffebe7e bffebe88 8c008000 00001000 00000d12 b7ee2000\n GPR08: 00000033 00000000 00000000 c139df10 48224824 1016c314 10160000 00000000\n GPR16: 10160000 10160000 00000008 00000000 10160000 00000000 10160000 1017f5b0\n GPR24: 1017fa50 1017f4f0 1017fa50 1017f740 1017f630 00000000 00000000 1017f4f0\n NIP [b7ee2000] 0xb7ee2000\n LR [8c008000] 0x8c008000\n Call Trace:\n Instruction dump:\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX\n ---[ end trace 0000000000000000 ]---\n\nThe problem is in ret_from_syscall where the check for\nicache_44x_need_flush is done. When the flush is needed the code jumps\nout-of-line to do the flush, and then intends to jump back to continue\nthe syscall return.\n\nHowever the branch back to label 1b doesn't return to the correct\nlocation, instead branching back just prior to the return to userspace,\ncausing bogus register values to be used by the rfi.\n\nThe breakage was introduced by commit 6f76a01173cc\n("powerpc/syscall: implement system call entry/exit logic in C for PPC32") which\ninadvertently removed the "1" label and reused it elsewhere.\n\nFix it by adding named local labels in the correct locations. Note that\nthe return label needs to be outside the ifdef so that CONFIG_PPC_47x=n\ncompiles.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52499 was patched at 2024-05-15

8966. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52500) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command\n\nTags allocated for OPC_INB_SET_CONTROLLER_CONFIG command need to be freed\nwhen we receive the response.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52500 was patched at 2024-05-15

8967. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52501) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Do not attempt to read past "commit"\n\nWhen iterating over the ring buffer while the ring buffer is active, the\nwriter can corrupt the reader. There's barriers to help detect this and\nhandle it, but that code missed the case where the last event was at the\nvery end of the page and has only 4 bytes left.\n\nThe checks to detect the corruption by the writer to reads needs to see the\nlength of the event. If the length in the first 4 bytes is zero then the\nlength is stored in the second 4 bytes. But if the writer is in the process\nof updating that code, there's a small window where the length in the first\n4 bytes could be zero even though the length is only 4 bytes. That will\ncause rb_event_length() to read the next 4 bytes which could happen to be off the\nallocated page.\n\nTo protect against this, fail immediately if the next event pointer is\nless than 8 bytes from the end of the commit (last byte of data), as all\nevents must be a minimum of 8 bytes anyway.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52501 was patched at 2024-05-15

8968. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52502) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()\n\nSili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.\n\nGetting a reference on the socket found in a lookup while\nholding a lock should happen before releasing the lock.\n\nnfc_llcp_sock_get_sn() has a similar problem.\n\nFinally nfc_llcp_recv_snl() needs to make sure the socket\nfound by nfc_llcp_sock_from_sn() does not disappear.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52502 was patched at 2024-05-15

8969. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52504) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/alternatives: Disable KASAN in apply_alternatives()\n\nFei has reported that KASAN triggers during apply_alternatives() on\na 5-level paging machine:\n\n\tBUG: KASAN: out-of-bounds in rcu_is_watching()\n\tRead of size 4 at addr ff110003ee6419a0 by task swapper/0/0\n\t...\n\t__asan_load4()\n\trcu_is_watching()\n\ttrace_hardirqs_on()\n\ttext_poke_early()\n\tapply_alternatives()\n\t...\n\nOn machines with 5-level paging, cpu_feature_enabled(X86_FEATURE_LA57)\ngets patched. It includes KASAN code, where KASAN_SHADOW_START depends on\n__VIRTUAL_MASK_SHIFT, which is defined with cpu_feature_enabled().\n\nKASAN gets confused when apply_alternatives() patches the\nKASAN_SHADOW_START users. A test patch that makes KASAN_SHADOW_START\nstatic, by replacing __VIRTUAL_MASK_SHIFT with 56, works around the issue.\n\nFix it for real by disabling KASAN while the kernel is patching alternatives.\n\n[ mingo: updated the changelog ]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52504 was patched at 2024-05-15

ubuntu: CVE-2023-52504 was patched at 2024-06-12

8970. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52505) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nphy: lynx-28g: serialize concurrent phy_set_mode_ext() calls to shared registers\n\nThe protocol converter configuration registers PCC8, PCCC, PCCD\n(implemented by the driver), as well as others, control protocol\nconverters from multiple lanes (each represented as a different\nstruct phy). So, if there are simultaneous calls to phy_set_mode_ext()\nto lanes sharing the same PCC register (either for the "old" or for the\n"new" protocol), corruption of the values programmed to hardware is\npossible, because lynx_28g_rmw() has no locking.\n\nAdd a spinlock in the struct lynx_28g_priv shared by all lanes, and take\nthe global spinlock from the phy_ops :: set_mode() implementation. There\nare no other callers which modify PCC registers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52505 was patched at 2024-05-15

8971. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52506) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Set all reserved memblocks on Node#0 at initialization\n\nAfter commit 61167ad5fecdea ("mm: pass nid to reserve_bootmem_region()")\nwe get a panic if DEFERRED_STRUCT_PAGE_INIT is enabled:\n\n[ 0.000000] CPU 0 Unable to handle kernel paging request at virtual address 0000000000002b82, era == 90000000040e3f28, ra == 90000000040e3f18\n[ 0.000000] Oops[#1]:\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.5.0+ #733\n[ 0.000000] pc 90000000040e3f28 ra 90000000040e3f18 tp 90000000046f4000 sp 90000000046f7c90\n[ 0.000000] a0 0000000000000001 a1 0000000000200000 a2 0000000000000040 a3 90000000046f7ca0\n[ 0.000000] a4 90000000046f7ca4 a5 0000000000000000 a6 90000000046f7c38 a7 0000000000000000\n[ 0.000000] t0 0000000000000002 t1 9000000004b00ac8 t2 90000000040e3f18 t3 90000000040f0800\n[ 0.000000] t4 00000000000f0000 t5 80000000ffffe07e t6 0000000000000003 t7 900000047fff5e20\n[ 0.000000] t8 aaaaaaaaaaaaaaab u0 0000000000000018 s9 0000000000000000 s0 fffffefffe000000\n[ 0.000000] s1 0000000000000000 s2 0000000000000080 s3 0000000000000040 s4 0000000000000000\n[ 0.000000] s5 0000000000000000 s6 fffffefffe000000 s7 900000000470b740 s8 9000000004ad4000\n[ 0.000000] ra: 90000000040e3f18 reserve_bootmem_region+0xec/0x21c\n[ 0.000000] ERA: 90000000040e3f28 reserve_bootmem_region+0xfc/0x21c\n[ 0.000000] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n[ 0.000000] PRMD: 00000000 (PPLV0 -PIE -PWE)\n[ 0.000000] EUEN: 00000000 (-FPE -SXE -ASXE -BTE)\n[ 0.000000] ECFG: 00070800 (LIE=11 VS=7)\n[ 0.000000] ESTAT: 00010800 [PIL] (IS=11 ECode=1 EsubCode=0)\n[ 0.000000] BADV: 0000000000002b82\n[ 0.000000] PRID: 0014d000 (Loongson-64bit, Loongson-3A6000)\n[ 0.000000] Modules linked in:\n[ 0.000000] Process swapper (pid: 0, threadinfo=(____ptrval____), task=(____ptrval____))\n[ 0.000000] Stack : 0000000000000000 9000000002eb5430 0000003a00000020 90000000045ccd00\n[ 0.000000] 900000000470e000 90000000002c1918 0000000000000000 9000000004110780\n[ 0.000000] 00000000fe6c0000 0000000480000000 9000000004b4e368 9000000004110748\n[ 0.000000] 0000000000000000 900000000421ca84 9000000004620000 9000000004564970\n[ 0.000000] 90000000046f7d78 9000000002cc9f70 90000000002c1918 900000000470e000\n[ 0.000000] 9000000004564970 90000000040bc0e0 90000000046f7d78 0000000000000000\n[ 0.000000] 0000000000004000 90000000045ccd00 0000000000000000 90000000002c1918\n[ 0.000000] 90000000002c1900 900000000470b700 9000000004b4df78 9000000004620000\n[ 0.000000] 90000000046200a8 90000000046200a8 0000000000000000 9000000004218b2c\n[ 0.000000] 9000000004270008 0000000000000001 0000000000000000 90000000045ccd00\n[ 0.000000] ...\n[ 0.000000] Call Trace:\n[ 0.000000] [<90000000040e3f28>] reserve_bootmem_region+0xfc/0x21c\n[ 0.000000] [<900000000421ca84>] memblock_free_all+0x114/0x350\n[ 0.000000] [<9000000004218b2c>] mm_core_init+0x138/0x3cc\n[ 0.000000] [<9000000004200e38>] start_kernel+0x488/0x7a4\n[ 0.000000] [<90000000040df0d8>] kernel_entry+0xd8/0xdc\n[ 0.000000]\n[ 0.000000] Code: 02eb21ad 00410f4c 380c31ac <262b818d> 6800b70d 02c1c196 0015001c 57fe4bb1 260002cd\n\nThe reason is early memblock_reserve() in memblock_init() set node id to\nMAX_NUMNODES, making NODE_DATA(nid) a NULL dereference in the call chain\nreserve_bootmem_region() -> init_reserved_page(). After memblock_init(),\nthose late calls of memblock_reserve() operate on subregions of memblock\n.memory regions. As a result, these reserved regions will be set to the\ncorrect node at the first iteration of memmap_init_reserved_pages().\n\nSo set all reserved memblocks on Node#0 at initialization can avoid this\npanic.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52506 was patched at 2024-05-15

8972. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52507) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: assert requested protocol is valid\n\nThe protocol is used in a bit mask to determine if the protocol is\nsupported. Assert the provided protocol is less than the maximum\ndefined so it doesn't potentially perform a shift-out-of-bounds and\nprovide a clearer error for undefined protocols vs unsupported ones.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52507 was patched at 2024-05-15

8973. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52508) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()\n\nThe nvme_fc_fcp_op structure describing an AEN operation is initialized with a\nnull request structure pointer. An FC LLDD may make a call to\nnvme_fc_io_getuuid passing a pointer to an nvmefc_fcp_req for an AEN operation.\n\nAdd validation of the request structure pointer before dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52508 was patched at 2024-05-15

8974. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52511) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: sun6i: reduce DMA RX transfer width to single byte\n\nThrough empirical testing it has been determined that sometimes RX SPI\ntransfers with DMA enabled return corrupted data. This is down to single\nor even multiple bytes lost during DMA transfer from SPI peripheral to\nmemory. It seems the RX FIFO within the SPI peripheral can become\nconfused when performing bus read accesses wider than a single byte to it\nduring an active SPI transfer.\n\nThis patch reduces the width of individual DMA read accesses to the\nRX FIFO to a single byte to mitigate that issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52511 was patched at 2024-05-15

8975. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52513) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix connection failure handling\n\nIn case immediate MPA request processing fails, the newly\ncreated endpoint unlinks the listening endpoint and is\nready to be dropped. This special case was not handled\ncorrectly by the code handling the later TCP socket close,\ncausing a NULL dereference crash in siw_cm_work_handler()\nwhen dereferencing a NULL listener. We now also cancel\nthe useless MPA timeout, if immediate MPA request\nprocessing fails.\n\nThis patch furthermore simplifies MPA processing in general:\nScheduling a useless TCP socket read in sk_data_ready() upcall\nis now surpressed, if the socket is already moved out of\nTCP_ESTABLISHED state.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-52513 was patched at 2024-06-05

debian: CVE-2023-52513 was patched at 2024-05-15

oraclelinux: CVE-2023-52513 was patched at 2024-06-05

redhat: CVE-2023-52513 was patched at 2024-06-05

8976. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52516) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock\n\n__dma_entry_alloc_check_leak() calls into printk -> serial console\noutput (qcom geni) and grabs port->lock under free_entries_lock\nspin lock, which is a reverse locking dependency chain as qcom_geni\nIRQ handler can call into dma-debug code and grab free_entries_lock\nunder port->lock.\n\nMove __dma_entry_alloc_check_leak() call out of free_entries_lock\nscope so that we don't acquire serial console's port->lock under it.\n\nTrimmed-down lockdep splat:\n\n The existing dependency chain (in reverse order) is:\n\n -> #2 (free_entries_lock){-.-.}-{2:2}:\n _raw_spin_lock_irqsave+0x60/0x80\n dma_entry_alloc+0x38/0x110\n debug_dma_map_page+0x60/0xf8\n dma_map_page_attrs+0x1e0/0x230\n dma_map_single_attrs.constprop.0+0x6c/0xc8\n geni_se_rx_dma_prep+0x40/0xcc\n qcom_geni_serial_isr+0x310/0x510\n __handle_irq_event_percpu+0x110/0x244\n handle_irq_event_percpu+0x20/0x54\n handle_irq_event+0x50/0x88\n handle_fasteoi_irq+0xa4/0xcc\n handle_irq_desc+0x28/0x40\n generic_handle_domain_irq+0x24/0x30\n gic_handle_irq+0xc4/0x148\n do_interrupt_handler+0xa4/0xb0\n el1_interrupt+0x34/0x64\n el1h_64_irq_handler+0x18/0x24\n el1h_64_irq+0x64/0x68\n arch_local_irq_enable+0x4/0x8\n ____do_softirq+0x18/0x24\n ...\n\n -> #1 (&port_lock_key){-.-.}-{2:2}:\n _raw_spin_lock_irqsave+0x60/0x80\n qcom_geni_serial_console_write+0x184/0x1dc\n console_flush_all+0x344/0x454\n console_unlock+0x94/0xf0\n vprintk_emit+0x238/0x24c\n vprintk_default+0x3c/0x48\n vprintk+0xb4/0xbc\n _printk+0x68/0x90\n register_console+0x230/0x38c\n uart_add_one_port+0x338/0x494\n qcom_geni_serial_probe+0x390/0x424\n platform_probe+0x70/0xc0\n really_probe+0x148/0x280\n __driver_probe_device+0xfc/0x114\n driver_probe_device+0x44/0x100\n __device_attach_driver+0x64/0xdc\n bus_for_each_drv+0xb0/0xd8\n __device_attach+0xe4/0x140\n device_initial_probe+0x1c/0x28\n bus_probe_device+0x44/0xb0\n device_add+0x538/0x668\n of_device_add+0x44/0x50\n of_platform_device_create_pdata+0x94/0xc8\n of_platform_bus_create+0x270/0x304\n of_platform_populate+0xac/0xc4\n devm_of_platform_populate+0x60/0xac\n geni_se_probe+0x154/0x160\n platform_probe+0x70/0xc0\n ...\n\n -> #0 (console_owner){-...}-{0:0}:\n __lock_acquire+0xdf8/0x109c\n lock_acquire+0x234/0x284\n console_flush_all+0x330/0x454\n console_unlock+0x94/0xf0\n vprintk_emit+0x238/0x24c\n vprintk_default+0x3c/0x48\n vprintk+0xb4/0xbc\n _printk+0x68/0x90\n dma_entry_alloc+0xb4/0x110\n debug_dma_map_sg+0xdc/0x2f8\n __dma_map_sg_attrs+0xac/0xe4\n dma_map_sgtable+0x30/0x4c\n get_pages+0x1d4/0x1e4 [msm]\n msm_gem_pin_pages_locked+0x38/0xac [msm]\n msm_gem_pin_vma_locked+0x58/0x88 [msm]\n msm_ioctl_gem_submit+0xde4/0x13ac [msm]\n drm_ioctl_kernel+0xe0/0x15c\n drm_ioctl+0x2e8/0x3f4\n vfs_ioctl+0x30/0x50\n ...\n\n Chain exists of:\n console_owner --> &port_lock_key --> free_entries_lock\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(free_entries_lock);\n lock(&port_lock_key);\n lock(free_entries_lock);\n lock(console_owner);\n\n *** DEADLOCK ***\n\n Call trace:\n dump_backtrace+0xb4/0xf0\n show_stack+0x20/0x30\n dump_stack_lvl+0x60/0x84\n dump_stack+0x18/0x24\n print_circular_bug+0x1cc/0x234\n check_noncircular+0x78/0xac\n __lock_acquire+0xdf8/0x109c\n lock_acquire+0x234/0x284\n console_flush_all+0x330/0x454\n consol\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52516 was patched at 2024-05-15

8977. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52517) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain\n\nPreviously the transfer complete IRQ immediately drained to RX FIFO to\nread any data remaining in FIFO to the RX buffer. This behaviour is\ncorrect when dealing with SPI in interrupt mode. However in DMA mode the\ntransfer complete interrupt still fires as soon as all bytes to be\ntransferred have been stored in the FIFO. At that point data in the FIFO\nstill needs to be picked up by the DMA engine. Thus the drain procedure\nand DMA engine end up racing to read from RX FIFO, corrupting any data\nread. Additionally the RX buffer pointer is never adjusted according to\nDMA progress in DMA mode, thus calling the RX FIFO drain procedure in DMA\nmode is a bug.\nFix corruptions in DMA RX mode by draining RX FIFO only in interrupt mode.\nAlso wait for completion of RX DMA when in DMA mode before returning to\nensure all data has been copied to the supplied memory buffer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52517 was patched at 2024-05-15

8978. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52519) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nHID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit\n\nThe EHL (Elkhart Lake) based platforms provide a OOB (Out of band)\nservice, which allows to wakup device when the system is in S5 (Soft-Off\nstate). This OOB service can be enabled/disabled from BIOS settings. When\nenabled, the ISH device gets PME wake capability. To enable PME wakeup,\ndriver also needs to enable ACPI GPE bit.\n\nOn resume, BIOS will clear the wakeup bit. So driver need to re-enable it\nin resume function to keep the next wakeup capability. But this BIOS\nclearing of wakeup bit doesn't decrement internal OS GPE reference count,\nso this reenabling on every resume will cause reference count to overflow.\n\nSo first disable and reenable ACPI GPE bit using acpi_disable_gpe().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52519 was patched at 2024-05-15

8979. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52520) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: think-lmi: Fix reference leak\n\nIf a duplicate attribute is found using kset_find_obj(), a reference\nto that attribute is returned which needs to be disposed accordingly\nusing kobject_put(). Move the setting name validation into a separate\nfunction to allow for this change without having to duplicate the\ncleanup code for this setting.\nAs a side note, a very similar bug was fixed in\ncommit 7295a996fdab ("platform/x86: dell-sysman: Fix reference leak"),\nso it seems that the bug was copied from that driver.\n\nCompile-tested only.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-52520 was patched at 2024-06-05

debian: CVE-2023-52520 was patched at 2024-05-15

oraclelinux: CVE-2023-52520 was patched at 2024-06-05

redhat: CVE-2023-52520 was patched at 2024-06-05

8980. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52522) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix possible store tearing in neigh_periodic_work()\n\nWhile looking at a related syzbot report involving neigh_periodic_work(),\nI found that I forgot to add an annotation when deleting an\nRCU protected item from a list.\n\nReaders use rcu_deference(*np), we need to use either\nrcu_assign_pointer() or WRITE_ONCE() on writer side\nto prevent store tearing.\n\nI use rcu_assign_pointer() to have lockdep support,\nthis was the choice made in neigh_flush_dev().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52522 was patched at 2024-05-15

oraclelinux: CVE-2023-52522 was patched at 2024-05-02

8981. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52523) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets\n\nWith a SOCKMAP/SOCKHASH map and an sk_msg program user can steer messages\nsent from one TCP socket (s1) to actually egress from another TCP\nsocket (s2):\n\ntcp_bpf_sendmsg(s1)\t\t// = sk_prot->sendmsg\n tcp_bpf_send_verdict(s1)\t// __SK_REDIRECT case\n tcp_bpf_sendmsg_redir(s2)\n tcp_bpf_push_locked(s2)\n\ttcp_bpf_push(s2)\n\t tcp_rate_check_app_limited(s2) // expects tcp_sock\n\t tcp_sendmsg_locked(s2)\t // ditto\n\nThere is a hard-coded assumption in the call-chain, that the egress\nsocket (s2) is a TCP socket.\n\nHowever in commit 122e6c79efe1 ("sock_map: Update sock type checks for\nUDP") we have enabled redirects to non-TCP sockets. This was done for the\nsake of BPF sk_skb programs. There was no indention to support sk_msg\nsend-to-egress use case.\n\nAs a result, attempts to send-to-egress through a non-TCP socket lead to a\ncrash due to invalid downcast from sock to tcp_sock:\n\n BUG: kernel NULL pointer dereference, address: 000000000000002f\n ...\n Call Trace:\n <TASK>\n ? show_regs+0x60/0x70\n ? __die+0x1f/0x70\n ? page_fault_oops+0x80/0x160\n ? do_user_addr_fault+0x2d7/0x800\n ? rcu_is_watching+0x11/0x50\n ? exc_page_fault+0x70/0x1c0\n ? asm_exc_page_fault+0x27/0x30\n ? tcp_tso_segs+0x14/0xa0\n tcp_write_xmit+0x67/0xce0\n __tcp_push_pending_frames+0x32/0xf0\n tcp_push+0x107/0x140\n tcp_sendmsg_locked+0x99f/0xbb0\n tcp_bpf_push+0x19d/0x3a0\n tcp_bpf_sendmsg_redir+0x55/0xd0\n tcp_bpf_send_verdict+0x407/0x550\n tcp_bpf_sendmsg+0x1a1/0x390\n inet_sendmsg+0x6a/0x70\n sock_sendmsg+0x9d/0xc0\n ? sockfd_lookup_light+0x12/0x80\n __sys_sendto+0x10e/0x160\n ? syscall_enter_from_user_mode+0x20/0x60\n ? __this_cpu_preempt_check+0x13/0x20\n ? lockdep_hardirqs_on+0x82/0x110\n __x64_sys_sendto+0x1f/0x30\n do_syscall_64+0x38/0x90\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\nReject selecting a non-TCP sockets as redirect target from a BPF sk_msg\nprogram to prevent the crash. When attempted, user will receive an EACCES\nerror from send/sendto/sendmsg() syscall.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52523 was patched at 2024-05-15

8982. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52524) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: nfc: llcp: Add lock when modifying device list\n\nThe device list needs its associated lock held when modifying it, or the\nlist could become corrupted, as syzbot discovered.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52524 was patched at 2024-05-15

ubuntu: CVE-2023-52524 was patched at 2024-05-16, 2024-05-20, 2024-05-21, 2024-05-23

8983. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52525) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet\n\nOnly skip the code path trying to access the rfc1042 headers when the\nbuffer is too small, so the driver can still process packets without\nrfc1042 headers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52525 was patched at 2024-05-15

8984. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52527) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()\n\nIncluding the transhdrlen in length is a problem when the packet is\npartially filled (e.g. something like send(MSG_MORE) happened previously)\nwhen appending to an IPv4 or IPv6 packet as we don't want to repeat the\ntransport header or account for it twice. This can happen under some\ncircumstances, such as splicing into an L2TP socket.\n\nThe symptom observed is a warning in __ip6_append_data():\n\n WARNING: CPU: 1 PID: 5042 at net/ipv6/ip6_output.c:1800 __ip6_append_data.isra.0+0x1be8/0x47f0 net/ipv6/ip6_output.c:1800\n\nthat occurs when MSG_SPLICE_PAGES is used to append more data to an already\npartially occupied skbuff. The warning occurs when 'copy' is larger than\nthe amount of data in the message iterator. This is because the requested\nlength includes the transport header length when it shouldn't. This can be\ntriggered by, for example:\n\n sfd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_L2TP);\n bind(sfd, ...); // ::1\n connect(sfd, ...); // ::1 port 7\n send(sfd, buffer, 4100, MSG_MORE);\n sendfile(sfd, dfd, NULL, 1024);\n\nFix this by only adding transhdrlen into the length if the write queue is\nempty in l2tp_ip6_sendmsg(), analogously to how UDP does things.\n\nl2tp_ip_sendmsg() looks like it won't suffer from this problem as it builds\nthe UDP packet itself.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52527 was patched at 2024-05-15

8985. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52528) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg\n\nsyzbot reported the following uninit-value access issue:\n\n=====================================================\nBUG: KMSAN: uninit-value in smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:975 [inline]\nBUG: KMSAN: uninit-value in smsc75xx_bind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482\nCPU: 0 PID: 8696 Comm: kworker/0:3 Not tainted 5.8.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: usb_hub_wq hub_event\nCall Trace:\n __dump_stack lib/dump_stack.c:77 [inline]\n dump_stack+0x21c/0x280 lib/dump_stack.c:118\n kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:121\n __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215\n smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:975 [inline]\n smsc75xx_bind+0x5c9/0x11e0 drivers/net/usb/smsc75xx.c:1482\n usbnet_probe+0x1152/0x3f90 drivers/net/usb/usbnet.c:1737\n usb_probe_interface+0xece/0x1550 drivers/usb/core/driver.c:374\n really_probe+0xf20/0x20b0 drivers/base/dd.c:529\n driver_probe_device+0x293/0x390 drivers/base/dd.c:701\n __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807\n bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431\n __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:920\n bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491\n device_add+0x3b0e/0x40d0 drivers/base/core.c:2680\n usb_set_configuration+0x380f/0x3f10 drivers/usb/core/message.c:2032\n usb_generic_driver_probe+0x138/0x300 drivers/usb/core/generic.c:241\n usb_probe_device+0x311/0x490 drivers/usb/core/driver.c:272\n really_probe+0xf20/0x20b0 drivers/base/dd.c:529\n driver_probe_device+0x293/0x390 drivers/base/dd.c:701\n __device_attach_driver+0x63f/0x830 drivers/base/dd.c:807\n bus_for_each_drv+0x2ca/0x3f0 drivers/base/bus.c:431\n __device_attach+0x4e2/0x7f0 drivers/base/dd.c:873\n device_initial_probe+0x4a/0x60 drivers/base/dd.c:920\n bus_probe_device+0x177/0x3d0 drivers/base/bus.c:491\n device_add+0x3b0e/0x40d0 drivers/base/core.c:2680\n usb_new_device+0x1bd4/0x2a30 drivers/usb/core/hub.c:2554\n hub_port_connect drivers/usb/core/hub.c:5208 [inline]\n hub_port_connect_change drivers/usb/core/hub.c:5348 [inline]\n port_event drivers/usb/core/hub.c:5494 [inline]\n hub_event+0x5e7b/0x8a70 drivers/usb/core/hub.c:5576\n process_one_work+0x1688/0x2140 kernel/workqueue.c:2269\n worker_thread+0x10bc/0x2730 kernel/workqueue.c:2415\n kthread+0x551/0x590 kernel/kthread.c:292\n ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:293\n\nLocal variable ----buf.i87@smsc75xx_bind created at:\n __smsc75xx_read_reg drivers/net/usb/smsc75xx.c:83 [inline]\n smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:968 [inline]\n smsc75xx_bind+0x485/0x11e0 drivers/net/usb/smsc75xx.c:1482\n __smsc75xx_read_reg drivers/net/usb/smsc75xx.c:83 [inline]\n smsc75xx_wait_ready drivers/net/usb/smsc75xx.c:968 [inline]\n smsc75xx_bind+0x485/0x11e0 drivers/net/usb/smsc75xx.c:1482\n\nThis issue is caused because usbnet_read_cmd() reads less bytes than requested\n(zero byte in the reproducer). In this case, 'buf' is not properly filled.\n\nThis patch fixes the issue by returning -ENODATA if usbnet_read_cmd() reads\nless bytes than requested.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-52528 was patched at 2024-06-05

debian: CVE-2023-52528 was patched at 2024-05-15

oraclelinux: CVE-2023-52528 was patched at 2024-06-05

redhat: CVE-2023-52528 was patched at 2024-06-05

8986. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52532) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mana: Fix TX CQE error handling\n\nFor an unknown TX CQE error type (probably from a newer hardware),\nstill free the SKB, update the queue tail, etc., otherwise the\naccounting will be wrong.\n\nAlso, TX errors can be triggered by injecting corrupted packets, so\nreplace the WARN_ONCE to ratelimited error logging.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52532 was patched at 2024-05-15

8987. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52559) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Avoid memory allocation in iommu_suspend()\n\nThe iommu_suspend() syscore suspend callback is invoked with IRQ disabled.\nAllocating memory with the GFP_KERNEL flag may re-enable IRQs during\nthe suspend callback, which can cause intermittent suspend/hibernation\nproblems with the following kernel traces:\n\nCalling iommu_suspend+0x0/0x1d0\n------------[ cut here ]------------\nWARNING: CPU: 0 PID: 15 at kernel/time/timekeeping.c:868 ktime_get+0x9b/0xb0\n...\nCPU: 0 PID: 15 Comm: rcu_preempt Tainted: G U E 6.3-intel #r1\nRIP: 0010:ktime_get+0x9b/0xb0\n...\nCall Trace:\n <IRQ>\n tick_sched_timer+0x22/0x90\n ? __pfx_tick_sched_timer+0x10/0x10\n __hrtimer_run_queues+0x111/0x2b0\n hrtimer_interrupt+0xfa/0x230\n __sysvec_apic_timer_interrupt+0x63/0x140\n sysvec_apic_timer_interrupt+0x7b/0xa0\n </IRQ>\n <TASK>\n asm_sysvec_apic_timer_interrupt+0x1f/0x30\n...\n------------[ cut here ]------------\nInterrupts enabled after iommu_suspend+0x0/0x1d0\nWARNING: CPU: 0 PID: 27420 at drivers/base/syscore.c:68 syscore_suspend+0x147/0x270\nCPU: 0 PID: 27420 Comm: rtcwake Tainted: G U W E 6.3-intel #r1\nRIP: 0010:syscore_suspend+0x147/0x270\n...\nCall Trace:\n <TASK>\n hibernation_snapshot+0x25b/0x670\n hibernate+0xcd/0x390\n state_store+0xcf/0xe0\n kobj_attr_store+0x13/0x30\n sysfs_kf_write+0x3f/0x50\n kernfs_fop_write_iter+0x128/0x200\n vfs_write+0x1fd/0x3c0\n ksys_write+0x6f/0xf0\n __x64_sys_write+0x1d/0x30\n do_syscall_64+0x3b/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\n\nGiven that only 4 words memory is needed, avoid the memory allocation in\niommu_suspend().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52559 was patched at 2024-05-15

8988. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52561) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved\n\nAdding a reserved memory region for the framebuffer memory\n(the splash memory region set up by the bootloader).\n\nIt fixes a kernel panic (arm-smmu: Unhandled context fault\nat this particular memory region) reported on DB845c running\nv5.10.y.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52561 was patched at 2024-05-15

8989. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52571) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npower: supply: rk817: Fix node refcount leak\n\nDan Carpenter reports that the Smatch static checker warning has found\nthat there is another refcount leak in the probe function. While\nof_node_put() was added in one of the return paths, it should in\nfact be added for ALL return paths that return an error and at driver\nremoval time.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52571 was patched at 2024-05-15

8990. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52581) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix memleak when more than 255 elements expired\n\nWhen more than 255 elements expired we're supposed to switch to a new gc\ncontainer structure.\n\nThis never happens: u8 type will wrap before reaching the boundary\nand nft_trans_gc_space() always returns true.\n\nThis means we recycle the initial gc container structure and\nlose track of the elements that came before.\n\nWhile at it, don't deref 'gc' after we've passed it to call_rcu.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-52581 was patched at 2024-05-22

oraclelinux: CVE-2023-52581 was patched at 2024-05-02, 2024-05-23

redhat: CVE-2023-52581 was patched at 2024-05-22

8991. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52585) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()\n\nReturn invalid error code -EINVAL for invalid block id.\n\nFixes the below:\n\ndrivers/gpu/drm/amd/amdgpu/amdgpu_ras.c:1183 amdgpu_ras_query_error_status_helper() error: we previously assumed 'info' could be null (see line 1176)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52585 was patched at 2024-05-15, 2024-06-02

8992. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52590) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: Avoid touching renamed directory if parent does not change\n\nThe VFS will not be locking moved directory if its parent does not\nchange. Change ocfs2 rename code to avoid touching renamed directory if\nits parent does not change as without locking that can corrupt the\nfilesystem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52590 was patched at 2024-05-15

8993. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52591) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nreiserfs: Avoid touching renamed directory if parent does not change\n\nThe VFS will not be locking moved directory if its parent does not\nchange. Change reiserfs rename code to avoid touching renamed directory\nif its parent does not change as without locking that can corrupt the\nfilesystem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52591 was patched at 2024-05-15

ubuntu: CVE-2023-52591 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

8994. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52596) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsysctl: Fix out of bounds access for empty sysctl registers\n\nWhen registering tables to the sysctl subsystem there is a check to see\nif header is a permanently empty directory (used for mounts). This check\nevaluates the first element of the ctl_table. This results in an out of\nbounds evaluation when registering empty directories.\n\nThe function register_sysctl_mount_point now passes a ctl_table of size\n1 instead of size 0. It now relies solely on the type to identify\na permanently empty register.\n\nMake sure that the ctl_table has at least one element before testing for\npermanent emptiness.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52596 was patched at 2024-05-15

8995. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52608) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Check mailbox/SMT channel for consistency\n\nOn reception of a completion interrupt the shared memory area is accessed\nto retrieve the message header at first and then, if the message sequence\nnumber identifies a transaction which is still pending, the related\npayload is fetched too.\n\nWhen an SCMI command times out the channel ownership remains with the\nplatform until eventually a late reply is received and, as a consequence,\nany further transmission attempt remains pending, waiting for the channel\nto be relinquished by the platform.\n\nOnce that late reply is received the channel ownership is given back\nto the agent and any pending request is then allowed to proceed and\noverwrite the SMT area of the just delivered late reply; then the wait\nfor the reply to the new request starts.\n\nIt has been observed that the spurious IRQ related to the late reply can\nbe wrongly associated with the freshly enqueued request: when that happens\nthe SCMI stack in-flight lookup procedure is fooled by the fact that the\nmessage header now present in the SMT area is related to the new pending\ntransaction, even though the real reply has still to arrive.\n\nThis race-condition on the A2P channel can be detected by looking at the\nchannel status bits: a genuine reply from the platform will have set the\nchannel free bit before triggering the completion IRQ.\n\nAdd a consistency check to validate such condition in the A2P ISR.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52608 was patched at 2024-05-15

ubuntu: CVE-2023-52608 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

8996. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52615) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwrng: core - Fix page fault dead lock on mmap-ed hwrng\n\nThere is a dead-lock in the hwrng device read path. This triggers\nwhen the user reads from /dev/hwrng into memory also mmap-ed from\n/dev/hwrng. The resulting page fault triggers a recursive read\nwhich then dead-locks.\n\nFix this by using a stack buffer when calling copy_to_user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52615 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52615 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-16, 2024-05-20, 2024-05-28, 2024-06-11

8997. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52616) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init\n\nWhen the mpi_ec_ctx structure is initialized, some fields are not\ncleared, causing a crash when referencing the field when the\nstructure was released. Initially, this issue was ignored because\nmemory for mpi_ec_ctx is allocated with the __GFP_ZERO flag.\nFor example, this error will be triggered when calculating the\nZa value for SM2 separately.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52616 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52616 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

8998. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52617) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: switchtec: Fix stdev_release() crash after surprise hot remove\n\nA PCI device hot removal may occur while stdev->cdev is held open. The call\nto stdev_release() then happens during close or exit, at a point way past\nswitchtec_pci_remove(). Otherwise the last ref would vanish with the\ntrailing put_device(), just before return.\n\nAt that later point in time, the devm cleanup has already removed the\nstdev->mmio_mrpc mapping. Also, the stdev->pdev reference was not a counted\none. Therefore, in DMA mode, the iowrite32() in stdev_release() will cause\na fatal page fault, and the subsequent dma_free_coherent(), if reached,\nwould pass a stale &stdev->pdev->dev pointer.\n\nFix by moving MRPC DMA shutdown into switchtec_pci_remove(), after\nstdev_kill(). Counting the stdev->pdev ref is now optional, but may prevent\nfuture accidents.\n\nReproducible via the script at\nhttps://lore.kernel.org/r/20231113212150.96410-1-dns@arista.com', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52617 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52617 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

8999. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52618) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock/rnbd-srv: Check for unlikely string overflow\n\nSince "dev_search_path" can technically be as large as PATH_MAX,\nthere was a risk of truncation when copying it and a second string\ninto "full_path" since it was also PATH_MAX sized. The W=1 builds were\nreporting this warning:\n\ndrivers/block/rnbd/rnbd-srv.c: In function 'process_msg_open.isra':\ndrivers/block/rnbd/rnbd-srv.c:616:51: warning: '%s' directive output may be truncated writing up to 254 bytes into a region of size between 0 and 4095 [-Wformat-truncation=]\n 616 | snprintf(full_path, PATH_MAX, "%s/%s",\n | ^~\nIn function 'rnbd_srv_get_full_path',\n inlined from 'process_msg_open.isra' at drivers/block/rnbd/rnbd-srv.c:721:14: drivers/block/rnbd/rnbd-srv.c:616:17: note: 'snprintf' output between 2 and 4351 bytes into a destination of size 4096\n 616 | snprintf(full_path, PATH_MAX, "%s/%s",\n | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n 617 | dev_search_path, dev_name);\n | ~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nTo fix this, unconditionally check for truncation (as was already done\nfor the case where "%SESSNAME%" was present).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52618 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52618 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9000. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52619) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npstore/ram: Fix crash when setting number of cpus to an odd number\n\nWhen the number of cpu cores is adjusted to 7 or other odd numbers,\nthe zone size will become an odd number.\nThe address of the zone will become:\n addr of zone0 = BASE\n addr of zone1 = BASE + zone_size\n addr of zone2 = BASE + zone_size*2\n ...\nThe address of zone1/3/5/7 will be mapped to non-alignment va.\nEventually crashes will occur when accessing these va.\n\nSo, use ALIGN_DOWN() to make sure the zone size is even\nto avoid this bug.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52619 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52619 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9001. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52620) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: disallow timeout for anonymous sets\n\nNever used from userspace, disallow these parameters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-52620 was patched at 2024-05-22

debian: CVE-2023-52620 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2023-52620 was patched at 2024-05-02, 2024-05-23

redhat: CVE-2023-52620 was patched at 2024-05-22

ubuntu: CVE-2023-52620 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9002. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52621) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check rcu_read_lock_trace_held() before calling bpf map helpers\n\nThese three bpf_map_{lookup,update,delete}_elem() helpers are also\navailable for sleepable bpf program, so add the corresponding lock\nassertion for sleepable bpf program, otherwise the following warning\nwill be reported when a sleepable bpf program manipulates bpf map under\ninterpreter mode (aka bpf_jit_enable=0):\n\n WARNING: CPU: 3 PID: 4985 at kernel/bpf/helpers.c:40 ......\n CPU: 3 PID: 4985 Comm: test_progs Not tainted 6.6.0+ #2\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ......\n RIP: 0010:bpf_map_lookup_elem+0x54/0x60\n ......\n Call Trace:\n <TASK>\n ? __warn+0xa5/0x240\n ? bpf_map_lookup_elem+0x54/0x60\n ? report_bug+0x1ba/0x1f0\n ? handle_bug+0x40/0x80\n ? exc_invalid_op+0x18/0x50\n ? asm_exc_invalid_op+0x1b/0x20\n ? __pfx_bpf_map_lookup_elem+0x10/0x10\n ? rcu_lockdep_current_cpu_online+0x65/0xb0\n ? rcu_is_watching+0x23/0x50\n ? bpf_map_lookup_elem+0x54/0x60\n ? __pfx_bpf_map_lookup_elem+0x10/0x10\n ___bpf_prog_run+0x513/0x3b70\n __bpf_prog_run32+0x9d/0xd0\n ? __bpf_prog_enter_sleepable_recur+0xad/0x120\n ? __bpf_prog_enter_sleepable_recur+0x3e/0x120\n bpf_trampoline_6442580665+0x4d/0x1000\n __x64_sys_getpgid+0x5/0x30\n ? do_syscall_64+0x36/0xb0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n </TASK>', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52621 was patched at 2024-05-15

ubuntu: CVE-2023-52621 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9003. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52622) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid online resizing failures due to oversized flex bg\n\nWhen we online resize an ext4 filesystem with a oversized flexbg_size,\n\n mkfs.ext4 -F -G 67108864 $dev -b 4096 100M\n mount $dev $dir\n resize2fs $dev 16G\n\nthe following WARN_ON is triggered:\n==================================================================\nWARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550\nModules linked in: sg(E)\nCPU: 0 PID: 427 Comm: resize2fs Tainted: G E 6.6.0-rc5+ #314\nRIP: 0010:__alloc_pages+0x411/0x550\nCall Trace:\n <TASK>\n __kmalloc_large_node+0xa2/0x200\n __kmalloc+0x16e/0x290\n ext4_resize_fs+0x481/0xd80\n __ext4_ioctl+0x1616/0x1d90\n ext4_ioctl+0x12/0x20\n __x64_sys_ioctl+0xf0/0x150\n do_syscall_64+0x3b/0x90\n==================================================================\n\nThis is because flexbg_size is too large and the size of the new_group_data\narray to be allocated exceeds MAX_ORDER. Currently, the minimum value of\nMAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding\nmaximum number of groups that can be allocated is:\n\n (PAGE_SIZE << MAX_ORDER) / sizeof(struct ext4_new_group_data) ≈ 21845\n\nAnd the value that is down-aligned to the power of 2 is 16384. Therefore,\nthis value is defined as MAX_RESIZE_BG, and the number of groups added\neach time does not exceed this value during resizing, and is added multiple\ntimes to complete the online resizing. The difference is that the metadata\nin a flex_bg may be more dispersed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52622 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52622 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9004. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52623) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: Fix a suspicious RCU usage warning\n\nI received the following warning while running cthon against an ontap\nserver running pNFS:\n\n[ 57.202521] =============================\n[ 57.202522] WARNING: suspicious RCU usage\n[ 57.202523] 6.7.0-rc3-g2cc14f52aeb7 #41492 Not tainted\n[ 57.202525] -----------------------------\n[ 57.202525] net/sunrpc/xprtmultipath.c:349 RCU-list traversed in non-reader section!!\n[ 57.202527]\n other info that might help us debug this:\n\n[ 57.202528]\n rcu_scheduler_active = 2, debug_locks = 1\n[ 57.202529] no locks held by test5/3567.\n[ 57.202530]\n stack backtrace:\n[ 57.202532] CPU: 0 PID: 3567 Comm: test5 Not tainted 6.7.0-rc3-g2cc14f52aeb7 #41492 5b09971b4965c0aceba19f3eea324a4a806e227e\n[ 57.202534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 2/2/2022\n[ 57.202536] Call Trace:\n[ 57.202537] <TASK>\n[ 57.202540] dump_stack_lvl+0x77/0xb0\n[ 57.202551] lockdep_rcu_suspicious+0x154/0x1a0\n[ 57.202556] rpc_xprt_switch_has_addr+0x17c/0x190 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202596] rpc_clnt_setup_test_and_add_xprt+0x50/0x180 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202621] ? rpc_clnt_add_xprt+0x254/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202646] rpc_clnt_add_xprt+0x27a/0x300 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202671] ? __pfx_rpc_clnt_setup_test_and_add_xprt+0x10/0x10 [sunrpc ebe02571b9a8ceebf7d98e71675af20c19bdb1f6]\n[ 57.202696] nfs4_pnfs_ds_connect+0x345/0x760 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202728] ? __pfx_nfs4_test_session_trunk+0x10/0x10 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202754] nfs4_fl_prepare_ds+0x75/0xc0 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]\n[ 57.202760] filelayout_write_pagelist+0x4a/0x200 [nfs_layout_nfsv41_files e3a4187f18ae8a27b630f9feae6831b584a9360a]\n[ 57.202765] pnfs_generic_pg_writepages+0xbe/0x230 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202788] __nfs_pageio_add_request+0x3fd/0x520 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202813] nfs_pageio_add_request+0x18b/0x390 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202831] nfs_do_writepage+0x116/0x1e0 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202849] nfs_writepages_callback+0x13/0x30 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202866] write_cache_pages+0x265/0x450\n[ 57.202870] ? __pfx_nfs_writepages_callback+0x10/0x10 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202891] nfs_writepages+0x141/0x230 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202913] do_writepages+0xd2/0x230\n[ 57.202917] ? filemap_fdatawrite_wbc+0x5c/0x80\n[ 57.202921] filemap_fdatawrite_wbc+0x67/0x80\n[ 57.202924] filemap_write_and_wait_range+0xd9/0x170\n[ 57.202930] nfs_wb_all+0x49/0x180 [nfs 6c976fa593a7c2976f5a0aeb4965514a828e6902]\n[ 57.202947] nfs4_file_flush+0x72/0xb0 [nfsv4 c716d88496ded0ea6d289bbea684fa996f9b57a9]\n[ 57.202969] __se_sys_close+0x46/0xd0\n[ 57.202972] do_syscall_64+0x68/0x100\n[ 57.202975] ? do_syscall_64+0x77/0x100\n[ 57.202976] ? do_syscall_64+0x77/0x100\n[ 57.202979] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 57.202982] RIP: 0033:0x7fe2b12e4a94\n[ 57.202985] Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d d5 18 0e 00 00 74 13 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 44 c3 0f 1f 00 48 83 ec 18 89 7c 24 0c e8 c3\n[ 57.202987] RSP: 002b:00007ffe857ddb38 EFLAGS: 00000202 ORIG_RAX: 0000000000000003\n[ 57.202989] RAX: ffffffffffffffda RBX: 00007ffe857dfd68 RCX: 00007fe2b12e4a94\n[ 57.202991] RDX: 0000000000002000 RSI: 00007ffe857ddc40 RDI: 0000000000000003\n[ 57.202992] RBP: 00007ffe857dfc50 R08: 7fffffffffffffff R09: 0000000065650f49\n[ 57.202993] R10: 00007f\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52623 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52623 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9005. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52624) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Wake DMCUB before executing GPINT commands\n\n[Why]\nDMCUB can be in idle when we attempt to interface with the HW through\nthe GPINT mailbox resulting in a system hang.\n\n[How]\nAdd dc_wake_and_execute_gpint() to wrap the wake, execute, sleep\nsequence.\n\nIf the GPINT executes successfully then DMCUB will be put back into\nsleep after the optional response is returned.\n\nIt functions similar to the inbox command interface.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52624 was patched at 2024-05-15

9006. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52625) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Refactor DMCUB enter/exit idle interface\n\n[Why]\nWe can hang in place trying to send commands when the DMCUB isn't\npowered on.\n\n[How]\nWe need to exit out of the idle state prior to sending a command,\nbut the process that performs the exit also invokes a command itself.\n\nFixing this issue involves the following:\n\n1. Using a software state to track whether or not we need to start\n the process to exit idle or notify idle.\n\nIt's possible for the hardware to have exited an idle state without\ndriver knowledge, but entering one is always restricted to a driver\nallow - which makes the SW state vs HW state mismatch issue purely one\nof optimization, which should seldomly be hit, if at all.\n\n2. Refactor any instances of exit/notify idle to use a single wrapper\n that maintains this SW state.\n\nThis works simialr to dc_allow_idle_optimizations, but works at the\nDMCUB level and makes sure the state is marked prior to any notify/exit\nidle so we don't enter an infinite loop.\n\n3. Make sure we exit out of idle prior to sending any commands or\n waiting for DMCUB idle.\n\nThis patch takes care of 1/2. A future patch will take care of wrapping\nDMCUB command submission with calls to this new interface.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52625 was patched at 2024-05-15

9007. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52627) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7091r: Allow users to configure device events\n\nAD7091R-5 devices are supported by the ad7091r-5 driver together with\nthe ad7091r-base driver. Those drivers declared iio events for notifying\nuser space when ADC readings fall bellow the thresholds of low limit\nregisters or above the values set in high limit registers.\nHowever, to configure iio events and their thresholds, a set of callback\nfunctions must be implemented and those were not present until now.\nThe consequence of trying to configure ad7091r-5 events without the\nproper callback functions was a null pointer dereference in the kernel\nbecause the pointers to the callback functions were not set.\n\nImplement event configuration callbacks allowing users to read/write\nevent thresholds and enable/disable event generation.\n\nSince the event spec structs are generic to AD7091R devices, also move\nthose from the ad7091r-5 driver the base driver so they can be reused\nwhen support for ad7091r-2/-4/-8 be added.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52627 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52627 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9008. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52628) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nftables: exthdr: fix 4-byte stack OOB write\n\nIf priv->len is a multiple of 4, then dst[len / 4] can write past\nthe destination array which leads to stack corruption.\n\nThis construct is necessary to clean the remainder of the register\nin case ->len is NOT a multiple of the register size, so make it\nconditional just like nft_payload.c does.\n\nThe bug was added in 4.1 cycle and then copied/inherited when\ntcp/sctp and ip option support was added.\n\nBug reported by Zero Day Initiative project (ZDI-CAN-21950,\nZDI-CAN-21951, ZDI-CAN-21961).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52628 was patched at 2024-05-15

redhat: CVE-2023-52628 was patched at 2024-05-15, 2024-05-28

9009. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52631) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix an NULL dereference bug\n\nThe issue here is when this is called from ntfs_load_attr_list(). The\n"size" comes from le32_to_cpu(attr->res.data_size) so it can't overflow\non a 64bit systems but on 32bit systems the "+ 1023" can overflow and\nthe result is zero. This means that the kmalloc will succeed by\nreturning the ZERO_SIZE_PTR and then the memcpy() will crash with an\nOops on the next line.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52631 was patched at 2024-05-15

ubuntu: CVE-2023-52631 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9010. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52632) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix lock dependency warning with srcu\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.5.0-kfd-yangp #2289 Not tainted\n------------------------------------------------------\nkworker/0:2/996 is trying to acquire lock:\n (srcu){.+.+}-{0:0}, at: __synchronize_srcu+0x5/0x1a0\n\nbut task is already holding lock:\n ((work_completion)(&svms->deferred_list_work)){+.+.}-{0:0}, at:\n\tprocess_one_work+0x211/0x560\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #3 ((work_completion)(&svms->deferred_list_work)){+.+.}-{0:0}:\n __flush_work+0x88/0x4f0\n svm_range_list_lock_and_flush_work+0x3d/0x110 [amdgpu]\n svm_range_set_attr+0xd6/0x14c0 [amdgpu]\n kfd_ioctl+0x1d1/0x630 [amdgpu]\n __x64_sys_ioctl+0x88/0xc0\n\n-> #2 (&info->lock#2){+.+.}-{3:3}:\n __mutex_lock+0x99/0xc70\n amdgpu_amdkfd_gpuvm_restore_process_bos+0x54/0x740 [amdgpu]\n restore_process_helper+0x22/0x80 [amdgpu]\n restore_process_worker+0x2d/0xa0 [amdgpu]\n process_one_work+0x29b/0x560\n worker_thread+0x3d/0x3d0\n\n-> #1 ((work_completion)(&(&process->restore_work)->work)){+.+.}-{0:0}:\n __flush_work+0x88/0x4f0\n __cancel_work_timer+0x12c/0x1c0\n kfd_process_notifier_release_internal+0x37/0x1f0 [amdgpu]\n __mmu_notifier_release+0xad/0x240\n exit_mmap+0x6a/0x3a0\n mmput+0x6a/0x120\n do_exit+0x322/0xb90\n do_group_exit+0x37/0xa0\n __x64_sys_exit_group+0x18/0x20\n do_syscall_64+0x38/0x80\n\n-> #0 (srcu){.+.+}-{0:0}:\n __lock_acquire+0x1521/0x2510\n lock_sync+0x5f/0x90\n __synchronize_srcu+0x4f/0x1a0\n __mmu_notifier_release+0x128/0x240\n exit_mmap+0x6a/0x3a0\n mmput+0x6a/0x120\n svm_range_deferred_list_work+0x19f/0x350 [amdgpu]\n process_one_work+0x29b/0x560\n worker_thread+0x3d/0x3d0\n\nother info that might help us debug this:\nChain exists of:\n srcu --> &info->lock#2 --> (work_completion)(&svms->deferred_list_work)\n\nPossible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock((work_completion)(&svms->deferred_list_work));\n lock(&info->lock#2);\n\t\t\tlock((work_completion)(&svms->deferred_list_work));\n sync(srcu);', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52632 was patched at 2024-05-15

ubuntu: CVE-2023-52632 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9011. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52633) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\num: time-travel: fix time corruption\n\nIn 'basic' time-travel mode (without =inf-cpu or =ext), we\nstill get timer interrupts. These can happen at arbitrary\npoints in time, i.e. while in timer_read(), which pushes\ntime forward just a little bit. Then, if we happen to get\nthe interrupt after calculating the new time to push to,\nbut before actually finishing that, the interrupt will set\nthe time to a value that's incompatible with the forward,\nand we'll crash because time goes backwards when we do the\nforwarding.\n\nFix this by reading the time_travel_time, calculating the\nadjustment, and doing the adjustment all with interrupts\ndisabled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52633 was patched at 2024-05-15

ubuntu: CVE-2023-52633 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9012. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52634) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix disable_otg_wa logic\n\n[Why]\nWhen switching to another HDMI mode, we are unnecesarilly\ndisabling/enabling FIFO causing both HPO and DIG registers to be set at\nthe same time when only HPO is supposed to be set.\n\nThis can lead to a system hang the next time we change refresh rates as\nthere are cases when we don't disable OTG/FIFO but FIFO is enabled when\nit isn't supposed to be.\n\n[How]\nRemoving the enable/disable FIFO entirely.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52634 was patched at 2024-05-15

9013. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52635) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nPM / devfreq: Synchronize devfreq_monitor_[start/stop]\n\nThere is a chance if a frequent switch of the governor\ndone in a loop result in timer list corruption where\ntimer cancel being done from two place one from\ncancel_delayed_work_sync() and followed by expire_timers()\ncan be seen from the traces[1].\n\nwhile true\ndo\n echo "simple_ondemand" > /sys/class/devfreq/1d84000.ufshc/governor\n echo "performance" > /sys/class/devfreq/1d84000.ufshc/governor\ndone\n\nIt looks to be issue with devfreq driver where\ndevice_monitor_[start/stop] need to synchronized so that\ndelayed work should get corrupted while it is either\nbeing queued or running or being cancelled.\n\nLet's use polling flag and devfreq lock to synchronize the\nqueueing the timer instance twice and work data being\ncorrupted.\n\n[1]\n...\n..\n<idle>-0 [003] 9436.209662: timer_cancel timer=0xffffff80444f0428\n<idle>-0 [003] 9436.209664: timer_expire_entry timer=0xffffff80444f0428 now=0x10022da1c function=__typeid__ZTSFvP10timer_listE_global_addr baseclk=0x10022da1c\n<idle>-0 [003] 9436.209718: timer_expire_exit timer=0xffffff80444f0428\nkworker/u16:6-14217 [003] 9436.209863: timer_start timer=0xffffff80444f0428 function=__typeid__ZTSFvP10timer_listE_global_addr expires=0x10022da2b now=0x10022da1c flags=182452227\nvendor.xxxyyy.ha-1593 [004] 9436.209888: timer_cancel timer=0xffffff80444f0428\nvendor.xxxyyy.ha-1593 [004] 9436.216390: timer_init timer=0xffffff80444f0428\nvendor.xxxyyy.ha-1593 [004] 9436.216392: timer_start timer=0xffffff80444f0428 function=__typeid__ZTSFvP10timer_listE_global_addr expires=0x10022da2c now=0x10022da1d flags=186646532\nvendor.xxxyyy.ha-1593 [005] 9436.220992: timer_cancel timer=0xffffff80444f0428\nxxxyyyTraceManag-7795 [004] 9436.261641: timer_cancel timer=0xffffff80444f0428\n\n[2]\n\n 9436.261653][ C4] Unable to handle kernel paging request at virtual address dead00000000012a\n[ 9436.261664][ C4] Mem abort info:\n[ 9436.261666][ C4] ESR = 0x96000044\n[ 9436.261669][ C4] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 9436.261671][ C4] SET = 0, FnV = 0\n[ 9436.261673][ C4] EA = 0, S1PTW = 0\n[ 9436.261675][ C4] Data abort info:\n[ 9436.261677][ C4] ISV = 0, ISS = 0x00000044\n[ 9436.261680][ C4] CM = 0, WnR = 1\n[ 9436.261682][ C4] [dead00000000012a] address between user and kernel address ranges\n[ 9436.261685][ C4] Internal error: Oops: 96000044 [#1] PREEMPT SMP\n[ 9436.261701][ C4] Skip md ftrace buffer dump for: 0x3a982d0\n...\n\n[ 9436.262138][ C4] CPU: 4 PID: 7795 Comm: TraceManag Tainted: G S W O 5.10.149-android12-9-o-g17f915d29d0c #1\n[ 9436.262141][ C4] Hardware name: Qualcomm Technologies, Inc. (DT)\n[ 9436.262144][ C4] pstate: 22400085 (nzCv daIf +PAN -UAO +TCO BTYPE=--)\n[ 9436.262161][ C4] pc : expire_timers+0x9c/0x438\n[ 9436.262164][ C4] lr : expire_timers+0x2a4/0x438\n[ 9436.262168][ C4] sp : ffffffc010023dd0\n[ 9436.262171][ C4] x29: ffffffc010023df0 x28: ffffffd0636fdc18\n[ 9436.262178][ C4] x27: ffffffd063569dd0 x26: ffffffd063536008\n[ 9436.262182][ C4] x25: 0000000000000001 x24: ffffff88f7c69280\n[ 9436.262185][ C4] x23: 00000000000000e0 x22: dead000000000122\n[ 9436.262188][ C4] x21: 000000010022da29 x20: ffffff8af72b4e80\n[ 9436.262191][ C4] x19: ffffffc010023e50 x18: ffffffc010025038\n[ 9436.262195][ C4] x17: 0000000000000240 x16: 0000000000000201\n[ 9436.262199][ C4] x15: ffffffffffffffff x14: ffffff889f3c3100\n[ 9436.262203][ C4] x13: ffffff889f3c3100 x12: 00000000049f56b8\n[ 9436.262207][ C4] x11: 00000000049f56b8 x10: 00000000ffffffff\n[ 9436.262212][ C4] x9 : ffffffc010023e50 x8 : dead000000000122\n[ 9436.262216][ C4] x7 : ffffffffffffffff x6 : ffffffc0100239d8\n[ 9436.262220][ C4] x5 : 0000000000000000 x4 : 0000000000000101\n[ 9436.262223][ C4] x3 : 0000000000000080 x2 : ffffff8\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52635 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52635 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9014. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52638) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncan: j1939: prevent deadlock by changing j1939_socks_lock to rwlock\n\nThe following 3 locks would race against each other, causing the\ndeadlock situation in the Syzbot bug report:\n\n- j1939_socks_lock\n- active_session_list_lock\n- sk_session_queue_lock\n\nA reasonable fix is to change j1939_socks_lock to an rwlock, since in\nthe rare situations where a write lock is required for the linked list\nthat j1939_socks_lock is protecting, the code does not attempt to\nacquire any more locks. This would break the circular lock dependency,\nwhere, for example, the current thread already locks j1939_socks_lock\nand attempts to acquire sk_session_queue_lock, and at the same time,\nanother thread attempts to acquire j1939_socks_lock while holding\nsk_session_queue_lock.\n\nNOTE: This patch along does not fix the unregister_netdevice bug\nreported by Syzbot; instead, it solves a deadlock situation to prepare\nfor one or more further patches to actually fix the Syzbot bug, which\nappears to be a reference counting problem within the j1939 codebase.\n\n[mkl: remove unrelated newline change]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52638 was patched at 2024-05-15

ubuntu: CVE-2023-52638 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9015. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52639) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: s390: vsie: fix race during shadow creation\n\nRight now it is possible to see gmap->private being zero in\nkvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the\nfact that we add gmap->private == kvm after creation:\n\nstatic int acquire_gmap_shadow(struct kvm_vcpu *vcpu,\n struct vsie_page *vsie_page)\n{\n[...]\n gmap = gmap_shadow(vcpu->arch.gmap, asce, edat);\n if (IS_ERR(gmap))\n return PTR_ERR(gmap);\n gmap->private = vcpu->kvm;\n\nLet children inherit the private field of the parent.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52639 was patched at 2024-05-15

redhat: CVE-2023-52639 was patched at 2024-06-12

9016. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52640) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix oob in ntfs_listxattr\n\nThe length of name cannot exceed the space occupied by ea.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52640 was patched at 2024-05-15

ubuntu: CVE-2023-52640 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9017. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52641) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()\n\nIt is preferable to exit through the out: label because\ninternal debugging functions are located there.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52641 was patched at 2024-05-15

ubuntu: CVE-2023-52641 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9018. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52642) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: rc: bpf attach/detach requires write permission\n\nNote that bpf attach/detach also requires CAP_NET_ADMIN.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52642 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52642 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9019. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52643) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\niio: core: fix memleak in iio_device_register_sysfs\n\nWhen iio_device_register_sysfs_group() fails, we should\nfree iio_dev_opaque->chan_attr_group.attrs to prevent\npotential memleak.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52643 was patched at 2024-05-15

ubuntu: CVE-2023-52643 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9020. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52644) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled\n\nWhen QoS is disabled, the queue priority value will not map to the correct\nieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS\nis disabled to prevent trying to stop/wake a non-existent queue and failing\nto stop/wake the actual queue instantiated.\n\nLog of issue before change (with kernel parameter qos=0):\n [ +5.112651] ------------[ cut here ]------------\n [ +0.000005] WARNING: CPU: 7 PID: 25513 at net/mac80211/util.c:449 __ieee80211_wake_queue+0xd5/0x180 [mac80211]\n [ +0.000067] Modules linked in: b43(O) snd_seq_dummy snd_hrtimer snd_seq snd_seq_device nft_chain_nat xt_MASQUERADE nf_nat xfrm_user xfrm_algo xt_addrtype overlay ccm af_packet amdgpu snd_hda_codec_cirrus snd_hda_codec_generic ledtrig_audio drm_exec amdxcp gpu_sched xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6t_rpfilter ipt_rpfilter xt_pkttype xt_LOG nf_log_syslog xt_tcpudp nft_compat nf_tables nfnetlink sch_fq_codel btusb uinput iTCO_wdt ctr btrtl intel_pmc_bxt i915 intel_rapl_msr mei_hdcp mei_pxp joydev at24 watchdog btintel atkbd libps2 serio radeon btbcm vivaldi_fmap btmtk intel_rapl_common snd_hda_codec_hdmi bluetooth uvcvideo nls_iso8859_1 applesmc nls_cp437 x86_pkg_temp_thermal snd_hda_intel intel_powerclamp vfat videobuf2_vmalloc coretemp fat snd_intel_dspcfg crc32_pclmul uvc polyval_clmulni snd_intel_sdw_acpi loop videobuf2_memops snd_hda_codec tun drm_suballoc_helper polyval_generic drm_ttm_helper drm_buddy tap ecdh_generic videobuf2_v4l2 gf128mul macvlan ttm ghash_clmulni_intel ecc tg3\n [ +0.000044] videodev bridge snd_hda_core rapl crc16 drm_display_helper cec mousedev snd_hwdep evdev intel_cstate bcm5974 hid_appleir videobuf2_common stp mac_hid libphy snd_pcm drm_kms_helper acpi_als mei_me intel_uncore llc mc snd_timer intel_gtt industrialio_triggered_buffer apple_mfi_fastcharge i2c_i801 mei snd lpc_ich agpgart ptp i2c_smbus thunderbolt apple_gmux i2c_algo_bit kfifo_buf video industrialio soundcore pps_core wmi tiny_power_button sbs sbshc button ac cordic bcma mac80211 cfg80211 ssb rfkill libarc4 kvm_intel kvm drm irqbypass fuse backlight firmware_class efi_pstore configfs efivarfs dmi_sysfs ip_tables x_tables autofs4 dm_crypt cbc encrypted_keys trusted asn1_encoder tee tpm rng_core input_leds hid_apple led_class hid_generic usbhid hid sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic ahci libahci libata uhci_hcd ehci_pci ehci_hcd crct10dif_pclmul crct10dif_common sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 aesni_intel usbcore scsi_mod libaes crypto_simd cryptd scsi_common\n [ +0.000055] usb_common rtc_cmos btrfs blake2b_generic libcrc32c crc32c_generic crc32c_intel xor raid6_pq dm_snapshot dm_bufio dm_mod dax [last unloaded: b43(O)]\n [ +0.000009] CPU: 7 PID: 25513 Comm: irq/17-b43 Tainted: G W O 6.6.7 #1-NixOS\n [ +0.000003] Hardware name: Apple Inc. MacBookPro8,3/Mac-942459F5819B171B, BIOS 87.0.0.0.0 06/13/2019\n [ +0.000001] RIP: 0010:__ieee80211_wake_queue+0xd5/0x180 [mac80211]\n [ +0.000046] Code: 00 45 85 e4 0f 85 9b 00 00 00 48 8d bd 40 09 00 00 f0 48 0f ba ad 48 09 00 00 00 72 0f 5b 5d 41 5c 41 5d 41 5e e9 cb 6d 3c d0 <0f> 0b 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc cc 48 8d b4 16 94 00 00\n [ +0.000002] RSP: 0018:ffffc90003c77d60 EFLAGS: 00010097\n [ +0.000001] RAX: 0000000000000001 RBX: 0000000000000002 RCX: 0000000000000000\n [ +0.000001] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff88820b924900\n [ +0.000002] RBP: ffff88820b924900 R08: ffffc90003c77d90 R09: 000000000003bfd0\n [ +0.000001] R10: ffff88820b924900 R11: ffffc90003c77c68 R12: 0000000000000000\n [ +0.000001] R13: 0000000000000000 R14: ffffc90003c77d90 R15: ffffffffc0fa6f40\n [ +0.000001] FS: 0000000000000000(0000) GS:ffff88846fb80000(0000) knlGS:0000000000000000\n [ +0.000001] CS: 0010 DS: 0\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52644 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52644 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9021. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52646) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\naio: fix mremap after fork null-deref\n\nCommit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced\na null-deref if mremap is called on an old aio mapping after fork as\nmm->ioctx_table will be set to NULL.\n\n[jmoyer@redhat.com: fix 80 column issue]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52646 was patched at 2024-05-15

9022. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52650) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tegra: dsi: Add missing check for of_find_device_by_node\n\nAdd check for the return value of of_find_device_by_node() and return\nthe error if it fails in order to avoid NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52650 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2023-52650 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9023. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52652) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nNTB: fix possible name leak in ntb_register_device()\n\nIf device_register() fails in ntb_register_device(), the device name\nallocated by dev_set_name() should be freed. As per the comment in\ndevice_register(), callers should use put_device() to give up the\nreference in the error path. So fix this by calling put_device() in the\nerror path so that the name can be freed in kobject_cleanup().\n\nAs a result of this, put_device() in the error path of\nntb_register_device() is removed and the actual error is returned.\n\n[mani: reworded commit message]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52652 was patched at 2024-05-15

ubuntu: CVE-2023-52652 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9024. Unknown Vulnerability Type - Linux Kernel (CVE-2023-52653) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: fix a memleak in gss_import_v2_context\n\nThe ctx->mech_used.data allocated by kmemdup is not freed in neither\ngss_import_v2_context nor it only caller gss_krb5_import_sec_context,\nwhich frees ctx on error.\n\nThus, this patch reform the last call of gss_import_v2_context to the\ngss_krb5_import_ctx_v2, preventing the memleak while keepping the return\nformation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52653 was patched at 2024-05-15

ubuntu: CVE-2023-52653 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9025. Unknown Vulnerability Type - Linux Kernel (CVE-2024-1151) - Low [150]

Description: {'vulners_cve_data_all': 'A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-1151 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-1151 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9026. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26614) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: make sure init the accept_queue's spinlocks once\n\nWhen I run syz's reproduction C program locally, it causes the following\nissue:\npvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0!\nWARNING: CPU: 19 PID: 21160 at __pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508)\nHardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\nRIP: 0010:__pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508)\nCode: 73 56 3a ff 90 c3 cc cc cc cc 8b 05 bb 1f 48 01 85 c0 74 05 c3 cc cc cc cc 8b 17 48 89 fe 48 c7 c7\n30 20 ce 8f e8 ad 56 42 ff <0f> 0b c3 cc cc cc cc 0f 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90\nRSP: 0018:ffffa8d200604cb8 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9d1ef60e0908\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff9d1ef60e0900\nRBP: ffff9d181cd5c280 R08: 0000000000000000 R09: 00000000ffff7fff\nR10: ffffa8d200604b68 R11: ffffffff907dcdc8 R12: 0000000000000000\nR13: ffff9d181cd5c660 R14: ffff9d1813a3f330 R15: 0000000000001000\nFS: 00007fa110184640(0000) GS:ffff9d1ef60c0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000000 CR3: 000000011f65e000 CR4: 00000000000006f0\nCall Trace:\n<IRQ>\n _raw_spin_unlock (kernel/locking/spinlock.c:186)\n inet_csk_reqsk_queue_add (net/ipv4/inet_connection_sock.c:1321)\n inet_csk_complete_hashdance (net/ipv4/inet_connection_sock.c:1358)\n tcp_check_req (net/ipv4/tcp_minisocks.c:868)\n tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2260)\n ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205)\n ip_local_deliver_finish (net/ipv4/ip_input.c:234)\n __netif_receive_skb_one_core (net/core/dev.c:5529)\n process_backlog (./include/linux/rcupdate.h:779)\n __napi_poll (net/core/dev.c:6533)\n net_rx_action (net/core/dev.c:6604)\n __do_softirq (./arch/x86/include/asm/jump_label.h:27)\n do_softirq (kernel/softirq.c:454 kernel/softirq.c:441)\n</IRQ>\n<TASK>\n __local_bh_enable_ip (kernel/softirq.c:381)\n __dev_queue_xmit (net/core/dev.c:4374)\n ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:235)\n __ip_queue_xmit (net/ipv4/ip_output.c:535)\n __tcp_transmit_skb (net/ipv4/tcp_output.c:1462)\n tcp_rcv_synsent_state_process (net/ipv4/tcp_input.c:6469)\n tcp_rcv_state_process (net/ipv4/tcp_input.c:6657)\n tcp_v4_do_rcv (net/ipv4/tcp_ipv4.c:1929)\n __release_sock (./include/net/sock.h:1121 net/core/sock.c:2968)\n release_sock (net/core/sock.c:3536)\n inet_wait_for_connect (net/ipv4/af_inet.c:609)\n __inet_stream_connect (net/ipv4/af_inet.c:702)\n inet_stream_connect (net/ipv4/af_inet.c:748)\n __sys_connect (./include/linux/file.h:45 net/socket.c:2064)\n __x64_sys_connect (net/socket.c:2073 net/socket.c:2070 net/socket.c:2070)\n do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:82)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)\n RIP: 0033:0x7fa10ff05a3d\n Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89\n c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ab a3 0e 00 f7 d8 64 89 01 48\n RSP: 002b:00007fa110183de8 EFLAGS: 00000202 ORIG_RAX: 000000000000002a\n RAX: ffffffffffffffda RBX: 0000000020000054 RCX: 00007fa10ff05a3d\n RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003\n RBP: 00007fa110183e20 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000202 R12: 00007fa110184640\n R13: 0000000000000000 R14: 00007fa10fe8b060 R15: 00007fff73e23b20\n</TASK>\n\nThe issue triggering process is analyzed as follows:\nThread A Thread B\ntcp_v4_rcv\t//receive ack TCP packet inet_shutdown\n tcp_check_req tcp_disconnect //disconnect sock\n ... tcp_set_state(sk, TCP_CLOSE)\n inet_csk_complete_hashdance ...\n inet_csk_reqsk_queue_add \n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26614 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26614 was patched at 2024-05-07, 2024-05-15, 2024-05-16, 2024-05-20, 2024-05-21, 2024-05-23, 2024-05-28, 2024-06-11

9027. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26618) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64/sme: Always exit sme_alloc() early with existing storage\n\nWhen sme_alloc() is called with existing storage and we are not flushing we\nwill always allocate new storage, both leaking the existing storage and\ncorrupting the state. Fix this by separating the checks for flushing and\nfor existing storage as we do for SVE.\n\nCallers that reallocate (eg, due to changing the vector length) should\ncall sme_free() themselves.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26618 was patched at 2024-05-15

ubuntu: CVE-2024-26618 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9028. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26620) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/vfio-ap: always filter entire AP matrix\n\nThe vfio_ap_mdev_filter_matrix function is called whenever a new adapter or\ndomain is assigned to the mdev. The purpose of the function is to update\nthe guest's AP configuration by filtering the matrix of adapters and\ndomains assigned to the mdev. When an adapter or domain is assigned, only\nthe APQNs associated with the APID of the new adapter or APQI of the new\ndomain are inspected. If an APQN does not reference a queue device bound to\nthe vfio_ap device driver, then it's APID will be filtered from the mdev's\nmatrix when updating the guest's AP configuration.\n\nInspecting only the APID of the new adapter or APQI of the new domain will\nresult in passing AP queues through to a guest that are not bound to the\nvfio_ap device driver under certain circumstances. Consider the following:\n\nguest's AP configuration (all also assigned to the mdev's matrix):\n14.0004\n14.0005\n14.0006\n16.0004\n16.0005\n16.0006\n\nunassign domain 4\nunbind queue 16.0005\nassign domain 4\n\nWhen domain 4 is re-assigned, since only domain 4 will be inspected, the\nAPQNs that will be examined will be:\n14.0004\n16.0004\n\nSince both of those APQNs reference queue devices that are bound to the\nvfio_ap device driver, nothing will get filtered from the mdev's matrix\nwhen updating the guest's AP configuration. Consequently, queue 16.0005\nwill get passed through despite not being bound to the driver. This\nviolates the linux device model requirement that a guest shall only be\ngiven access to devices bound to the device driver facilitating their\npass-through.\n\nTo resolve this problem, every adapter and domain assigned to the mdev will\nbe inspected when filtering the mdev's matrix.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26620 was patched at 2024-05-15

ubuntu: CVE-2024-26620 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9029. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26629) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix RELEASE_LOCKOWNER\n\nThe test on so_count in nfsd4_release_lockowner() is nonsense and\nharmful. Revert to using check_for_locks(), changing that to not sleep.\n\nFirst: harmful.\nAs is documented in the kdoc comment for nfsd4_release_lockowner(), the\ntest on so_count can transiently return a false positive resulting in a\nreturn of NFS4ERR_LOCKS_HELD when in fact no locks are held. This is\nclearly a protocol violation and with the Linux NFS client it can cause\nincorrect behaviour.\n\nIf RELEASE_LOCKOWNER is sent while some other thread is still\nprocessing a LOCK request which failed because, at the time that request\nwas received, the given owner held a conflicting lock, then the nfsd\nthread processing that LOCK request can hold a reference (conflock) to\nthe lock owner that causes nfsd4_release_lockowner() to return an\nincorrect error.\n\nThe Linux NFS client ignores that NFS4ERR_LOCKS_HELD error because it\nnever sends NFS4_RELEASE_LOCKOWNER without first releasing any locks, so\nit knows that the error is impossible. It assumes the lock owner was in\nfact released so it feels free to use the same lock owner identifier in\nsome later locking request.\n\nWhen it does reuse a lock owner identifier for which a previous RELEASE\nfailed, it will naturally use a lock_seqid of zero. However the server,\nwhich didn't release the lock owner, will expect a larger lock_seqid and\nso will respond with NFS4ERR_BAD_SEQID.\n\nSo clearly it is harmful to allow a false positive, which testing\nso_count allows.\n\nThe test is nonsense because ... well... it doesn't mean anything.\n\nso_count is the sum of three different counts.\n1/ the set of states listed on so_stateids\n2/ the set of active vfs locks owned by any of those states\n3/ various transient counts such as for conflicting locks.\n\nWhen it is tested against '2' it is clear that one of these is the\ntransient reference obtained by find_lockowner_str_locked(). It is not\nclear what the other one is expected to be.\n\nIn practice, the count is often 2 because there is precisely one state\non so_stateids. If there were more, this would fail.\n\nIn my testing I see two circumstances when RELEASE_LOCKOWNER is called.\nIn one case, CLOSE is called before RELEASE_LOCKOWNER. That results in\nall the lock states being removed, and so the lockowner being discarded\n(it is removed when there are no more references which usually happens\nwhen the lock state is discarded). When nfsd4_release_lockowner() finds\nthat the lock owner doesn't exist, it returns success.\n\nThe other case shows an so_count of '2' and precisely one state listed\nin so_stateid. It appears that the Linux client uses a separate lock\nowner for each file resulting in one lock state per lock owner, so this\ntest on '2' is safe. For another client it might not be safe.\n\nSo this patch changes check_for_locks() to use the (newish)\nfind_any_file_locked() so that it doesn't take a reference on the\nnfs4_file and so never calls nfsd_file_put(), and so never sleeps. With\nthis check is it safe to restore the use of check_for_locks() rather\nthan testing so_count against the mysterious '2'.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26629 was patched at 2024-05-15

ubuntu: CVE-2024-26629 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9030. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26635) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nllc: Drop support for ETH_P_TR_802_2.\n\nsyzbot reported an uninit-value bug below. [0]\n\nllc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2\n(0x0011), and syzbot abused the latter to trigger the bug.\n\n write$tun(r0, &(0x7f0000000040)={@val={0x0, 0x11}, @val, @mpls={[], @llc={@snap={0xaa, 0x1, ')', "90e5dd"}}}}, 0x16)\n\nllc_conn_handler() initialises local variables {saddr,daddr}.mac\nbased on skb in llc_pdu_decode_sa()/llc_pdu_decode_da() and passes\nthem to __llc_lookup().\n\nHowever, the initialisation is done only when skb->protocol is\nhtons(ETH_P_802_2), otherwise, __llc_lookup_established() and\n__llc_lookup_listener() will read garbage.\n\nThe missing initialisation existed prior to commit 211ed865108e\n("net: delete all instances of special processing for token ring").\n\nIt removed the part to kick out the token ring stuff but forgot to\nclose the door allowing ETH_P_TR_802_2 packets to sneak into llc_rcv().\n\nLet's remove llc_tr_packet_type and complete the deprecation.\n\n[0]:\nBUG: KMSAN: uninit-value in __llc_lookup_established+0xe9d/0xf90\n __llc_lookup_established+0xe9d/0xf90\n __llc_lookup net/llc/llc_conn.c:611 [inline]\n llc_conn_handler+0x4bd/0x1360 net/llc/llc_conn.c:791\n llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206\n __netif_receive_skb_one_core net/core/dev.c:5527 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5641\n netif_receive_skb_internal net/core/dev.c:5727 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5786\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555\n tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2020 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x8ef/0x1490 fs/read_write.c:584\n ksys_write+0x20f/0x4c0 fs/read_write.c:637\n __do_sys_write fs/read_write.c:649 [inline]\n __se_sys_write fs/read_write.c:646 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:646\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nLocal variable daddr created at:\n llc_conn_handler+0x53/0x1360 net/llc/llc_conn.c:783\n llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206\n\nCPU: 1 PID: 5004 Comm: syz-executor994 Not tainted 6.6.0-syzkaller-14500-g1c41041124bd #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26635 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26635 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-16, 2024-05-20, 2024-05-21, 2024-05-23, 2024-05-28, 2024-06-11

9031. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26636) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nllc: make llc_ui_sendmsg() more robust against bonding changes\n\nsyzbot was able to trick llc_ui_sendmsg(), allocating an skb with no\nheadroom, but subsequently trying to push 14 bytes of Ethernet header [1]\n\nLike some others, llc_ui_sendmsg() releases the socket lock before\ncalling sock_alloc_send_skb().\nThen it acquires it again, but does not redo all the sanity checks\nthat were performed.\n\nThis fix:\n\n- Uses LL_RESERVED_SPACE() to reserve space.\n- Check all conditions again after socket lock is held again.\n- Do not account Ethernet header for mtu limitation.\n\n[1]\n\nskbuff: skb_under_panic: text:ffff800088baa334 len:1514 put:14 head:ffff0000c9c37000 data:ffff0000c9c36ff2 tail:0x5dc end:0x6c0 dev:bond0\n\n kernel BUG at net/core/skbuff.c:193 !\nInternal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP\nModules linked in:\nCPU: 0 PID: 6875 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00101-g0802e17d9aca-dirty #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\npstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : skb_panic net/core/skbuff.c:189 [inline]\n pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\n lr : skb_panic net/core/skbuff.c:189 [inline]\n lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\nsp : ffff800096f97000\nx29: ffff800096f97010 x28: ffff80008cc8d668 x27: dfff800000000000\nx26: ffff0000cb970c90 x25: 00000000000005dc x24: ffff0000c9c36ff2\nx23: ffff0000c9c37000 x22: 00000000000005ea x21: 00000000000006c0\nx20: 000000000000000e x19: ffff800088baa334 x18: 1fffe000368261ce\nx17: ffff80008e4ed000 x16: ffff80008a8310f8 x15: 0000000000000001\nx14: 1ffff00012df2d58 x13: 0000000000000000 x12: 0000000000000000\nx11: 0000000000000001 x10: 0000000000ff0100 x9 : e28a51f1087e8400\nx8 : e28a51f1087e8400 x7 : ffff80008028f8d0 x6 : 0000000000000000\nx5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800082b78714\nx2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000089\nCall trace:\n skb_panic net/core/skbuff.c:189 [inline]\n skb_under_panic+0x13c/0x140 net/core/skbuff.c:203\n skb_push+0xf0/0x108 net/core/skbuff.c:2451\n eth_header+0x44/0x1f8 net/ethernet/eth.c:83\n dev_hard_header include/linux/netdevice.h:3188 [inline]\n llc_mac_hdr_init+0x110/0x17c net/llc/llc_output.c:33\n llc_sap_action_send_xid_c+0x170/0x344 net/llc/llc_s_ac.c:85\n llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline]\n llc_sap_next_state net/llc/llc_sap.c:182 [inline]\n llc_sap_state_process+0x1ec/0x774 net/llc/llc_sap.c:209\n llc_build_and_send_xid_pkt+0x12c/0x1c0 net/llc/llc_sap.c:270\n llc_ui_sendmsg+0x7bc/0xb1c net/llc/af_llc.c:997\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n sock_sendmsg+0x194/0x274 net/socket.c:767\n splice_to_socket+0x7cc/0xd58 fs/splice.c:881\n do_splice_from fs/splice.c:933 [inline]\n direct_splice_actor+0xe4/0x1c0 fs/splice.c:1142\n splice_direct_to_actor+0x2a0/0x7e4 fs/splice.c:1088\n do_splice_direct+0x20c/0x348 fs/splice.c:1194\n do_sendfile+0x4bc/0xc70 fs/read_write.c:1254\n __do_sys_sendfile64 fs/read_write.c:1322 [inline]\n __se_sys_sendfile64 fs/read_write.c:1308 [inline]\n __arm64_sys_sendfile64+0x160/0x3b4 fs/read_write.c:1308\n __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline]\n invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51\n el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136\n do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155\n el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678\n el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595\nCode: aa1803e6 aa1903e7 a90023f5 94792f6a (d4210000)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26636 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26636 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9032. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26638) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: always initialize struct msghdr completely\n\nsyzbot complains that msg->msg_get_inq value can be uninitialized [1]\n\nstruct msghdr got many new fields recently, we should always make\nsure their values is zero by default.\n\n[1]\n BUG: KMSAN: uninit-value in tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571\n tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571\n inet_recvmsg+0x131/0x580 net/ipv4/af_inet.c:879\n sock_recvmsg_nosec net/socket.c:1044 [inline]\n sock_recvmsg+0x12b/0x1e0 net/socket.c:1066\n __sock_xmit+0x236/0x5c0 drivers/block/nbd.c:538\n nbd_read_reply drivers/block/nbd.c:732 [inline]\n recv_work+0x262/0x3100 drivers/block/nbd.c:863\n process_one_work kernel/workqueue.c:2627 [inline]\n process_scheduled_works+0x104e/0x1e70 kernel/workqueue.c:2700\n worker_thread+0xf45/0x1490 kernel/workqueue.c:2781\n kthread+0x3ed/0x540 kernel/kthread.c:388\n ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242\n\nLocal variable msg created at:\n __sock_xmit+0x4c/0x5c0 drivers/block/nbd.c:513\n nbd_read_reply drivers/block/nbd.c:732 [inline]\n recv_work+0x262/0x3100 drivers/block/nbd.c:863\n\nCPU: 1 PID: 7465 Comm: kworker/u5:1 Not tainted 6.7.0-rc7-syzkaller-00041-gf016f7547aee #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\nWorkqueue: nbd5-recv recv_work', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26638 was patched at 2024-05-15

ubuntu: CVE-2024-26638 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9033. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26639) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm, kmsan: fix infinite recursion due to RCU critical section\n\nAlexander Potapenko writes in [1]: "For every memory access in the code\ninstrumented by KMSAN we call kmsan_get_metadata() to obtain the metadata\nfor the memory being accessed. For virtual memory the metadata pointers\nare stored in the corresponding `struct page`, therefore we need to call\nvirt_to_page() to get them.\n\nAccording to the comment in arch/x86/include/asm/page.h,\nvirt_to_page(kaddr) returns a valid pointer iff virt_addr_valid(kaddr) is\ntrue, so KMSAN needs to call virt_addr_valid() as well.\n\nTo avoid recursion, kmsan_get_metadata() must not call instrumented code,\ntherefore ./arch/x86/include/asm/kmsan.h forks parts of\narch/x86/mm/physaddr.c to check whether a virtual address is valid or not.\n\nBut the introduction of rcu_read_lock() to pfn_valid() added instrumented\nRCU API calls to virt_to_page_or_null(), which is called by\nkmsan_get_metadata(), so there is an infinite recursion now. I do not\nthink it is correct to stop that recursion by doing\nkmsan_enter_runtime()/kmsan_exit_runtime() in kmsan_get_metadata(): that\nwould prevent instrumented functions called from within the runtime from\ntracking the shadow values, which might introduce false positives."\n\nFix the issue by switching pfn_valid() to the _sched() variant of\nrcu_read_lock/unlock(), which does not require calling into RCU. Given\nthe critical section in pfn_valid() is very small, this is a reasonable\ntrade-off (with preemptible RCU).\n\nKMSAN further needs to be careful to suppress calls into the scheduler,\nwhich would be another source of recursion. This can be done by wrapping\nthe call to pfn_valid() into preempt_disable/enable_no_resched(). The\ndownside is that this sacrifices breaking scheduling guarantees; however,\na kernel compiled with KMSAN has already given up any performance\nguarantees due to being heavily instrumented.\n\nNote, KMSAN code already disables tracing via Makefile, and since mmzone.h\nis included, it is not necessary to use the notrace variant, which is\ngenerally preferred in all other cases.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26639 was patched at 2024-05-15

9034. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26640) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: add sanity checks to rx zerocopy\n\nTCP rx zerocopy intent is to map pages initially allocated\nfrom NIC drivers, not pages owned by a fs.\n\nThis patch adds to can_map_frag() these additional checks:\n\n- Page must not be a compound one.\n- page->mapping must be NULL.\n\nThis fixes the panic reported by ZhangPeng.\n\nsyzbot was able to loopback packets built with sendfile(),\nmapping pages owned by an ext4 file to TCP rx zerocopy.\n\nr3 = socket$inet_tcp(0x2, 0x1, 0x0)\nmmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)\nr4 = socket$inet_tcp(0x2, 0x1, 0x0)\nbind$inet(r4, &(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10)\nconnect$inet(r4, &(0x7f00000006c0)={0x2, 0x4e24, @empty}, 0x10)\nr5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\\x00',\n 0x181e42, 0x0)\nfallocate(r5, 0x0, 0x0, 0x85b8)\nsendfile(r4, r5, 0x0, 0x8ba0)\ngetsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23,\n &(0x7f00000001c0)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0,\n 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000440)=0x40)\nr6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\\x00',\n 0x181e42, 0x0)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26640 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26640 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9035. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26641) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()\n\nsyzbot found __ip6_tnl_rcv() could access unitiliazed data [1].\n\nCall pskb_inet_may_pull() to fix this, and initialize ipv6h\nvariable after this call as it can change skb->head.\n\n[1]\n BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321\n __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline]\n INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline]\n IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321\n ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727\n __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845\n ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888\n gre_rcv+0x143f/0x1870\n ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438\n ip6_input_finish net/ipv6/ip6_input.c:483 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492\n ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586\n dst_input include/net/dst.h:461 [inline]\n ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310\n __netif_receive_skb_one_core net/core/dev.c:5532 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646\n netif_receive_skb_internal net/core/dev.c:5732 [inline]\n netif_receive_skb+0x58/0x660 net/core/dev.c:5791\n tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555\n tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2084 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x786/0x1200 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n __alloc_skb+0x318/0x740 net/core/skbuff.c:651\n alloc_skb include/linux/skbuff.h:1286 [inline]\n alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334\n sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787\n tun_alloc_skb drivers/net/tun.c:1531 [inline]\n tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846\n tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048\n call_write_iter include/linux/fs.h:2084 [inline]\n new_sync_write fs/read_write.c:497 [inline]\n vfs_write+0x786/0x1200 fs/read_write.c:590\n ksys_write+0x20f/0x4c0 fs/read_write.c:643\n __do_sys_write fs/read_write.c:655 [inline]\n __se_sys_write fs/read_write.c:652 [inline]\n __x64_sys_write+0x93/0xd0 fs/read_write.c:652\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nCPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26641 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26641 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9036. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26645) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Ensure visibility when inserting an element into tracing_map\n\nRunning the following two commands in parallel on a multi-processor\nAArch64 machine can sporadically produce an unexpected warning about\nduplicate histogram entries:\n\n $ while true; do\n echo hist:key=id.syscall:val=hitcount > \\\n /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/trigger\n cat /sys/kernel/debug/tracing/events/raw_syscalls/sys_enter/hist\n sleep 0.001\n done\n $ stress-ng --sysbadaddr $(nproc)\n\nThe warning looks as follows:\n\n[ 2911.172474] ------------[ cut here ]------------\n[ 2911.173111] Duplicates detected: 1\n[ 2911.173574] WARNING: CPU: 2 PID: 12247 at kernel/trace/tracing_map.c:983 tracing_map_sort_entries+0x3e0/0x408\n[ 2911.174702] Modules linked in: iscsi_ibft(E) iscsi_boot_sysfs(E) rfkill(E) af_packet(E) nls_iso8859_1(E) nls_cp437(E) vfat(E) fat(E) ena(E) tiny_power_button(E) qemu_fw_cfg(E) button(E) fuse(E) efi_pstore(E) ip_tables(E) x_tables(E) xfs(E) libcrc32c(E) aes_ce_blk(E) aes_ce_cipher(E) crct10dif_ce(E) polyval_ce(E) polyval_generic(E) ghash_ce(E) gf128mul(E) sm4_ce_gcm(E) sm4_ce_ccm(E) sm4_ce(E) sm4_ce_cipher(E) sm4(E) sm3_ce(E) sm3(E) sha3_ce(E) sha512_ce(E) sha512_arm64(E) sha2_ce(E) sha256_arm64(E) nvme(E) sha1_ce(E) nvme_core(E) nvme_auth(E) t10_pi(E) sg(E) scsi_mod(E) scsi_common(E) efivarfs(E)\n[ 2911.174738] Unloaded tainted modules: cppc_cpufreq(E):1\n[ 2911.180985] CPU: 2 PID: 12247 Comm: cat Kdump: loaded Tainted: G E 6.7.0-default #2 1b58bbb22c97e4399dc09f92d309344f69c44a01\n[ 2911.182398] Hardware name: Amazon EC2 c7g.8xlarge/, BIOS 1.0 11/1/2018\n[ 2911.183208] pstate: 61400005 (nZCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 2911.184038] pc : tracing_map_sort_entries+0x3e0/0x408\n[ 2911.184667] lr : tracing_map_sort_entries+0x3e0/0x408\n[ 2911.185310] sp : ffff8000a1513900\n[ 2911.185750] x29: ffff8000a1513900 x28: ffff0003f272fe80 x27: 0000000000000001\n[ 2911.186600] x26: ffff0003f272fe80 x25: 0000000000000030 x24: 0000000000000008\n[ 2911.187458] x23: ffff0003c5788000 x22: ffff0003c16710c8 x21: ffff80008017f180\n[ 2911.188310] x20: ffff80008017f000 x19: ffff80008017f180 x18: ffffffffffffffff\n[ 2911.189160] x17: 0000000000000000 x16: 0000000000000000 x15: ffff8000a15134b8\n[ 2911.190015] x14: 0000000000000000 x13: 205d373432323154 x12: 5b5d313131333731\n[ 2911.190844] x11: 00000000fffeffff x10: 00000000fffeffff x9 : ffffd1b78274a13c\n[ 2911.191716] x8 : 000000000017ffe8 x7 : c0000000fffeffff x6 : 000000000057ffa8\n[ 2911.192554] x5 : ffff0012f6c24ec0 x4 : 0000000000000000 x3 : ffff2e5b72b5d000\n[ 2911.193404] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff0003ff254480\n[ 2911.194259] Call trace:\n[ 2911.194626] tracing_map_sort_entries+0x3e0/0x408\n[ 2911.195220] hist_show+0x124/0x800\n[ 2911.195692] seq_read_iter+0x1d4/0x4e8\n[ 2911.196193] seq_read+0xe8/0x138\n[ 2911.196638] vfs_read+0xc8/0x300\n[ 2911.197078] ksys_read+0x70/0x108\n[ 2911.197534] __arm64_sys_read+0x24/0x38\n[ 2911.198046] invoke_syscall+0x78/0x108\n[ 2911.198553] el0_svc_common.constprop.0+0xd0/0xf8\n[ 2911.199157] do_el0_svc+0x28/0x40\n[ 2911.199613] el0_svc+0x40/0x178\n[ 2911.200048] el0t_64_sync_handler+0x13c/0x158\n[ 2911.200621] el0t_64_sync+0x1a8/0x1b0\n[ 2911.201115] ---[ end trace 0000000000000000 ]---\n\nThe problem appears to be caused by CPU reordering of writes issued from\n__tracing_map_insert().\n\nThe check for the presence of an element with a given key in this\nfunction is:\n\n val = READ_ONCE(entry->val);\n if (val && keys_match(key, val->key, map->key_size)) ...\n\nThe write of a new entry is:\n\n elt = get_free_elt(map);\n memcpy(elt->key, key, map->key_size);\n entry->val = elt;\n\nThe "memcpy(elt->key, key, map->key_size);" and "entry->val = elt;"\nstores may become visible in the reversed order on another CPU. This\nsecond CPU might then incorrectly determine that a new key doesn't match\nan already present val->key and subse\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26645 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26645 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9037. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26651) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsr9800: Add check for usbnet_get_endpoints\n\nAdd check for usbnet_get_endpoints() and return the error if it fails\nin order to transfer the error.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26651 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26651 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9038. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26659) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: handle isoc Babble and Buffer Overrun events properly\n\nxHCI 4.9 explicitly forbids assuming that the xHC has released its\nownership of a multi-TRB TD when it reports an error on one of the\nearly TRBs. Yet the driver makes such assumption and releases the TD,\nallowing the remaining TRBs to be freed or overwritten by new TDs.\n\nThe xHC should also report completion of the final TRB due to its IOC\nflag being set by us, regardless of prior errors. This event cannot\nbe recognized if the TD has already been freed earlier, resulting in\n"Transfer event TRB DMA ptr not part of current TD" error message.\n\nFix this by reusing the logic for processing isoc Transaction Errors.\nThis also handles hosts which fail to report the final completion.\n\nFix transfer length reporting on Babble errors. They may be caused by\ndevice malfunction, no guarantee that the buffer has been filled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26659 was patched at 2024-06-05

debian: CVE-2024-26659 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-26659 was patched at 2024-06-05

redhat: CVE-2024-26659 was patched at 2024-06-05

ubuntu: CVE-2024-26659 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9039. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26661) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'\n\nIn "u32 otg_inst = pipe_ctx->stream_res.tg->inst;"\npipe_ctx->stream_res.tg could be NULL, it is relying on the caller to\nensure the tg is not NULL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26661 was patched at 2024-05-15

9040. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26662) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()'\n\n'panel_cntl' structure used to control the display panel could be null,\ndereferencing it could lead to a null pointer access.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn21/dcn21_hwseq.c:269 dcn21_set_backlight_level() error: we previously assumed 'panel_cntl' could be null (see line 250)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26662 was patched at 2024-05-15

9041. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26663) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Check the bearer type before calling tipc_udp_nl_bearer_add()\n\nsyzbot reported the following general protection fault [1]:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087]\n...\nRIP: 0010:tipc_udp_is_known_peer+0x9c/0x250 net/tipc/udp_media.c:291\n...\nCall Trace:\n <TASK>\n tipc_udp_nl_bearer_add+0x212/0x2f0 net/tipc/udp_media.c:646\n tipc_nl_bearer_add+0x21e/0x360 net/tipc/bearer.c:1089\n genl_family_rcv_msg_doit+0x1fc/0x2e0 net/netlink/genetlink.c:972\n genl_family_rcv_msg net/netlink/genetlink.c:1052 [inline]\n genl_rcv_msg+0x561/0x800 net/netlink/genetlink.c:1067\n netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2544\n genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367\n netlink_sendmsg+0x8b7/0xd70 net/netlink/af_netlink.c:1909\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0xd5/0x180 net/socket.c:745\n ____sys_sendmsg+0x6ac/0x940 net/socket.c:2584\n ___sys_sendmsg+0x135/0x1d0 net/socket.c:2638\n __sys_sendmsg+0x117/0x1e0 net/socket.c:2667\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nThe cause of this issue is that when tipc_nl_bearer_add() is called with\nthe TIPC_NLA_BEARER_UDP_OPTS attribute, tipc_udp_nl_bearer_add() is called\neven if the bearer is not UDP.\n\ntipc_udp_is_known_peer() called by tipc_udp_nl_bearer_add() assumes that\nthe media_ptr field of the tipc_bearer has an udp_bearer type object, so\nthe function goes crazy for non-UDP bearers.\n\nThis patch fixes the issue by checking the bearer type before calling\ntipc_udp_nl_bearer_add() in tipc_nl_bearer_add().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26663 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26663 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9042. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26664) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (coretemp) Fix out-of-bounds memory access\n\nFix a bug that pdata->cpu_map[] is set before out-of-bounds check.\nThe problem might be triggered on systems with more than 128 cores per\npackage.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26664 was patched at 2024-06-05

debian: CVE-2024-26664 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-26664 was patched at 2024-06-05

redhat: CVE-2024-26664 was patched at 2024-06-05

ubuntu: CVE-2024-26664 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9043. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26665) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntunnels: fix out of bounds access when building IPv6 PMTU error\n\nIf the ICMPv6 error is built from a non-linear skb we get the following\nsplat,\n\n BUG: KASAN: slab-out-of-bounds in do_csum+0x220/0x240\n Read of size 4 at addr ffff88811d402c80 by task netperf/820\n CPU: 0 PID: 820 Comm: netperf Not tainted 6.8.0-rc1+ #543\n ...\n kasan_report+0xd8/0x110\n do_csum+0x220/0x240\n csum_partial+0xc/0x20\n skb_tunnel_check_pmtu+0xeb9/0x3280\n vxlan_xmit_one+0x14c2/0x4080\n vxlan_xmit+0xf61/0x5c00\n dev_hard_start_xmit+0xfb/0x510\n __dev_queue_xmit+0x7cd/0x32a0\n br_dev_queue_push_xmit+0x39d/0x6a0\n\nUse skb_checksum instead of csum_partial who cannot deal with non-linear\nSKBs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26665 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26665 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9044. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26667) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup\n\nThe commit 8b45a26f2ba9 ("drm/msm/dpu: reserve cdm blocks for writeback\nin case of YUV output") introduced a smatch warning about another\nconditional block in dpu_encoder_helper_phys_cleanup() which had assumed\nhw_pp will always be valid which may not necessarily be true.\n\nLets fix the other conditional block by making sure hw_pp is valid\nbefore dereferencing it.\n\nPatchwork: https://patchwork.freedesktop.org/patch/574878/', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26667 was patched at 2024-05-15

9045. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26670) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD\n\nCurrently the ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround isn't\nquite right, as it is supposed to be applied after the last explicit\nmemory access, but is immediately followed by an LDR.\n\nThe ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround is used to\nhandle Cortex-A520 erratum 2966298 and Cortex-A510 erratum 3117295,\nwhich are described in:\n\n* https://developer.arm.com/documentation/SDEN2444153/0600/?lang=en\n* https://developer.arm.com/documentation/SDEN1873361/1600/?lang=en\n\nIn both cases the workaround is described as:\n\n| If pagetable isolation is disabled, the context switch logic in the\n| kernel can be updated to execute the following sequence on affected\n| cores before exiting to EL0, and after all explicit memory accesses:\n|\n| 1. A non-shareable TLBI to any context and/or address, including\n| unused contexts or addresses, such as a `TLBI VALE1 Xzr`.\n|\n| 2. A DSB NSH to guarantee completion of the TLBI.\n\nThe important part being that the TLBI+DSB must be placed "after all\nexplicit memory accesses".\n\nUnfortunately, as-implemented, the TLBI+DSB is immediately followed by\nan LDR, as we have:\n\n| alternative_if ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD\n| \ttlbi\tvale1, xzr\n| \tdsb\tnsh\n| alternative_else_nop_endif\n| alternative_if_not ARM64_UNMAP_KERNEL_AT_EL0\n| \tldr\tlr, [sp, #S_LR]\n| \tadd\tsp, sp, #PT_REGS_SIZE\t\t// restore sp\n| \teret\n| alternative_else_nop_endif\n|\n| [ ... KPTI exception return path ... ]\n\nThis patch fixes this by reworking the logic to place the TLBI+DSB\nimmediately before the ERET, after all explicit memory accesses.\n\nThe ERET is currently in a separate alternative block, and alternatives\ncannot be nested. To account for this, the alternative block for\nARM64_UNMAP_KERNEL_AT_EL0 is replaced with a single alternative branch\nto skip the KPTI logic, with the new shape of the logic being:\n\n| alternative_insn "b .L_skip_tramp_exit_\\@", nop, ARM64_UNMAP_KERNEL_AT_EL0\n| \t[ ... KPTI exception return path ... ]\n| .L_skip_tramp_exit_\\@:\n|\n| \tldr\tlr, [sp, #S_LR]\n| \tadd\tsp, sp, #PT_REGS_SIZE\t\t// restore sp\n|\n| alternative_if ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD\n| \ttlbi\tvale1, xzr\n| \tdsb\tnsh\n| alternative_else_nop_endif\n| \teret\n\nThe new structure means that the workaround is only applied when KPTI is\nnot in use; this is fine as noted in the documented implications of the\nerratum:\n\n| Pagetable isolation between EL0 and higher level ELs prevents the\n| issue from occurring.\n\n... and as per the workaround description quoted above, the workaround\nis only necessary "If pagetable isolation is disabled".', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26670 was patched at 2024-05-15

ubuntu: CVE-2024-26670 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9046. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26671) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblk-mq: fix IO hang from sbitmap wakeup race\n\nIn blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered\nwith the following blk_mq_get_driver_tag() in case of getting driver\ntag failure.\n\nThen in __sbitmap_queue_wake_up(), waitqueue_active() may not observe\nthe added waiter in blk_mq_mark_tag_wait() and wake up nothing, meantime\nblk_mq_mark_tag_wait() can't get driver tag successfully.\n\nThis issue can be reproduced by running the following test in loop, and\nfio hang can be observed in < 30min when running it on my test VM\nin laptop.\n\n\tmodprobe -r scsi_debug\n\tmodprobe scsi_debug delay=0 dev_size_mb=4096 max_queue=1 host_max_queue=1 submit_queues=4\n\tdev=`ls -d /sys/bus/pseudo/drivers/scsi_debug/adapter*/host*/target*/*/block/* | head -1 | xargs basename`\n\tfio --filename=/dev/"$dev" --direct=1 --rw=randrw --bs=4k --iodepth=1 \\\n \t\t--runtime=100 --numjobs=40 --time_based --name=test \\\n \t--ioengine=libaio\n\nFix the issue by adding one explicit barrier in blk_mq_mark_tag_wait(), which\nis just fine in case of running out of tag.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26671 was patched at 2024-05-22

debian: CVE-2024-26671 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-26671 was patched at 2024-05-23

redhat: CVE-2024-26671 was patched at 2024-05-22

ubuntu: CVE-2024-26671 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9047. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26673) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations\n\n- Disallow families other than NFPROTO_{IPV4,IPV6,INET}.\n- Disallow layer 4 protocol with no ports, since destination port is a\n mandatory attribute for this object.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26673 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-26673 was patched at 2024-05-23

redhat: CVE-2024-26673 was patched at 2024-05-29

ubuntu: CVE-2024-26673 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9048. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26675) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nppp_async: limit MRU to 64K\n\nsyzbot triggered a warning [1] in __alloc_pages():\n\nWARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp)\n\nWillem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K")\n\nAdopt the same sanity check for ppp_async_ioctl(PPPIOCSMRU)\n\n[1]:\n\n WARNING: CPU: 1 PID: 11 at mm/page_alloc.c:4543 __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\nModules linked in:\nCPU: 1 PID: 11 Comm: kworker/u4:0 Not tainted 6.8.0-rc2-syzkaller-g41bccc98fb79 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\nWorkqueue: events_unbound flush_to_ldisc\npstate: 204000c5 (nzCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\n lr : __alloc_pages+0xc8/0x698 mm/page_alloc.c:4537\nsp : ffff800093967580\nx29: ffff800093967660 x28: ffff8000939675a0 x27: dfff800000000000\nx26: ffff70001272ceb4 x25: 0000000000000000 x24: ffff8000939675c0\nx23: 0000000000000000 x22: 0000000000060820 x21: 1ffff0001272ceb8\nx20: ffff8000939675e0 x19: 0000000000000010 x18: ffff800093967120\nx17: ffff800083bded5c x16: ffff80008ac97500 x15: 0000000000000005\nx14: 1ffff0001272cebc x13: 0000000000000000 x12: 0000000000000000\nx11: ffff70001272cec1 x10: 1ffff0001272cec0 x9 : 0000000000000001\nx8 : ffff800091c91000 x7 : 0000000000000000 x6 : 000000000000003f\nx5 : 00000000ffffffff x4 : 0000000000000000 x3 : 0000000000000020\nx2 : 0000000000000008 x1 : 0000000000000000 x0 : ffff8000939675e0\nCall trace:\n __alloc_pages+0x308/0x698 mm/page_alloc.c:4543\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n __kmalloc_large_node+0xbc/0x1fc mm/slub.c:3926\n __do_kmalloc_node mm/slub.c:3969 [inline]\n __kmalloc_node_track_caller+0x418/0x620 mm/slub.c:4001\n kmalloc_reserve+0x17c/0x23c net/core/skbuff.c:590\n __alloc_skb+0x1c8/0x3d8 net/core/skbuff.c:651\n __netdev_alloc_skb+0xb8/0x3e8 net/core/skbuff.c:715\n netdev_alloc_skb include/linux/skbuff.h:3235 [inline]\n dev_alloc_skb include/linux/skbuff.h:3248 [inline]\n ppp_async_input drivers/net/ppp/ppp_async.c:863 [inline]\n ppp_asynctty_receive+0x588/0x186c drivers/net/ppp/ppp_async.c:341\n tty_ldisc_receive_buf+0x12c/0x15c drivers/tty/tty_buffer.c:390\n tty_port_default_receive_buf+0x74/0xac drivers/tty/tty_port.c:37\n receive_buf drivers/tty/tty_buffer.c:444 [inline]\n flush_to_ldisc+0x284/0x6e4 drivers/tty/tty_buffer.c:494\n process_one_work+0x694/0x1204 kernel/workqueue.c:2633\n process_scheduled_works kernel/workqueue.c:2706 [inline]\n worker_thread+0x938/0xef4 kernel/workqueue.c:2787\n kthread+0x288/0x310 kernel/kthread.c:388\n ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26675 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26675 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9049. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26676) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC.\n\nsyzbot reported a warning [0] in __unix_gc() with a repro, which\ncreates a socketpair and sends one socket's fd to itself using the\npeer.\n\n socketpair(AF_UNIX, SOCK_STREAM, 0, [3, 4]) = 0\n sendmsg(4, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\\360", iov_len=1}],\n msg_iovlen=1, msg_control=[{cmsg_len=20, cmsg_level=SOL_SOCKET,\n cmsg_type=SCM_RIGHTS, cmsg_data=[3]}],\n msg_controllen=24, msg_flags=0}, MSG_OOB|MSG_PROBE|MSG_DONTWAIT|MSG_ZEROCOPY) = 1\n\nThis forms a self-cyclic reference that GC should finally untangle\nbut does not due to lack of MSG_OOB handling, resulting in memory\nleak.\n\nRecently, commit 11498715f266 ("af_unix: Remove io_uring code for\nGC.") removed io_uring's dead code in GC and revealed the problem.\n\nThe code was executed at the final stage of GC and unconditionally\nmoved all GC candidates from gc_candidates to gc_inflight_list.\nThat papered over the reported problem by always making the following\nWARN_ON_ONCE(!list_empty(&gc_candidates)) false.\n\nThe problem has been there since commit 2aab4b969002 ("af_unix: fix\nstruct pid leaks in OOB support") added full scm support for MSG_OOB\nwhile fixing another bug.\n\nTo fix this problem, we must call kfree_skb() for unix_sk(sk)->oob_skb\nif the socket still exists in gc_candidates after purging collected skb.\n\nThen, we need to set NULL to oob_skb before calling kfree_skb() because\nit calls last fput() and triggers unix_release_sock(), where we call\nduplicate kfree_skb(u->oob_skb) if not NULL.\n\nNote that the leaked socket remained being linked to a global list, so\nkmemleak also could not detect it. We need to check /proc/net/protocol\nto notice the unfreed socket.\n\n[0]:\nWARNING: CPU: 0 PID: 2863 at net/unix/garbage.c:345 __unix_gc+0xc74/0xe80 net/unix/garbage.c:345\nModules linked in:\nCPU: 0 PID: 2863 Comm: kworker/u4:11 Not tainted 6.8.0-rc1-syzkaller-00583-g1701940b1a02 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nWorkqueue: events_unbound __unix_gc\nRIP: 0010:__unix_gc+0xc74/0xe80 net/unix/garbage.c:345\nCode: 8b 5c 24 50 e9 86 f8 ff ff e8 f8 e4 22 f8 31 d2 48 c7 c6 30 6a 69 89 4c 89 ef e8 97 ef ff ff e9 80 f9 ff ff e8 dd e4 22 f8 90 <0f> 0b 90 e9 7b fd ff ff 48 89 df e8 5c e7 7c f8 e9 d3 f8 ff ff e8\nRSP: 0018:ffffc9000b03fba0 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffffc9000b03fc10 RCX: ffffffff816c493e\nRDX: ffff88802c02d940 RSI: ffffffff896982f3 RDI: ffffc9000b03fb30\nRBP: ffffc9000b03fce0 R08: 0000000000000001 R09: fffff52001607f66\nR10: 0000000000000003 R11: 0000000000000002 R12: dffffc0000000000\nR13: ffffc9000b03fc10 R14: ffffc9000b03fc10 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005559c8677a60 CR3: 000000000d57a000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n process_one_work+0x889/0x15e0 kernel/workqueue.c:2633\n process_scheduled_works kernel/workqueue.c:2706 [inline]\n worker_thread+0x8b9/0x12a0 kernel/workqueue.c:2787\n kthread+0x2c6/0x3b0 kernel/kthread.c:388\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242\n </TASK>', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26676 was patched at 2024-05-15

ubuntu: CVE-2024-26676 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9050. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26677) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix delayed ACKs to not set the reference serial number\n\nFix the construction of delayed ACKs to not set the reference serial number\nas they can't be used as an RTT reference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26677 was patched at 2024-05-15

9051. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26679) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ninet: read sk->sk_family once in inet_recv_error()\n\ninet_recv_error() is called without holding the socket lock.\n\nIPv6 socket could mutate to IPv4 with IPV6_ADDRFORM\nsocket option and trigger a KCSAN warning.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26679 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26679 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9052. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26680) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: atlantic: Fix DMA mapping for PTP hwts ring\n\nFunction aq_ring_hwts_rx_alloc() maps extra AQ_CFG_RXDS_DEF bytes\nfor PTP HWTS ring but then generic aq_ring_free() does not take this\ninto account.\nCreate and use a specific function to free HWTS ring to fix this\nissue.\n\nTrace:\n[ 215.351607] ------------[ cut here ]------------\n[ 215.351612] DMA-API: atlantic 0000:4b:00.0: device driver frees DMA memory with different size [device address=0x00000000fbdd0000] [map size=34816 bytes] [unmap size=32768 bytes]\n[ 215.351635] WARNING: CPU: 33 PID: 10759 at kernel/dma/debug.c:988 check_unmap+0xa6f/0x2360\n...\n[ 215.581176] Call Trace:\n[ 215.583632] <TASK>\n[ 215.585745] ? show_trace_log_lvl+0x1c4/0x2df\n[ 215.590114] ? show_trace_log_lvl+0x1c4/0x2df\n[ 215.594497] ? debug_dma_free_coherent+0x196/0x210\n[ 215.599305] ? check_unmap+0xa6f/0x2360\n[ 215.603147] ? __warn+0xca/0x1d0\n[ 215.606391] ? check_unmap+0xa6f/0x2360\n[ 215.610237] ? report_bug+0x1ef/0x370\n[ 215.613921] ? handle_bug+0x3c/0x70\n[ 215.617423] ? exc_invalid_op+0x14/0x50\n[ 215.621269] ? asm_exc_invalid_op+0x16/0x20\n[ 215.625480] ? check_unmap+0xa6f/0x2360\n[ 215.629331] ? mark_lock.part.0+0xca/0xa40\n[ 215.633445] debug_dma_free_coherent+0x196/0x210\n[ 215.638079] ? __pfx_debug_dma_free_coherent+0x10/0x10\n[ 215.643242] ? slab_free_freelist_hook+0x11d/0x1d0\n[ 215.648060] dma_free_attrs+0x6d/0x130\n[ 215.651834] aq_ring_free+0x193/0x290 [atlantic]\n[ 215.656487] aq_ptp_ring_free+0x67/0x110 [atlantic]\n...\n[ 216.127540] ---[ end trace 6467e5964dd2640b ]---\n[ 216.132160] DMA-API: Mapped at:\n[ 216.132162] debug_dma_alloc_coherent+0x66/0x2f0\n[ 216.132165] dma_alloc_attrs+0xf5/0x1b0\n[ 216.132168] aq_ring_hwts_rx_alloc+0x150/0x1f0 [atlantic]\n[ 216.132193] aq_ptp_ring_alloc+0x1bb/0x540 [atlantic]\n[ 216.132213] aq_nic_init+0x4a1/0x760 [atlantic]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26680 was patched at 2024-05-15

9053. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26681) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: avoid potential loop in nsim_dev_trap_report_work()\n\nMany syzbot reports include the following trace [1]\n\nIf nsim_dev_trap_report_work() can not grab the mutex,\nit should rearm itself at least one jiffie later.\n\n[1]\nSending NMI from CPU 1 to CPUs 0:\nNMI backtrace for cpu 0\nCPU: 0 PID: 32383 Comm: kworker/0:2 Not tainted 6.8.0-rc2-syzkaller-00031-g861c0981648f #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\nWorkqueue: events nsim_dev_trap_report_work\n RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:89 [inline]\n RIP: 0010:memory_is_nonzero mm/kasan/generic.c:104 [inline]\n RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:129 [inline]\n RIP: 0010:memory_is_poisoned mm/kasan/generic.c:161 [inline]\n RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline]\n RIP: 0010:kasan_check_range+0x101/0x190 mm/kasan/generic.c:189\nCode: 07 49 39 d1 75 0a 45 3a 11 b8 01 00 00 00 7c 0b 44 89 c2 e8 21 ed ff ff 83 f0 01 5b 5d 41 5c c3 48 85 d2 74 4f 48 01 ea eb 09 <48> 83 c0 01 48 39 d0 74 41 80 38 00 74 f2 eb b6 41 bc 08 00 00 00\nRSP: 0018:ffffc90012dcf998 EFLAGS: 00000046\nRAX: fffffbfff258af1e RBX: fffffbfff258af1f RCX: ffffffff8168eda3\nRDX: fffffbfff258af1f RSI: 0000000000000004 RDI: ffffffff92c578f0\nRBP: fffffbfff258af1e R08: 0000000000000000 R09: fffffbfff258af1e\nR10: ffffffff92c578f3 R11: ffffffff8acbcbc0 R12: 0000000000000002\nR13: ffff88806db38400 R14: 1ffff920025b9f42 R15: ffffffff92c578e8\nFS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000000c00994e078 CR3: 000000002c250000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <NMI>\n </NMI>\n <TASK>\n instrument_atomic_read include/linux/instrumented.h:68 [inline]\n atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]\n queued_spin_is_locked include/asm-generic/qspinlock.h:57 [inline]\n debug_spin_unlock kernel/locking/spinlock_debug.c:101 [inline]\n do_raw_spin_unlock+0x53/0x230 kernel/locking/spinlock_debug.c:141\n __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:150 [inline]\n _raw_spin_unlock_irqrestore+0x22/0x70 kernel/locking/spinlock.c:194\n debug_object_activate+0x349/0x540 lib/debugobjects.c:726\n debug_work_activate kernel/workqueue.c:578 [inline]\n insert_work+0x30/0x230 kernel/workqueue.c:1650\n __queue_work+0x62e/0x11d0 kernel/workqueue.c:1802\n __queue_delayed_work+0x1bf/0x270 kernel/workqueue.c:1953\n queue_delayed_work_on+0x106/0x130 kernel/workqueue.c:1989\n queue_delayed_work include/linux/workqueue.h:563 [inline]\n schedule_delayed_work include/linux/workqueue.h:677 [inline]\n nsim_dev_trap_report_work+0x9c0/0xc80 drivers/net/netdevsim/dev.c:842\n process_one_work+0x886/0x15d0 kernel/workqueue.c:2633\n process_scheduled_works kernel/workqueue.c:2706 [inline]\n worker_thread+0x8b9/0x1290 kernel/workqueue.c:2787\n kthread+0x2c6/0x3a0 kernel/kthread.c:388\n ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242\n </TASK>', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26681 was patched at 2024-05-15

9054. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26684) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: xgmac: fix handling of DPP safety error for DMA channels\n\nCommit 56e58d6c8a56 ("net: stmmac: Implement Safety Features in\nXGMAC core") checks and reports safety errors, but leaves the\nData Path Parity Errors for each channel in DMA unhandled at all, lead to\na storm of interrupt.\nFix it by checking and clearing the DMA_DPP_Interrupt_Status register.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26684 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26684 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9055. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26686) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats\n\nlock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call\ndo_task_stat() at the same time and the process has NR_THREADS, it will\nspin with irqs disabled O(NR_CPUS * NR_THREADS) time.\n\nChange do_task_stat() to use sig->stats_lock to gather the statistics\noutside of ->siglock protected section, in the likely case this code will\nrun lockless.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26686 was patched at 2024-05-15

9056. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26687) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nxen/events: close evtchn after mapping cleanup\n\nshutdown_pirq and startup_pirq are not taking the\nirq_mapping_update_lock because they can't due to lock inversion. Both\nare called with the irq_desc->lock being taking. The lock order,\nhowever, is first irq_mapping_update_lock and then irq_desc->lock.\n\nThis opens multiple races:\n- shutdown_pirq can be interrupted by a function that allocates an event\n channel:\n\n CPU0 CPU1\n shutdown_pirq {\n xen_evtchn_close(e)\n __startup_pirq {\n EVTCHNOP_bind_pirq\n -> returns just freed evtchn e\n set_evtchn_to_irq(e, irq)\n }\n xen_irq_info_cleanup() {\n set_evtchn_to_irq(e, -1)\n }\n }\n\n Assume here event channel e refers here to the same event channel\n number.\n After this race the evtchn_to_irq mapping for e is invalid (-1).\n\n- __startup_pirq races with __unbind_from_irq in a similar way. Because\n __startup_pirq doesn't take irq_mapping_update_lock it can grab the\n evtchn that __unbind_from_irq is currently freeing and cleaning up. In\n this case even though the event channel is allocated, its mapping can\n be unset in evtchn_to_irq.\n\nThe fix is to first cleanup the mappings and then close the event\nchannel. In this way, when an event channel gets allocated it's\npotential previous evtchn_to_irq mappings are guaranteed to be unset already.\nThis is also the reverse order of the allocation where first the event\nchannel is allocated and then the mappings are setup.\n\nOn a 5.10 kernel prior to commit 3fcdaf3d7634 ("xen/events: modify internal\n[un]bind interfaces"), we hit a BUG like the following during probing of NVMe\ndevices. The issue is that during nvme_setup_io_queues, pci_free_irq\nis called for every device which results in a call to shutdown_pirq.\nWith many nvme devices it's therefore likely to hit this race during\nboot because there will be multiple calls to shutdown_pirq and\nstartup_pirq are running potentially in parallel.\n\n ------------[ cut here ]------------\n blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled\n kernel BUG at drivers/xen/events/events_base.c:499!\n invalid opcode: 0000 [#1] SMP PTI\n CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1\n Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006\n Workqueue: nvme-reset-wq nvme_reset_work\n RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0\n Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00\n RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006\n RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff\n RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00\n R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed\n R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002\n FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n ? show_trace_log_lvl+0x1c1/0x2d9\n ? show_trace_log_lvl+0x1c1/0x2d9\n ? set_affinity_irq+0xdc/0x1c0\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0x90/0x110\n ? bind_evtchn_to_cpu+0xdf/0xf0\n ? do_error_trap+0x65/0x80\n ? bind_evtchn_to_cpu+0xdf/0xf0\n ? exc_invalid_op+0x4e/0x70\n ? bind_evtchn_to_cpu+0xdf/0xf0\n ? asm_exc_invalid_op+0x12/0x20\n ? bind_evtchn_to_cpu+0xdf/0x\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26687 was patched at 2024-05-06, 2024-05-15

9057. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26691) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Fix circular locking dependency\n\nThe rule inside kvm enforces that the vcpu->mutex is taken *inside*\nkvm->lock. The rule is violated by the pkvm_create_hyp_vm() which acquires\nthe kvm->lock while already holding the vcpu->mutex lock from\nkvm_vcpu_ioctl(). Avoid the circular locking dependency altogether by\nprotecting the hyp vm handle with the config_lock, much like we already\ndo for other forms of VM-scoped data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26691 was patched at 2024-05-15

9058. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26696) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix hang in nilfs_lookup_dirty_data_buffers()\n\nSyzbot reported a hang issue in migrate_pages_batch() called by mbind()\nand nilfs_lookup_dirty_data_buffers() called in the log writer of nilfs2.\n\nWhile migrate_pages_batch() locks a folio and waits for the writeback to\ncomplete, the log writer thread that should bring the writeback to\ncompletion picks up the folio being written back in\nnilfs_lookup_dirty_data_buffers() that it calls for subsequent log\ncreation and was trying to lock the folio. Thus causing a deadlock.\n\nIn the first place, it is unexpected that folios/pages in the middle of\nwriteback will be updated and become dirty. Nilfs2 adds a checksum to\nverify the validity of the log being written and uses it for recovery at\nmount, so data changes during writeback are suppressed. Since this is\nbroken, an unclean shutdown could potentially cause recovery to fail.\n\nInvestigation revealed that the root cause is that the wait for writeback\ncompletion in nilfs_page_mkwrite() is conditional, and if the backing\ndevice does not require stable writes, data may be modified without\nwaiting.\n\nFix these issues by making nilfs_page_mkwrite() wait for writeback to\nfinish regardless of the stable write requirement of the backing device.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26696 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26696 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9059. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26697) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix data corruption in dsync block recovery for small block sizes\n\nThe helper function nilfs_recovery_copy_block() of\nnilfs_recovery_dsync_blocks(), which recovers data from logs created by\ndata sync writes during a mount after an unclean shutdown, incorrectly\ncalculates the on-page offset when copying repair data to the file's page\ncache. In environments where the block size is smaller than the page\nsize, this flaw can cause data corruption and leak uninitialized memory\nbytes during the recovery process.\n\nFix these issues by correcting this byte offset calculation on the page.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26697 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26697 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9060. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26699) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr\n\n[Why]\nThere is a potential memory access violation while\niterating through array of dcn35 clks.\n\n[How]\nLimit iteration per array size.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26699 was patched at 2024-05-15

9061. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26700) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix MST Null Ptr for RV\n\nThe change try to fix below error specific to RV platform:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\nHardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\nRIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\nCode: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\nRSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\nRDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\nRBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\nR10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\nR13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\nFS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\nCall Trace:\n <TASK>\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? plist_add+0xbe/0x100\n ? exc_page_fault+0x7c/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n drm_atomic_check_only+0x5c5/0xa40\n drm_mode_atomic_ioctl+0x76e/0xbc0\n ? _copy_to_user+0x25/0x30\n ? drm_ioctl+0x296/0x4b0\n ? __pfx_drm_mode_atomic_ioctl+0x10/0x10\n drm_ioctl_kernel+0xcd/0x170\n drm_ioctl+0x26d/0x4b0\n ? __pfx_drm_mode_atomic_ioctl+0x10/0x10\n amdgpu_drm_ioctl+0x4e/0x90 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n __x64_sys_ioctl+0x94/0xd0\n do_syscall_64+0x60/0x90\n ? do_syscall_64+0x6c/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7f4dad17f76f\nCode: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c>\nRSP: 002b:00007ffd9ae859f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 000055e255a55900 RCX: 00007f4dad17f76f\nRDX: 00007ffd9ae85a90 RSI: 00000000c03864bc RDI: 000000000000000b\nRBP: 00007ffd9ae85a90 R08: 0000000000000003 R09: 0000000000000003\nR10: 0000000000000000 R11: 0000000000000246 R12: 00000000c03864bc\nR13: 000000000000000b R14: 000055e255a7fc60 R15: 000055e255a01eb0\n </TASK>\nModules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device ccm cmac algif_hash algif_skcipher af_alg joydev mousedev bnep >\n typec libphy k10temp ipmi_msghandler roles i2c_scmi acpi_cpufreq mac_hid nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_mas>\nCR2: 0000000000000008\n---[ end trace 0000000000000000 ]---\nRIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\nCode: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 <48> 8>\nRSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\nRDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\nRBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\nR10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\nR13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\nFS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26700 was patched at 2024-05-15

9062. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26702) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\niio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC\n\nRecently, we encounter kernel crash in function rm3100_common_probe\ncaused by out of bound access of array rm3100_samp_rates (because of\nunderlying hardware failures). Add boundary check to prevent out of\nbound access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26702 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26702 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9063. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26706) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Fix random data corruption from exception handler\n\nThe current exception handler implementation, which assists when accessing\nuser space memory, may exhibit random data corruption if the compiler decides\nto use a different register than the specified register %r29 (defined in\nASM_EXCEPTIONTABLE_REG) for the error code. If the compiler choose another\nregister, the fault handler will nevertheless store -EFAULT into %r29 and thus\ntrash whatever this register is used for.\nLooking at the assembly I found that this happens sometimes in emulate_ldd().\n\nTo solve the issue, the easiest solution would be if it somehow is\npossible to tell the fault handler which register is used to hold the error\ncode. Using %0 or %1 in the inline assembly is not posssible as it will show\nup as e.g. %r29 (with the "%r" prefix), which the GNU assembler can not\nconvert to an integer.\n\nThis patch takes another, better and more flexible approach:\nWe extend the __ex_table (which is out of the execution path) by one 32-word.\nIn this word we tell the compiler to insert the assembler instruction\n"or %r0,%r0,%reg", where %reg references the register which the compiler\nchoosed for the error return code.\nIn case of an access failure, the fault handler finds the __ex_table entry and\ncan examine the opcode. The used register is encoded in the lowest 5 bits, and\nthe fault handler can then store -EFAULT into this register.\n\nSince we extend the __ex_table to 3 words we can't use the BUILDTIME_TABLE_SORT\nconfig option any longer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26706 was patched at 2024-05-15

9064. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26707) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()\n\nSyzkaller reported [1] hitting a warning after failing to allocate\nresources for skb in hsr_init_skb(). Since a WARN_ONCE() call will\nnot help much in this case, it might be prudent to switch to\nnetdev_warn_once(). At the very least it will suppress syzkaller\nreports such as [1].\n\nJust in case, use netdev_warn_once() in send_prp_supervision_frame()\nfor similar reasons.\n\n[1]\nHSR: Could not send supervision frame\nWARNING: CPU: 1 PID: 85 at net/hsr/hsr_device.c:294 send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294\nRIP: 0010:send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294\n...\nCall Trace:\n <IRQ>\n hsr_announce+0x114/0x370 net/hsr/hsr_device.c:382\n call_timer_fn+0x193/0x590 kernel/time/timer.c:1700\n expire_timers kernel/time/timer.c:1751 [inline]\n __run_timers+0x764/0xb20 kernel/time/timer.c:2022\n run_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035\n __do_softirq+0x21a/0x8de kernel/softirq.c:553\n invoke_softirq kernel/softirq.c:427 [inline]\n __irq_exit_rcu kernel/softirq.c:632 [inline]\n irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644\n sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1076\n </IRQ>\n <TASK>\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649\n...\n\nThis issue is also found in older kernels (at least up to 5.10).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26707 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26707 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9065. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26710) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/kasan: Limit KASAN thread size increase to 32KB\n\nKASAN is seen to increase stack usage, to the point that it was reported\nto lead to stack overflow on some 32-bit machines (see link).\n\nTo avoid overflows the stack size was doubled for KASAN builds in\ncommit 3e8635fb2e07 ("powerpc/kasan: Force thread size increase with\nKASAN").\n\nHowever with a 32KB stack size to begin with, the doubling leads to a\n64KB stack, which causes build errors:\n arch/powerpc/kernel/switch.S:249: Error: operand out of range (0x000000000000fe50 is not between 0xffffffffffff8000 and 0x0000000000007fff)\n\nAlthough the asm could be reworked, in practice a 32KB stack seems\nsufficient even for KASAN builds - the additional usage seems to be in\nthe 2-3KB range for a 64-bit KASAN build.\n\nSo only increase the stack for KASAN if the stack size is < 32KB.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26710 was patched at 2024-05-15

9066. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26712) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/kasan: Fix addr error caused by page alignment\n\nIn kasan_init_region, when k_start is not page aligned, at the begin of\nfor loop, k_cur = k_start & PAGE_MASK is less than k_start, and then\n`va = block + k_cur - k_start` is less than block, the addr va is invalid,\nbecause the memory address space from va to block is not alloced by\nmemblock_alloc, which will not be reserved by memblock_reserve later, it\nwill be used by other places.\n\nAs a result, memory overwriting occurs.\n\nfor example:\nint __init __weak kasan_init_region(void *start, size_t size)\n{\n[...]\n\t/* if say block(dcd97000) k_start(feef7400) k_end(feeff3fe) */\n\tblock = memblock_alloc(k_end - k_start, PAGE_SIZE);\n\t[...]\n\tfor (k_cur = k_start & PAGE_MASK; k_cur < k_end; k_cur += PAGE_SIZE) {\n\t\t/* at the begin of for loop\n\t\t * block(dcd97000) va(dcd96c00) k_cur(feef7000) k_start(feef7400)\n\t\t * va(dcd96c00) is less than block(dcd97000), va is invalid\n\t\t */\n\t\tvoid *va = block + k_cur - k_start;\n\t\t[...]\n\t}\n[...]\n}\n\nTherefore, page alignment is performed on k_start before\nmemblock_alloc() to ensure the validity of the VA address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26712 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26712 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11, 2024-06-12

9067. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26714) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: qcom: sc8180x: Mark CO0 BCM keepalive\n\nThe CO0 BCM needs to be up at all times, otherwise some hardware (like\nthe UFS controller) loses its connection to the rest of the SoC,\nresulting in a hang of the platform, accompanied by a spectacular\nlogspam.\n\nMark it as keepalive to prevent such cases.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26714 was patched at 2024-05-15

9068. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26719) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau: offload fence uevents work to workqueue\n\nThis should break the deadlock between the fctx lock and the irq lock.\n\nThis offloads the processing off the work from the irq into a workqueue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26719 was patched at 2024-05-15

9069. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26720) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\n\n(struct dirty_throttle_control *)->thresh is an unsigned long, but is\npassed as the u32 divisor argument to div_u64(). On architectures where\nunsigned long is 64 bytes, the argument will be implicitly truncated.\n\nUse div64_u64() instead of div_u64() so that the value used in the "is\nthis a safe division" check is the same as the divisor.\n\nAlso, remove redundant cast of the numerator to u64, as that should happen\nimplicitly.\n\nThis would be difficult to exploit in memcg domain, given the ratio-based\narithmetic domain_drity_limits() uses, but is much easier in global\nwriteback domain with a BDI_CAP_STRICTLIMIT-backing device, using e.g. \nvm.dirty_bytes=(1<<32)*PAGE_SIZE so that dtc->thresh == (1<<32)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26720 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26720 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9070. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26722) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()\n\nThere is a path in rt5645_jack_detect_work(), where rt5645->jd_mutex\nis left locked forever. That may lead to deadlock\nwhen rt5645_jack_detect_work() is called for the second time.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26722 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26722 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9071. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26723) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nlan966x: Fix crash when adding interface under a lag\n\nThere is a crash when adding one of the lan966x interfaces under a lag\ninterface. The issue can be reproduced like this:\nip link add name bond0 type bond miimon 100 mode balance-xor\nip link set dev eth0 master bond0\n\nThe reason is because when adding a interface under the lag it would go\nthrough all the ports and try to figure out which other ports are under\nthat lag interface. And the issue is that lan966x can have ports that are\nNULL pointer as they are not probed. So then iterating over these ports\nit would just crash as they are NULL pointers.\nThe fix consists in actually checking for NULL pointers before accessing\nsomething from the ports. Like we do in other places.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26723 was patched at 2024-05-15

9072. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26726) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don't drop extent_map for free space inode on write error\n\nWhile running the CI for an unrelated change I hit the following panic\nwith generic/648 on btrfs_holes_spacecache.\n\nassertion failed: block_start != EXTENT_MAP_HOLE, in fs/btrfs/extent_io.c:1385\n------------[ cut here ]------------\nkernel BUG at fs/btrfs/extent_io.c:1385!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 1 PID: 2695096 Comm: fsstress Kdump: loaded Tainted: G W 6.8.0-rc2+ #1\nRIP: 0010:__extent_writepage_io.constprop.0+0x4c1/0x5c0\nCall Trace:\n <TASK>\n extent_write_cache_pages+0x2ac/0x8f0\n extent_writepages+0x87/0x110\n do_writepages+0xd5/0x1f0\n filemap_fdatawrite_wbc+0x63/0x90\n __filemap_fdatawrite_range+0x5c/0x80\n btrfs_fdatawrite_range+0x1f/0x50\n btrfs_write_out_cache+0x507/0x560\n btrfs_write_dirty_block_groups+0x32a/0x420\n commit_cowonly_roots+0x21b/0x290\n btrfs_commit_transaction+0x813/0x1360\n btrfs_sync_file+0x51a/0x640\n __x64_sys_fdatasync+0x52/0x90\n do_syscall_64+0x9c/0x190\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nThis happens because we fail to write out the free space cache in one\ninstance, come back around and attempt to write it again. However on\nthe second pass through we go to call btrfs_get_extent() on the inode to\nget the extent mapping. Because this is a new block group, and with the\nfree space inode we always search the commit root to avoid deadlocking\nwith the tree, we find nothing and return a EXTENT_MAP_HOLE for the\nrequested range.\n\nThis happens because the first time we try to write the space cache out\nwe hit an error, and on an error we drop the extent mapping. This is\nnormal for normal files, but the free space cache inode is special. We\nalways expect the extent map to be correct. Thus the second time\nthrough we end up with a bogus extent map.\n\nSince we're deprecating this feature, the most straightforward way to\nfix this is to simply skip dropping the extent map range for this failed\nrange.\n\nI shortened the test by using error injection to stress the area to make\nit easier to reproduce. With this patch in place we no longer panic\nwith my error injection test.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26726 was patched at 2024-05-15

9073. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26727) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not ASSERT() if the newly created subvolume already got read\n\n[BUG]\nThere is a syzbot crash, triggered by the ASSERT() during subvolume\ncreation:\n\n assertion failed: !anon_dev, in fs/btrfs/disk-io.c:1319\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/disk-io.c:1319!\n invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n RIP: 0010:btrfs_get_root_ref.part.0+0x9aa/0xa60\n <TASK>\n btrfs_get_new_fs_root+0xd3/0xf0\n create_subvol+0xd02/0x1650\n btrfs_mksubvol+0xe95/0x12b0\n __btrfs_ioctl_snap_create+0x2f9/0x4f0\n btrfs_ioctl_snap_create+0x16b/0x200\n btrfs_ioctl+0x35f0/0x5cf0\n __x64_sys_ioctl+0x19d/0x210\n do_syscall_64+0x3f/0xe0\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n ---[ end trace 0000000000000000 ]---\n\n[CAUSE]\nDuring create_subvol(), after inserting root item for the newly created\nsubvolume, we would trigger btrfs_get_new_fs_root() to get the\nbtrfs_root of that subvolume.\n\nThe idea here is, we have preallocated an anonymous device number for\nthe subvolume, thus we can assign it to the new subvolume.\n\nBut there is really nothing preventing things like backref walk to read\nthe new subvolume.\nIf that happens before we call btrfs_get_new_fs_root(), the subvolume\nwould be read out, with a new anonymous device number assigned already.\n\nIn that case, we would trigger ASSERT(), as we really expect no one to\nread out that subvolume (which is not yet accessible from the fs).\nBut things like backref walk is still possible to trigger the read on\nthe subvolume.\n\nThus our assumption on the ASSERT() is not correct in the first place.\n\n[FIX]\nFix it by removing the ASSERT(), and just free the @anon_dev, reset it\nto 0, and continue.\n\nIf the subvolume tree is read out by something else, it should have\nalready get a new anon_dev assigned thus we only need to free the\npreallocated one.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26727 was patched at 2024-05-06, 2024-05-15

9074. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26733) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\narp: Prevent overflow in arp_req_get().\n\nsyzkaller reported an overflown write in arp_req_get(). [0]\n\nWhen ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour\nentry and copies neigh->ha to struct arpreq.arp_ha.sa_data.\n\nThe arp_ha here is struct sockaddr, not struct sockaddr_storage, so\nthe sa_data buffer is just 14 bytes.\n\nIn the splat below, 2 bytes are overflown to the next int field,\narp_flags. We initialise the field just after the memcpy(), so it's\nnot a problem.\n\nHowever, when dev->addr_len is greater than 22 (e.g. MAX_ADDR_LEN),\narp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL)\nin arp_ioctl() before calling arp_req_get().\n\nTo avoid the overflow, let's limit the max length of memcpy().\n\nNote that commit b5f0de6df6dc ("net: dev: Convert sa_data to flexible\narray in struct sockaddr") just silenced syzkaller.\n\n[0]:\nmemcpy: detected field-spanning write (size 16) of single field "r->arp_ha.sa_data" at net/ipv4/arp.c:1128 (size 14)\nWARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nModules linked in:\nCPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014\nRIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nCode: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb <0f> 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6\nRSP: 0018:ffffc900050b7998 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001\nRBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000\nR13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010\nFS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n <TASK>\n arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261\n inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981\n sock_do_ioctl+0xdf/0x260 net/socket.c:1204\n sock_ioctl+0x3ef/0x650 net/socket.c:1321\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x64/0xce\nRIP: 0033:0x7f172b262b8d\nCode: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d\nRDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003\nRBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000\n </TASK>', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26733 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26733 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9075. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26736) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Increase buffer size in afs_update_volume_status()\n\nThe max length of volume->vid value is 20 characters.\nSo increase idbuf[] size up to 24 to avoid overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[DH: Actually, it's 20 + NUL, so increase it to 24 and use snprintf()]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26736 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26736 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9076. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26737) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel\n\nThe following race is possible between bpf_timer_cancel_and_free\nand bpf_timer_cancel. It will lead a UAF on the timer->timer.\n\nbpf_timer_cancel();\n\tspin_lock();\n\tt = timer->time;\n\tspin_unlock();\n\n\t\t\t\t\tbpf_timer_cancel_and_free();\n\t\t\t\t\t\tspin_lock();\n\t\t\t\t\t\tt = timer->timer;\n\t\t\t\t\t\ttimer->timer = NULL;\n\t\t\t\t\t\tspin_unlock();\n\t\t\t\t\t\thrtimer_cancel(&t->timer);\n\t\t\t\t\t\tkfree(t);\n\n\t/* UAF on t */\n\thrtimer_cancel(&t->timer);\n\nIn bpf_timer_cancel_and_free, this patch frees the timer->timer\nafter a rcu grace period. This requires a rcu_head addition\nto the "struct bpf_hrtimer". Another kfree(t) happens in bpf_timer_init,\nthis does not need a kfree_rcu because it is still under the\nspin_lock and timer->timer has not been visible by others yet.\n\nIn bpf_timer_cancel, rcu_read_lock() is added because this helper\ncan be used in a non rcu critical section context (e.g. from\na sleepable bpf prog). Other timer->timer usages in helpers.c\nhave been audited, bpf_timer_cancel() is the only place where\ntimer->timer is used outside of the spin_lock.\n\nAnother solution considered is to mark a t->flag in bpf_timer_cancel\nand clear it after hrtimer_cancel() is done. In bpf_timer_cancel_and_free,\nit busy waits for the flag to be cleared before kfree(t). This patch\ngoes with a straight forward solution and frees timer->timer after\na rcu grace period.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26737 was patched at 2024-05-15

ubuntu: CVE-2024-26737 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9077. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26739) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mirred: don't override retval if we already lost the skb\n\nIf we're redirecting the skb, and haven't called tcf_mirred_forward(),\nyet, we need to tell the core to drop the skb by setting the retcode\nto SHOT. If we have called tcf_mirred_forward(), however, the skb\nis out of our hands and returning SHOT will lead to UaF.\n\nMove the retval override to the error path which actually need it.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26739 was patched at 2024-05-15

9078. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26740) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mirred: use the backlog for mirred ingress\n\nThe test Davide added in commit ca22da2fbd69 ("act_mirred: use the backlog\nfor nested calls to mirred ingress") hangs our testing VMs every 10 or so\nruns, with the familiar tcp_v4_rcv -> tcp_v4_rcv deadlock reported by\nlockdep.\n\nThe problem as previously described by Davide (see Link) is that\nif we reverse flow of traffic with the redirect (egress -> ingress)\nwe may reach the same socket which generated the packet. And we may\nstill be holding its socket lock. The common solution to such deadlocks\nis to put the packet in the Rx backlog, rather than run the Rx path\ninline. Do that for all egress -> ingress reversals, not just once\nwe started to nest mirred calls.\n\nIn the past there was a concern that the backlog indirection will\nlead to loss of error reporting / less accurate stats. But the current\nworkaround does not seem to address the issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26740 was patched at 2024-05-15

9079. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26741) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished().\n\nsyzkaller reported a warning [0] in inet_csk_destroy_sock() with no\nrepro.\n\n WARN_ON(inet_sk(sk)->inet_num && !inet_csk(sk)->icsk_bind_hash);\n\nHowever, the syzkaller's log hinted that connect() failed just before\nthe warning due to FAULT_INJECTION. [1]\n\nWhen connect() is called for an unbound socket, we search for an\navailable ephemeral port. If a bhash bucket exists for the port, we\ncall __inet_check_established() or __inet6_check_established() to check\nif the bucket is reusable.\n\nIf reusable, we add the socket into ehash and set inet_sk(sk)->inet_num.\n\nLater, we look up the corresponding bhash2 bucket and try to allocate\nit if it does not exist.\n\nAlthough it rarely occurs in real use, if the allocation fails, we must\nrevert the changes by check_established(). Otherwise, an unconnected\nsocket could illegally occupy an ehash entry.\n\nNote that we do not put tw back into ehash because sk might have\nalready responded to a packet for tw and it would be better to free\ntw earlier under such memory presure.\n\n[0]:\nWARNING: CPU: 0 PID: 350830 at net/ipv4/inet_connection_sock.c:1193 inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\nModules linked in:\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\nCode: 41 5c 41 5d 41 5e e9 2d 4a 3d fd e8 28 4a 3d fd 48 89 ef e8 f0 cd 7d ff 5b 5d 41 5c 41 5d 41 5e e9 13 4a 3d fd e8 0e 4a 3d fd <0f> 0b e9 61 fe ff ff e8 02 4a 3d fd 4c 89 e7 be 03 00 00 00 e8 05\nRSP: 0018:ffffc9000b21fd38 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000009e78 RCX: ffffffff840bae40\nRDX: ffff88806e46c600 RSI: ffffffff840bb012 RDI: ffff88811755cca8\nRBP: ffff88811755c880 R08: 0000000000000003 R09: 0000000000000000\nR10: 0000000000009e78 R11: 0000000000000000 R12: ffff88811755c8e0\nR13: ffff88811755c892 R14: ffff88811755c918 R15: 0000000000000000\nFS: 00007f03e5243800(0000) GS:ffff88811ae00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32f21000 CR3: 0000000112ffe001 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n <TASK>\n ? inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\n dccp_close (net/dccp/proto.c:1078)\n inet_release (net/ipv4/af_inet.c:434)\n __sock_release (net/socket.c:660)\n sock_close (net/socket.c:1423)\n __fput (fs/file_table.c:377)\n __fput_sync (fs/file_table.c:462)\n __x64_sys_close (fs/open.c:1557 fs/open.c:1539 fs/open.c:1539)\n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)\nRIP: 0033:0x7f03e53852bb\nCode: 03 00 00 00 0f 05 48 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 43 c9 f5 ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 c9 f5 ff 8b 44\nRSP: 002b:00000000005dfba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003\nRAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f03e53852bb\nRDX: 0000000000000002 RSI: 0000000000000002 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000167c\nR10: 0000000008a79680 R11: 0000000000000293 R12: 00007f03e4e43000\nR13: 00007f03e4e43170 R14: 00007f03e4e43178 R15: 00007f03e4e43170\n </TASK>\n\n[1]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 0 PID: 350833 Comm: syz-executor.1 Not tainted 6.7.0-12272-g2121c43f88f5 #9\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1))\n should_fail_ex (lib/fault-inject.c:52 lib/fault-inject.c:153)\n should_failslab (mm/slub.c:3748)\n kmem_cache_alloc (mm/slub.c:3763 mm/slub.c:3842 mm/slub.c:3867)\n inet_bind2_bucket_create \n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26741 was patched at 2024-05-15

9080. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26742) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: smartpqi: Fix disable_managed_interrupts\n\nCorrect blk-mq registration issue with module parameter\ndisable_managed_interrupts enabled.\n\nWhen we turn off the default PCI_IRQ_AFFINITY flag, the driver needs to\nregister with blk-mq using blk_mq_map_queues(). The driver is currently\ncalling blk_mq_pci_map_queues() which results in a stack trace and possibly\nundefined behavior.\n\nStack Trace:\n[ 7.860089] scsi host2: smartpqi\n[ 7.871934] WARNING: CPU: 0 PID: 238 at block/blk-mq-pci.c:52 blk_mq_pci_map_queues+0xca/0xd0\n[ 7.889231] Modules linked in: sd_mod t10_pi sg uas smartpqi(+) crc32c_intel scsi_transport_sas usb_storage dm_mirror dm_region_hash dm_log dm_mod ipmi_devintf ipmi_msghandler fuse\n[ 7.924755] CPU: 0 PID: 238 Comm: kworker/0:3 Not tainted 4.18.0-372.88.1.el8_6_smartpqi_test.x86_64 #1\n[ 7.944336] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 03/08/2022\n[ 7.963026] Workqueue: events work_for_cpu_fn\n[ 7.978275] RIP: 0010:blk_mq_pci_map_queues+0xca/0xd0\n[ 7.978278] Code: 48 89 de 89 c7 e8 f6 0f 4f 00 3b 05 c4 b7 8e 01 72 e1 5b 31 c0 5d 41 5c 41 5d 41 5e 41 5f e9 7d df 73 00 31 c0 e9 76 df 73 00 <0f> 0b eb bc 90 90 0f 1f 44 00 00 41 57 49 89 ff 41 56 41 55 41 54\n[ 7.978280] RSP: 0018:ffffa95fc3707d50 EFLAGS: 00010216\n[ 7.978283] RAX: 00000000ffffffff RBX: 0000000000000000 RCX: 0000000000000010\n[ 7.978284] RDX: 0000000000000004 RSI: 0000000000000000 RDI: ffff9190c32d4310\n[ 7.978286] RBP: 0000000000000000 R08: ffffa95fc3707d38 R09: ffff91929b81ac00\n[ 7.978287] R10: 0000000000000001 R11: ffffa95fc3707ac0 R12: 0000000000000000\n[ 7.978288] R13: ffff9190c32d4000 R14: 00000000ffffffff R15: ffff9190c4c950a8\n[ 7.978290] FS: 0000000000000000(0000) GS:ffff9193efc00000(0000) knlGS:0000000000000000\n[ 7.978292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 8.172814] CR2: 000055d11166c000 CR3: 00000002dae10002 CR4: 00000000007706f0\n[ 8.172816] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 8.172817] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 8.172818] PKRU: 55555554\n[ 8.172819] Call Trace:\n[ 8.172823] blk_mq_alloc_tag_set+0x12e/0x310\n[ 8.264339] scsi_add_host_with_dma.cold.9+0x30/0x245\n[ 8.279302] pqi_ctrl_init+0xacf/0xc8e [smartpqi]\n[ 8.294085] ? pqi_pci_probe+0x480/0x4c8 [smartpqi]\n[ 8.309015] pqi_pci_probe+0x480/0x4c8 [smartpqi]\n[ 8.323286] local_pci_probe+0x42/0x80\n[ 8.337855] work_for_cpu_fn+0x16/0x20\n[ 8.351193] process_one_work+0x1a7/0x360\n[ 8.364462] ? create_worker+0x1a0/0x1a0\n[ 8.379252] worker_thread+0x1ce/0x390\n[ 8.392623] ? create_worker+0x1a0/0x1a0\n[ 8.406295] kthread+0x10a/0x120\n[ 8.418428] ? set_kthread_struct+0x50/0x50\n[ 8.431532] ret_from_fork+0x1f/0x40\n[ 8.444137] ---[ end trace 1bf0173d39354506 ]---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26742 was patched at 2024-05-15

9081. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26743) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/qedr: Fix qedr_create_user_qp error flow\n\nAvoid the following warning by making sure to free the allocated\nresources in case that qedr_init_user_queue() fail.\n\n-----------[ cut here ]-----------\nWARNING: CPU: 0 PID: 143192 at drivers/infiniband/core/rdma_core.c:874 uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nModules linked in: tls target_core_user uio target_core_pscsi target_core_file target_core_iblock ib_srpt ib_srp scsi_transport_srp nfsd nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs 8021q garp mrp stp llc ext4 mbcache jbd2 opa_vnic ib_umad ib_ipoib sunrpc rdma_ucm ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm hfi1 intel_rapl_msr intel_rapl_common mgag200 qedr sb_edac drm_shmem_helper rdmavt x86_pkg_temp_thermal drm_kms_helper intel_powerclamp ib_uverbs coretemp i2c_algo_bit kvm_intel dell_wmi_descriptor ipmi_ssif sparse_keymap kvm ib_core rfkill syscopyarea sysfillrect video sysimgblt irqbypass ipmi_si ipmi_devintf fb_sys_fops rapl iTCO_wdt mxm_wmi iTCO_vendor_support intel_cstate pcspkr dcdbas intel_uncore ipmi_msghandler lpc_ich acpi_power_meter mei_me mei fuse drm xfs libcrc32c qede sd_mod ahci libahci t10_pi sg crct10dif_pclmul crc32_pclmul crc32c_intel qed libata tg3\nghash_clmulni_intel megaraid_sas crc8 wmi [last unloaded: ib_srpt]\nCPU: 0 PID: 143192 Comm: fi_rdm_tagged_p Kdump: loaded Not tainted 5.14.0-408.el9.x86_64 #1\nHardware name: Dell Inc. PowerEdge R430/03XKDV, BIOS 2.14.0 01/25/2022\nRIP: 0010:uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nCode: 5d 41 5c 41 5d 41 5e e9 0f 26 1b dd 48 89 df e8 67 6a ff ff 49 8b 86 10 01 00 00 48 85 c0 74 9c 4c 89 e7 e8 83 c0 cb dd eb 92 <0f> 0b eb be 0f 0b be 04 00 00 00 48 89 df e8 8e f5 ff ff e9 6d ff\nRSP: 0018:ffffb7c6cadfbc60 EFLAGS: 00010286\nRAX: ffff8f0889ee3f60 RBX: ffff8f088c1a5200 RCX: 00000000802a0016\nRDX: 00000000802a0017 RSI: 0000000000000001 RDI: ffff8f0880042600\nRBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\nR10: ffff8f11fffd5000 R11: 0000000000039000 R12: ffff8f0d5b36cd80\nR13: ffff8f088c1a5250 R14: ffff8f1206d91000 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff8f11d7c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000147069200e20 CR3: 00000001c7210002 CR4: 00000000001706f0\nCall Trace:\n<TASK>\n? show_trace_log_lvl+0x1c4/0x2df\n? show_trace_log_lvl+0x1c4/0x2df\n? ib_uverbs_close+0x1f/0xb0 [ib_uverbs]\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\n? __warn+0x81/0x110\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\n? report_bug+0x10a/0x140\n? handle_bug+0x3c/0x70\n? exc_invalid_op+0x14/0x70\n? asm_exc_invalid_op+0x16/0x20\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nib_uverbs_close+0x1f/0xb0 [ib_uverbs]\n__fput+0x94/0x250\ntask_work_run+0x5c/0x90\ndo_exit+0x270/0x4a0\ndo_group_exit+0x2d/0x90\nget_signal+0x87c/0x8c0\narch_do_signal_or_restart+0x25/0x100\n? ib_uverbs_ioctl+0xc2/0x110 [ib_uverbs]\nexit_to_user_mode_loop+0x9c/0x130\nexit_to_user_mode_prepare+0xb6/0x100\nsyscall_exit_to_user_mode+0x12/0x40\ndo_syscall_64+0x69/0x90\n? syscall_exit_work+0x103/0x130\n? syscall_exit_to_user_mode+0x22/0x40\n? do_syscall_64+0x69/0x90\n? syscall_exit_work+0x103/0x130\n? syscall_exit_to_user_mode+0x22/0x40\n? do_syscall_64+0x69/0x90\n? do_syscall_64+0x69/0x90\n? common_interrupt+0x43/0xa0\nentry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x1470abe3ec6b\nCode: Unable to access opcode bytes at RIP 0x1470abe3ec41.\nRSP: 002b:00007fff13ce9108 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: fffffffffffffffc RBX: 00007fff13ce9218 RCX: 00001470abe3ec6b\nRDX: 00007fff13ce9200 RSI: 00000000c0181b01 RDI: 0000000000000004\nRBP: 00007fff13ce91e0 R08: 0000558d9655da10 R09: 0000558d9655dd00\nR10: 00007fff13ce95c0 R11: 0000000000000246 R12: 00007fff13ce9358\nR13: 0000000000000013 R14: 0000558d9655db50 R15: 00007fff13ce9470\n</TASK>\n--[ end trace 888a9b92e04c5c97 ]--', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26743 was patched at 2024-06-05

debian: CVE-2024-26743 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-26743 was patched at 2024-06-05

redhat: CVE-2024-26743 was patched at 2024-06-05

ubuntu: CVE-2024-26743 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9082. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26744) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srpt: Support specifying the srpt_service_guid parameter\n\nMake loading ib_srpt with this parameter set work. The current behavior is\nthat setting that parameter while loading the ib_srpt kernel module\ntriggers the following kernel crash:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCall Trace:\n <TASK>\n parse_one+0x18c/0x1d0\n parse_args+0xe1/0x230\n load_module+0x8de/0xa60\n init_module_from_file+0x8b/0xd0\n idempotent_init_module+0x181/0x240\n __x64_sys_finit_module+0x5a/0xb0\n do_syscall_64+0x5f/0xe0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26744 was patched at 2024-06-05

debian: CVE-2024-26744 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-26744 was patched at 2024-06-05

redhat: CVE-2024-26744 was patched at 2024-06-05

ubuntu: CVE-2024-26744 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9083. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26745) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV\n\nWhen kdump kernel tries to copy dump data over SR-IOV, LPAR panics due\nto NULL pointer exception:\n\n Kernel attempted to read user page (0) - exploit attempt? (uid: 0)\n BUG: Kernel NULL pointer dereference on read at 0x00000000\n Faulting instruction address: 0xc000000020847ad4\n Oops: Kernel access of bad area, sig: 11 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n Modules linked in: mlx5_core(+) vmx_crypto pseries_wdt papr_scm libnvdimm mlxfw tls psample sunrpc fuse overlay squashfs loop\n CPU: 12 PID: 315 Comm: systemd-udevd Not tainted 6.4.0-Test102+ #12\n Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries\n NIP: c000000020847ad4 LR: c00000002083b2dc CTR: 00000000006cd18c\n REGS: c000000029162ca0 TRAP: 0300 Not tainted (6.4.0-Test102+)\n MSR: 800000000280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 48288244 XER: 00000008\n CFAR: c00000002083b2d8 DAR: 0000000000000000 DSISR: 40000000 IRQMASK: 1\n ...\n NIP _find_next_zero_bit+0x24/0x110\n LR bitmap_find_next_zero_area_off+0x5c/0xe0\n Call Trace:\n dev_printk_emit+0x38/0x48 (unreliable)\n iommu_area_alloc+0xc4/0x180\n iommu_range_alloc+0x1e8/0x580\n iommu_alloc+0x60/0x130\n iommu_alloc_coherent+0x158/0x2b0\n dma_iommu_alloc_coherent+0x3c/0x50\n dma_alloc_attrs+0x170/0x1f0\n mlx5_cmd_init+0xc0/0x760 [mlx5_core]\n mlx5_function_setup+0xf0/0x510 [mlx5_core]\n mlx5_init_one+0x84/0x210 [mlx5_core]\n probe_one+0x118/0x2c0 [mlx5_core]\n local_pci_probe+0x68/0x110\n pci_call_probe+0x68/0x200\n pci_device_probe+0xbc/0x1a0\n really_probe+0x104/0x540\n __driver_probe_device+0xb4/0x230\n driver_probe_device+0x54/0x130\n __driver_attach+0x158/0x2b0\n bus_for_each_dev+0xa8/0x130\n driver_attach+0x34/0x50\n bus_add_driver+0x16c/0x300\n driver_register+0xa4/0x1b0\n __pci_register_driver+0x68/0x80\n mlx5_init+0xb8/0x100 [mlx5_core]\n do_one_initcall+0x60/0x300\n do_init_module+0x7c/0x2b0\n\nAt the time of LPAR dump, before kexec hands over control to kdump\nkernel, DDWs (Dynamic DMA Windows) are scanned and added to the FDT.\nFor the SR-IOV case, default DMA window "ibm,dma-window" is removed from\nthe FDT and DDW added, for the device.\n\nNow, kexec hands over control to the kdump kernel.\n\nWhen the kdump kernel initializes, PCI busses are scanned and IOMMU\ngroup/tables created, in pci_dma_bus_setup_pSeriesLP(). For the SR-IOV\ncase, there is no "ibm,dma-window". The original commit: b1fc44eaa9ba,\nfixes the path where memory is pre-mapped (direct mapped) to the DDW.\nWhen TCEs are direct mapped, there is no need to initialize IOMMU\ntables.\n\niommu_table_setparms_lpar() only considers "ibm,dma-window" property\nwhen initiallizing IOMMU table. In the scenario where TCEs are\ndynamically allocated for SR-IOV, newly created IOMMU table is not\ninitialized. Later, when the device driver tries to enter TCEs for the\nSR-IOV device, NULL pointer execption is thrown from iommu_area_alloc().\n\nThe fix is to initialize the IOMMU table with DDW property stored in the\nFDT. There are 2 points to remember:\n\n\t1. For the dedicated adapter, kdump kernel would encounter both\n\t default and DDW in FDT. In this case, DDW property is used to\n\t initialize the IOMMU table.\n\n\t2. A DDW could be direct or dynamic mapped. kdump kernel would\n\t initialize IOMMU table and mark the existing DDW as\n\t "dynamic". This works fine since, at the time of table\n\t initialization, iommu_table_clear() makes some space in the\n\t DDW, for some predefined number of TCEs which are needed for\n\t kdump to succeed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26745 was patched at 2024-05-15

9084. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26747) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: roles: fix NULL pointer issue when put module's reference\n\nIn current design, usb role class driver will get usb_role_switch parent's\nmodule reference after the user get usb_role_switch device and put the\nreference after the user put the usb_role_switch device. However, the\nparent device of usb_role_switch may be removed before the user put the\nusb_role_switch. If so, then, NULL pointer issue will be met when the user\nput the parent module's reference.\n\nThis will save the module pointer in structure of usb_role_switch. Then,\nwe don't need to find module by iterating long relations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26747 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26747 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9085. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26750) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Drop oob_skb ref before purging queue in GC.\n\nsyzbot reported another task hung in __unix_gc(). [0]\n\nThe current while loop assumes that all of the left candidates\nhave oob_skb and calling kfree_skb(oob_skb) releases the remaining\ncandidates.\n\nHowever, I missed a case that oob_skb has self-referencing fd and\nanother fd and the latter sk is placed before the former in the\ncandidate list. Then, the while loop never proceeds, resulting\nthe task hung.\n\n__unix_gc() has the same loop just before purging the collected skb,\nso we can call kfree_skb(oob_skb) there and let __skb_queue_purge()\nrelease all inflight sockets.\n\n[0]:\nSending NMI from CPU 0 to CPUs 1:\nNMI backtrace for cpu 1\nCPU: 1 PID: 2784 Comm: kworker/u4:8 Not tainted 6.8.0-rc4-syzkaller-01028-g71b605d32017 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nWorkqueue: events_unbound __unix_gc\nRIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:200\nCode: 89 fb e8 23 00 00 00 48 8b 3d 84 f5 1a 0c 48 89 de 5b e9 43 26 57 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 8b 04 24 65 48 8b 0d 90 52 70 7e 65 8b 15 91 52 70\nRSP: 0018:ffffc9000a17fa78 EFLAGS: 00000287\nRAX: ffffffff8a0a6108 RBX: ffff88802b6c2640 RCX: ffff88802c0b3b80\nRDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000\nRBP: ffffc9000a17fbf0 R08: ffffffff89383f1d R09: 1ffff1100ee5ff84\nR10: dffffc0000000000 R11: ffffed100ee5ff85 R12: 1ffff110056d84ee\nR13: ffffc9000a17fae0 R14: 0000000000000000 R15: ffffffff8f47b840\nFS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffef5687ff8 CR3: 0000000029b34000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <NMI>\n </NMI>\n <TASK>\n __unix_gc+0xe69/0xf40 net/unix/garbage.c:343\n process_one_work kernel/workqueue.c:2633 [inline]\n process_scheduled_works+0x913/0x1420 kernel/workqueue.c:2706\n worker_thread+0xa5f/0x1000 kernel/workqueue.c:2787\n kthread+0x2ef/0x390 kernel/kthread.c:388\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242\n </TASK>', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26750 was patched at 2024-05-15

ubuntu: CVE-2024-26750 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9086. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26751) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nARM: ep93xx: Add terminator to gpiod_lookup_table\n\nWithout the terminator, if a con_id is passed to gpio_find() that\ndoes not exist in the lookup table the function will not stop looping\ncorrectly, and eventually cause an oops.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26751 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26751 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9087. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26752) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: pass correct message length to ip6_append_data\n\nl2tp_ip6_sendmsg needs to avoid accounting for the transport header\ntwice when splicing more data into an already partially-occupied skbuff.\n\nTo manage this, we check whether the skbuff contains data using\nskb_queue_empty when deciding how much data to append using\nip6_append_data.\n\nHowever, the code which performed the calculation was incorrect:\n\n ulen = len + skb_queue_empty(&sk->sk_write_queue) ? transhdrlen : 0;\n\n...due to C operator precedence, this ends up setting ulen to\ntranshdrlen for messages with a non-zero length, which results in\ncorrupted packets on the wire.\n\nAdd parentheses to correct the calculation in line with the original\nintent.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26752 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26752 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9088. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26753) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: virtio/akcipher - Fix stack overflow on memcpy\n\nsizeof(struct virtio_crypto_akcipher_session_para) is less than\nsizeof(struct virtio_crypto_op_ctrl_req::u), copying more bytes from\nstack variable leads stack overflow. Clang reports this issue by\ncommands:\nmake -j CC=clang-14 mrproper >/dev/null 2>&1\nmake -j O=/tmp/crypto-build CC=clang-14 allmodconfig >/dev/null 2>&1\nmake -j O=/tmp/crypto-build W=1 CC=clang-14 drivers/crypto/virtio/\n virtio_crypto_akcipher_algs.o', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26753 was patched at 2024-05-06, 2024-05-15

9089. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26756) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don't register sync_thread for reshape directly\n\nCurrently, if reshape is interrupted, then reassemble the array will\nregister sync_thread directly from pers->run(), in this case\n'MD_RECOVERY_RUNNING' is set directly, however, there is no guarantee\nthat md_do_sync() will be executed, hence stop_sync_thread() will hang\nbecause 'MD_RECOVERY_RUNNING' can't be cleared.\n\nLast patch make sure that md_do_sync() will set MD_RECOVERY_DONE,\nhowever, following hang can still be triggered by dm-raid test\nshell/lvconvert-raid-reshape.sh occasionally:\n\n[root@fedora ~]# cat /proc/1982/stack\n[<0>] stop_sync_thread+0x1ab/0x270 [md_mod]\n[<0>] md_frozen_sync_thread+0x5c/0xa0 [md_mod]\n[<0>] raid_presuspend+0x1e/0x70 [dm_raid]\n[<0>] dm_table_presuspend_targets+0x40/0xb0 [dm_mod]\n[<0>] __dm_destroy+0x2a5/0x310 [dm_mod]\n[<0>] dm_destroy+0x16/0x30 [dm_mod]\n[<0>] dev_remove+0x165/0x290 [dm_mod]\n[<0>] ctl_ioctl+0x4bb/0x7b0 [dm_mod]\n[<0>] dm_ctl_ioctl+0x11/0x20 [dm_mod]\n[<0>] vfs_ioctl+0x21/0x60\n[<0>] __x64_sys_ioctl+0xb9/0xe0\n[<0>] do_syscall_64+0xc6/0x230\n[<0>] entry_SYSCALL_64_after_hwframe+0x6c/0x74\n\nMeanwhile mddev->recovery is:\nMD_RECOVERY_RUNNING |\nMD_RECOVERY_INTR |\nMD_RECOVERY_RESHAPE |\nMD_RECOVERY_FROZEN\n\nFix this problem by remove the code to register sync_thread directly\nfrom raid10 and raid5. And let md_check_recovery() to register\nsync_thread.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26756 was patched at 2024-05-15

9090. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26757) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don't ignore read-only array in md_check_recovery()\n\nUsually if the array is not read-write, md_check_recovery() won't\nregister new sync_thread in the first place. And if the array is\nread-write and sync_thread is registered, md_set_readonly() will\nunregister sync_thread before setting the array read-only. md/raid\nfollow this behavior hence there is no problem.\n\nAfter commit f52f5c71f3d4 ("md: fix stopping sync thread"), following\nhang can be triggered by test shell/integrity-caching.sh:\n\n1) array is read-only. dm-raid update super block:\nrs_update_sbs\n ro = mddev->ro\n mddev->ro = 0\n -> set array read-write\n md_update_sb\n\n2) register new sync thread concurrently.\n\n3) dm-raid set array back to read-only:\nrs_update_sbs\n mddev->ro = ro\n\n4) stop the array:\nraid_dtr\n md_stop\n stop_sync_thread\n set_bit(MD_RECOVERY_INTR, &mddev->recovery);\n md_wakeup_thread_directly(mddev->sync_thread);\n wait_event(..., !test_bit(MD_RECOVERY_RUNNING, &mddev->recovery))\n\n5) sync thread done:\n md_do_sync\n set_bit(MD_RECOVERY_DONE, &mddev->recovery);\n md_wakeup_thread(mddev->thread);\n\n6) daemon thread can't unregister sync thread:\n md_check_recovery\n if (!md_is_rdwr(mddev) &&\n !test_bit(MD_RECOVERY_NEEDED, &mddev->recovery))\n return;\n -> -> MD_RECOVERY_RUNNING can't be cleared, hence step 4 hang;\n\nThe root cause is that dm-raid manipulate 'mddev->ro' by itself,\nhowever, dm-raid really should stop sync thread before setting the\narray read-only. Unfortunately, I need to read more code before I\ncan refacter the handler of 'mddev->ro' in dm-raid, hence let's fix\nthe problem the easy way for now to prevent dm-raid regression.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26757 was patched at 2024-05-15

9091. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26758) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don't ignore suspended array in md_check_recovery()\n\nmddev_suspend() never stop sync_thread, hence it doesn't make sense to\nignore suspended array in md_check_recovery(), which might cause\nsync_thread can't be unregistered.\n\nAfter commit f52f5c71f3d4 ("md: fix stopping sync thread"), following\nhang can be triggered by test shell/integrity-caching.sh:\n\n1) suspend the array:\nraid_postsuspend\n mddev_suspend\n\n2) stop the array:\nraid_dtr\n md_stop\n __md_stop_writes\n stop_sync_thread\n set_bit(MD_RECOVERY_INTR, &mddev->recovery);\n md_wakeup_thread_directly(mddev->sync_thread);\n wait_event(..., !test_bit(MD_RECOVERY_RUNNING, &mddev->recovery))\n\n3) sync thread done:\nmd_do_sync\n set_bit(MD_RECOVERY_DONE, &mddev->recovery);\n md_wakeup_thread(mddev->thread);\n\n4) daemon thread can't unregister sync thread:\nmd_check_recovery\n if (mddev->suspended)\n return; -> return directly\n md_read_sync_thread\n clear_bit(MD_RECOVERY_RUNNING, &mddev->recovery);\n -> MD_RECOVERY_RUNNING can't be cleared, hence step 2 hang;\n\nThis problem is not just related to dm-raid, fix it by ignoring\nsuspended array in md_check_recovery(). And follow up patches will\nimprove dm-raid better to frozen sync thread during suspend.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26758 was patched at 2024-05-15

9092. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26759) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/swap: fix race when skipping swapcache\n\nWhen skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads\nswapin the same entry at the same time, they get different pages (A, B). \nBefore one thread (T0) finishes the swapin and installs page (A) to the\nPTE, another thread (T1) could finish swapin of page (B), swap_free the\nentry, then swap out the possibly modified page reusing the same entry. \nIt breaks the pte_same check in (T0) because PTE value is unchanged,\ncausing ABA problem. Thread (T0) will install a stalled page (A) into the\nPTE and cause data corruption.\n\nOne possible callstack is like this:\n\nCPU0 CPU1\n---- ----\ndo_swap_page() do_swap_page() with same entry\n<direct swapin path> <direct swapin path>\n<alloc page A> <alloc page B>\nswap_read_folio() <- read to page A swap_read_folio() <- read to page B\n<slow on later locks or interrupt> <finished swapin first>\n... set_pte_at()\n swap_free() <- entry is free\n <write to page B, now page A stalled>\n <swap out page B to same swap entry>\npte_same() <- Check pass, PTE seems\n unchanged, but page A\n is stalled!\nswap_free() <- page B content lost!\nset_pte_at() <- staled page A installed!\n\nAnd besides, for ZRAM, swap_free() allows the swap device to discard the\nentry content, so even if page (B) is not modified, if swap_read_folio()\non CPU0 happens later than swap_free() on CPU1, it may also cause data\nloss.\n\nTo fix this, reuse swapcache_prepare which will pin the swap entry using\nthe cache flag, and allow only one thread to swap it in, also prevent any\nparallel code from putting the entry in the cache. Release the pin after\nPT unlocked.\n\nRacers just loop and wait since it's a rare and very short event. A\nschedule_timeout_uninterruptible(1) call is added to avoid repeated page\nfaults wasting too much CPU, causing livelock or adding too much noise to\nperf statistics. A similar livelock issue was described in commit\n029c4628b2eb ("mm: swap: get rid of livelock in swapin readahead")\n\nReproducer:\n\nThis race issue can be triggered easily using a well constructed\nreproducer and patched brd (with a delay in read path) [1]:\n\nWith latest 6.8 mainline, race caused data loss can be observed easily:\n$ gcc -g -lpthread test-thread-swap-race.c && ./a.out\n Polulating 32MB of memory region...\n Keep swapping out...\n Starting round 0...\n Spawning 65536 workers...\n 32746 workers spawned, wait for done...\n Round 0: Error on 0x5aa00, expected 32746, got 32743, 3 data loss!\n Round 0: Error on 0x395200, expected 32746, got 32743, 3 data loss!\n Round 0: Error on 0x3fd000, expected 32746, got 32737, 9 data loss!\n Round 0 Failed, 15 data loss!\n\nThis reproducer spawns multiple threads sharing the same memory region\nusing a small swap device. Every two threads updates mapped pages one by\none in opposite direction trying to create a race, with one dedicated\nthread keep swapping out the data out using madvise.\n\nThe reproducer created a reproduce rate of about once every 5 minutes, so\nthe race should be totally possible in production.\n\nAfter this patch, I ran the reproducer for over a few hundred rounds and\nno data loss observed.\n\nPerformance overhead is minimal, microbenchmark swapin 10G from 32G\nzram:\n\nBefore: 10934698 us\nAfter: 11157121 us\nCached: 13155355 us (Dropping SWP_SYNCHRONOUS_IO flag)\n\n[kasong@tencent.com: v4]\n Link: https://lkml.kernel.org/r/20240219082040.7495-1-ryncsn@gmail.com', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26759 was patched at 2024-05-15

9093. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26760) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: pscsi: Fix bio_put() for error case\n\nAs of commit 066ff571011d ("block: turn bio_kmalloc into a simple kmalloc\nwrapper"), a bio allocated by bio_kmalloc() must be freed by bio_uninit()\nand kfree(). That is not done properly for the error case, hitting WARN and\nNULL pointer dereference in bio_free().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26760 was patched at 2024-05-15

9094. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26761) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window\n\nThe Linux CXL subsystem is built on the assumption that HPA == SPA.\nThat is, the host physical address (HPA) the HDM decoder registers are\nprogrammed with are system physical addresses (SPA).\n\nDuring HDM decoder setup, the DVSEC CXL range registers (cxl-3.1,\n8.1.3.8) are checked if the memory is enabled and the CXL range is in\na HPA window that is described in a CFMWS structure of the CXL host\nbridge (cxl-3.1, 9.18.1.3).\n\nNow, if the HPA is not an SPA, the CXL range does not match a CFMWS\nwindow and the CXL memory range will be disabled then. The HDM decoder\nstops working which causes system memory being disabled and further a\nsystem hang during HDM decoder initialization, typically when a CXL\nenabled kernel boots.\n\nPrevent a system hang and do not disable the HDM decoder if the\ndecoder's CXL range is not found in a CFMWS window.\n\nNote the change only fixes a hardware hang, but does not implement\nHPA/SPA translation. Support for this can be added in a follow on\npatch series.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26761 was patched at 2024-05-15

9095. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26763) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndm-crypt: don't modify the data when using authenticated encryption\n\nIt was said that authenticated encryption could produce invalid tag when\nthe data that is being encrypted is modified [1]. So, fix this problem by\ncopying the data into the clone bio first and then encrypt them inside the\nclone bio.\n\nThis may reduce performance, but it is needed to prevent the user from\ncorrupting the device by writing data with O_DIRECT and modifying them at\nthe same time.\n\n[1] https://lore.kernel.org/all/20240207004723.GA35324@sol.localdomain/T/', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26763 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26763 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9096. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26764) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio\n\nIf kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the\nfollowing kernel warning appears:\n\nWARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8\nCall trace:\n kiocb_set_cancel_fn+0x9c/0xa8\n ffs_epfile_read_iter+0x144/0x1d0\n io_read+0x19c/0x498\n io_issue_sqe+0x118/0x27c\n io_submit_sqes+0x25c/0x5fc\n __arm64_sys_io_uring_enter+0x104/0xab0\n invoke_syscall+0x58/0x11c\n el0_svc_common+0xb4/0xf4\n do_el0_svc+0x2c/0xb0\n el0_svc+0x2c/0xa4\n el0t_64_sync_handler+0x68/0xb4\n el0t_64_sync+0x1a4/0x1a8\n\nFix this by setting the IOCB_AIO_RW flag for read and write I/O that is\nsubmitted by libaio.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26764 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26764 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9097. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26765) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Disable IRQ before init_fn() for nonboot CPUs\n\nDisable IRQ before init_fn() for nonboot CPUs when hotplug, in order to\nsilence such warnings (and also avoid potential errors due to unexpected\ninterrupts):\n\nWARNING: CPU: 1 PID: 0 at kernel/rcu/tree.c:4503 rcu_cpu_starting+0x214/0x280\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.6.17+ #1198\npc 90000000048e3334 ra 90000000047bd56c tp 900000010039c000 sp 900000010039fdd0\na0 0000000000000001 a1 0000000000000006 a2 900000000802c040 a3 0000000000000000\na4 0000000000000001 a5 0000000000000004 a6 0000000000000000 a7 90000000048e3f4c\nt0 0000000000000001 t1 9000000005c70968 t2 0000000004000000 t3 000000000005e56e\nt4 00000000000002e4 t5 0000000000001000 t6 ffffffff80000000 t7 0000000000040000\nt8 9000000007931638 u0 0000000000000006 s9 0000000000000004 s0 0000000000000001\ns1 9000000006356ac0 s2 9000000007244000 s3 0000000000000001 s4 0000000000000001\ns5 900000000636f000 s6 7fffffffffffffff s7 9000000002123940 s8 9000000001ca55f8\n ra: 90000000047bd56c tlb_init+0x24c/0x528\n ERA: 90000000048e3334 rcu_cpu_starting+0x214/0x280\n CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n PRMD: 00000000 (PPLV0 -PIE -PWE)\n EUEN: 00000000 (-FPE -SXE -ASXE -BTE)\n ECFG: 00071000 (LIE=12 VS=7)\nESTAT: 000c0000 [BRK] (IS= ECode=12 EsubCode=0)\n PRID: 0014c010 (Loongson-64bit, Loongson-3A5000)\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.6.17+ #1198\nStack : 0000000000000000 9000000006375000 9000000005b61878 900000010039c000\n 900000010039fa30 0000000000000000 900000010039fa38 900000000619a140\n 9000000006456888 9000000006456880 900000010039f950 0000000000000001\n 0000000000000001 cb0cb028ec7e52e1 0000000002b90000 9000000100348700\n 0000000000000000 0000000000000001 ffffffff916d12f1 0000000000000003\n 0000000000040000 9000000007930370 0000000002b90000 0000000000000004\n 9000000006366000 900000000619a140 0000000000000000 0000000000000004\n 0000000000000000 0000000000000009 ffffffffffc681f2 9000000002123940\n 9000000001ca55f8 9000000006366000 90000000047a4828 00007ffff057ded8\n 00000000000000b0 0000000000000000 0000000000000000 0000000000071000\n ...\nCall Trace:\n[<90000000047a4828>] show_stack+0x48/0x1a0\n[<9000000005b61874>] dump_stack_lvl+0x84/0xcc\n[<90000000047f60ac>] __warn+0x8c/0x1e0\n[<9000000005b0ab34>] report_bug+0x1b4/0x280\n[<9000000005b63110>] do_bp+0x2d0/0x480\n[<90000000047a2e20>] handle_bp+0x120/0x1c0\n[<90000000048e3334>] rcu_cpu_starting+0x214/0x280\n[<90000000047bd568>] tlb_init+0x248/0x528\n[<90000000047a4c44>] per_cpu_trap_init+0x124/0x160\n[<90000000047a19f4>] cpu_probe+0x494/0xa00\n[<90000000047b551c>] start_secondary+0x3c/0xc0\n[<9000000005b66134>] smpboot_entry+0x50/0x58', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26765 was patched at 2024-05-15

9098. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26766) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix sdma.h tx->num_descs off-by-one error\n\nUnfortunately the commit `fd8958efe877` introduced another error\ncausing the `descs` array to overflow. This reults in further crashes\neasily reproducible by `sendmsg` system call.\n\n[ 1080.836473] general protection fault, probably for non-canonical address 0x400300015528b00a: 0000 [#1] PREEMPT SMP PTI\n[ 1080.869326] RIP: 0010:hfi1_ipoib_build_ib_tx_headers.constprop.0+0xe1/0x2b0 [hfi1]\n--\n[ 1080.974535] Call Trace:\n[ 1080.976990] <TASK>\n[ 1081.021929] hfi1_ipoib_send_dma_common+0x7a/0x2e0 [hfi1]\n[ 1081.027364] hfi1_ipoib_send_dma_list+0x62/0x270 [hfi1]\n[ 1081.032633] hfi1_ipoib_send+0x112/0x300 [hfi1]\n[ 1081.042001] ipoib_start_xmit+0x2a9/0x2d0 [ib_ipoib]\n[ 1081.046978] dev_hard_start_xmit+0xc4/0x210\n--\n[ 1081.148347] __sys_sendmsg+0x59/0xa0\n\ncrash> ipoib_txreq 0xffff9cfeba229f00\nstruct ipoib_txreq {\n txreq = {\n list = {\n next = 0xffff9cfeba229f00,\n prev = 0xffff9cfeba229f00\n },\n descp = 0xffff9cfeba229f40,\n coalesce_buf = 0x0,\n wait = 0xffff9cfea4e69a48,\n complete = 0xffffffffc0fe0760 <hfi1_ipoib_sdma_complete>,\n packet_len = 0x46d,\n tlen = 0x0,\n num_desc = 0x0,\n desc_limit = 0x6,\n next_descq_idx = 0x45c,\n coalesce_idx = 0x0,\n flags = 0x0,\n descs = {{\n qw = {0x8024000120dffb00, 0x4} # SDMA_DESC0_FIRST_DESC_FLAG (bit 63)\n }, {\n qw = { 0x3800014231b108, 0x4}\n }, {\n qw = { 0x310000e4ee0fcf0, 0x8}\n }, {\n qw = { 0x3000012e9f8000, 0x8}\n }, {\n qw = { 0x59000dfb9d0000, 0x8}\n }, {\n qw = { 0x78000e02e40000, 0x8}\n }}\n },\n sdma_hdr = 0x400300015528b000, <<< invalid pointer in the tx request structure\n sdma_status = 0x0, SDMA_DESC0_LAST_DESC_FLAG (bit 62)\n complete = 0x0,\n priv = 0x0,\n txq = 0xffff9cfea4e69880,\n skb = 0xffff9d099809f400\n}\n\nIf an SDMA send consists of exactly 6 descriptors and requires dword\npadding (in the 7th descriptor), the sdma_txreq descriptor array is not\nproperly expanded and the packet will overflow into the container\nstructure. This results in a panic when the send completion runs. The\nexact panic varies depending on what elements of the container structure\nget corrupted. The fix is to use the correct expression in\n_pad_sdma_tx_descs() to test the need to expand the descriptor array.\n\nWith this patch the crashes are no longer reproducible and the machine is\nstable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26766 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26766 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9099. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26767) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fixed integer types and null check locations\n\n[why]:\nissues fixed:\n- comparison with wider integer type in loop condition which can cause\ninfinite loops\n- pointer dereference before null check', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26767 was patched at 2024-05-15

9100. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26768) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC]\n\nWith default config, the value of NR_CPUS is 64. When HW platform has\nmore then 64 cpus, system will crash on these platforms. MAX_CORE_PIC\nis the maximum cpu number in MADT table (max physical number) which can\nexceed the supported maximum cpu number (NR_CPUS, max logical number),\nbut kernel should not crash. Kernel should boot cpus with NR_CPUS, let\nthe remainder cpus stay in BIOS.\n\nThe potential crash reason is that the array acpi_core_pic[NR_CPUS] can\nbe overflowed when parsing MADT table, and it is obvious that CORE_PIC\nshould be corresponding to physical core rather than logical core, so it\nis better to define the array as acpi_core_pic[MAX_CORE_PIC].\n\nWith the patch, system can boot up 64 vcpus with qemu parameter -smp 128,\notherwise system will crash with the following message.\n\n[ 0.000000] CPU 0 Unable to handle kernel paging request at virtual address 0000420000004259, era == 90000000037a5f0c, ra == 90000000037a46ec\n[ 0.000000] Oops[#1]:\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.8.0-rc2+ #192\n[ 0.000000] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022\n[ 0.000000] pc 90000000037a5f0c ra 90000000037a46ec tp 9000000003c90000 sp 9000000003c93d60\n[ 0.000000] a0 0000000000000019 a1 9000000003d93bc0 a2 0000000000000000 a3 9000000003c93bd8\n[ 0.000000] a4 9000000003c93a74 a5 9000000083c93a67 a6 9000000003c938f0 a7 0000000000000005\n[ 0.000000] t0 0000420000004201 t1 0000000000000000 t2 0000000000000001 t3 0000000000000001\n[ 0.000000] t4 0000000000000003 t5 0000000000000000 t6 0000000000000030 t7 0000000000000063\n[ 0.000000] t8 0000000000000014 u0 ffffffffffffffff s9 0000000000000000 s0 9000000003caee98\n[ 0.000000] s1 90000000041b0480 s2 9000000003c93da0 s3 9000000003c93d98 s4 9000000003c93d90\n[ 0.000000] s5 9000000003caa000 s6 000000000a7fd000 s7 000000000f556b60 s8 000000000e0a4330\n[ 0.000000] ra: 90000000037a46ec platform_init+0x214/0x250\n[ 0.000000] ERA: 90000000037a5f0c efi_runtime_init+0x30/0x94\n[ 0.000000] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n[ 0.000000] PRMD: 00000000 (PPLV0 -PIE -PWE)\n[ 0.000000] EUEN: 00000000 (-FPE -SXE -ASXE -BTE)\n[ 0.000000] ECFG: 00070800 (LIE=11 VS=7)\n[ 0.000000] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)\n[ 0.000000] BADV: 0000420000004259\n[ 0.000000] PRID: 0014c010 (Loongson-64bit, Loongson-3A5000)\n[ 0.000000] Modules linked in:\n[ 0.000000] Process swapper (pid: 0, threadinfo=(____ptrval____), task=(____ptrval____))\n[ 0.000000] Stack : 9000000003c93a14 9000000003800898 90000000041844f8 90000000037a46ec\n[ 0.000000] 000000000a7fd000 0000000008290000 0000000000000000 0000000000000000\n[ 0.000000] 0000000000000000 0000000000000000 00000000019d8000 000000000f556b60\n[ 0.000000] 000000000a7fd000 000000000f556b08 9000000003ca7700 9000000003800000\n[ 0.000000] 9000000003c93e50 9000000003800898 9000000003800108 90000000037a484c\n[ 0.000000] 000000000e0a4330 000000000f556b60 000000000a7fd000 000000000f556b08\n[ 0.000000] 9000000003ca7700 9000000004184000 0000000000200000 000000000e02b018\n[ 0.000000] 000000000a7fd000 90000000037a0790 9000000003800108 0000000000000000\n[ 0.000000] 0000000000000000 000000000e0a4330 000000000f556b60 000000000a7fd000\n[ 0.000000] 000000000f556b08 000000000eaae298 000000000eaa5040 0000000000200000\n[ 0.000000] ...\n[ 0.000000] Call Trace:\n[ 0.000000] [<90000000037a5f0c>] efi_runtime_init+0x30/0x94\n[ 0.000000] [<90000000037a46ec>] platform_init+0x214/0x250\n[ 0.000000] [<90000000037a484c>] setup_arch+0x124/0x45c\n[ 0.000000] [<90000000037a0790>] start_kernel+0x90/0x670\n[ 0.000000] [<900000000378b0d8>] kernel_entry+0xd8/0xdc', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26768 was patched at 2024-05-15

9101. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26769) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-fc: avoid deadlock on delete association path\n\nWhen deleting an association the shutdown path is deadlocking because we\ntry to flush the nvmet_wq nested. Avoid this by deadlock by deferring\nthe put work into its own work item.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26769 was patched at 2024-05-15

ubuntu: CVE-2024-26769 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9102. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26770) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nHID: nvidia-shield: Add missing null pointer checks to LED initialization\n\ndevm_kasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity.\n\n[jkosina@suse.com: tweak changelog a bit]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26770 was patched at 2024-05-15

9103. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26771) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: edma: Add some null pointer checks to the edma_probe\n\ndevm_kasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26771 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26771 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9104. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26772) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()\n\nPlaces the logic for checking if the group's block bitmap is corrupt under\nthe protection of the group lock to avoid allocating blocks from the group\nwith a corrupted block bitmap.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26772 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26772 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9105. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26773) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()\n\nDetermine if the group block bitmap is corrupted before using ac_b_ex in\next4_mb_try_best_found() to avoid allocating blocks from a group with a\ncorrupted block bitmap in the following concurrency and making the\nsituation worse.\n\next4_mb_regular_allocator\n ext4_lock_group(sb, group)\n ext4_mb_good_group\n // check if the group bbitmap is corrupted\n ext4_mb_complex_scan_group\n // Scan group gets ac_b_ex but doesn't use it\n ext4_unlock_group(sb, group)\n ext4_mark_group_bitmap_corrupted(group)\n // The block bitmap was corrupted during\n // the group unlock gap.\n ext4_mb_try_best_found\n ext4_lock_group(ac->ac_sb, group)\n ext4_mb_use_best_found\n mb_mark_used\n // Allocating blocks in block bitmap corrupted group', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26773 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26773 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9106. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26774) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt\n\nDetermine if bb_fragments is 0 instead of determining bb_free to eliminate\nthe risk of dividing by zero when the block bitmap is corrupted.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26774 was patched at 2024-05-15

ubuntu: CVE-2024-26774 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9107. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26775) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\naoe: avoid potential deadlock at set_capacity\n\nMove set_capacity() outside of the section procected by (&d->lock).\nTo avoid possible interrupt unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n[1] lock(&bdev->bd_size_lock);\n local_irq_disable();\n [2] lock(&d->lock);\n [3] lock(&bdev->bd_size_lock);\n <Interrupt>\n[4] lock(&d->lock);\n\n *** DEADLOCK ***\n\nWhere [1](&bdev->bd_size_lock) hold by zram_add()->set_capacity().\n[2]lock(&d->lock) hold by aoeblk_gdalloc(). And aoeblk_gdalloc()\nis trying to acquire [3](&bdev->bd_size_lock) at set_capacity() call.\nIn this situation an attempt to acquire [4]lock(&d->lock) from\naoecmd_cfg_rsp() will lead to deadlock.\n\nSo the simplest solution is breaking lock dependency\n[2](&d->lock) -> [3](&bdev->bd_size_lock) by moving set_capacity()\noutside.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26775 was patched at 2024-05-15

9108. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26776) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected\n\nReturn IRQ_NONE from the interrupt handler when no interrupt was\ndetected. Because an empty interrupt will cause a null pointer error:\n\n Unable to handle kernel NULL pointer dereference at virtual\n address 0000000000000008\n Call trace:\n complete+0x54/0x100\n hisi_sfc_v3xx_isr+0x2c/0x40 [spi_hisi_sfc_v3xx]\n __handle_irq_event_percpu+0x64/0x1e0\n handle_irq_event+0x7c/0x1cc', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26776 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26776 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9109. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26777) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: sis: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn't check the value of pixclock,\nit may cause divide-by-zero error.\n\nIn sisfb_check_var(), var->pixclock is used as a divisor to caculate\ndrate before it is checked against zero. Fix this by checking it\nat the beginning.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26777 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26777 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9110. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26778) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: savage: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn't check the value of pixclock,\nit may cause divide-by-zero error.\n\nAlthough pixclock is checked in savagefb_decode_var(), but it is not\nchecked properly in savagefb_probe(). Fix this by checking whether\npixclock is zero in the function savagefb_check_var() before\ninfo->var.pixclock is used as the divisor.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26778 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26778 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9111. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26780) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix task hung while purging oob_skb in GC.\n\nsyzbot reported a task hung; at the same time, GC was looping infinitely\nin list_for_each_entry_safe() for OOB skb. [0]\n\nsyzbot demonstrated that the list_for_each_entry_safe() was not actually\nsafe in this case.\n\nA single skb could have references for multiple sockets. If we free such\na skb in the list_for_each_entry_safe(), the current and next sockets could\nbe unlinked in a single iteration.\n\nunix_notinflight() uses list_del_init() to unlink the socket, so the\nprefetched next socket forms a loop itself and list_for_each_entry_safe()\nnever stops.\n\nHere, we must use while() and make sure we always fetch the first socket.\n\n[0]:\nSending NMI from CPU 0 to CPUs 1:\nNMI backtrace for cpu 1\nCPU: 1 PID: 5065 Comm: syz-executor236 Not tainted 6.8.0-rc3-syzkaller-00136-g1f719a2f3fa6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nRIP: 0010:preempt_count arch/x86/include/asm/preempt.h:26 [inline]\nRIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline]\nRIP: 0010:__sanitizer_cov_trace_pc+0xd/0x60 kernel/kcov.c:207\nCode: cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 48 8b 14 25 40 c2 03 00 <65> 8b 05 b4 7c 78 7e a9 00 01 ff 00 48 8b 34 24 74 0f f6 c4 01 74\nRSP: 0018:ffffc900033efa58 EFLAGS: 00000283\nRAX: ffff88807b077800 RBX: ffff88807b077800 RCX: 1ffffffff27b1189\nRDX: ffff88802a5a3b80 RSI: ffffffff8968488d RDI: ffff88807b077f70\nRBP: ffffc900033efbb0 R08: 0000000000000001 R09: fffffbfff27a900c\nR10: ffffffff93d48067 R11: ffffffff8ae000eb R12: ffff88807b077800\nR13: dffffc0000000000 R14: ffff88807b077e40 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000564f4fc1e3a8 CR3: 000000000d57a000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <NMI>\n </NMI>\n <TASK>\n unix_gc+0x563/0x13b0 net/unix/garbage.c:319\n unix_release_sock+0xa93/0xf80 net/unix/af_unix.c:683\n unix_release+0x91/0xf0 net/unix/af_unix.c:1064\n __sock_release+0xb0/0x270 net/socket.c:659\n sock_close+0x1c/0x30 net/socket.c:1421\n __fput+0x270/0xb80 fs/file_table.c:376\n task_work_run+0x14f/0x250 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0xa8a/0x2ad0 kernel/exit.c:871\n do_group_exit+0xd4/0x2a0 kernel/exit.c:1020\n __do_sys_exit_group kernel/exit.c:1031 [inline]\n __se_sys_exit_group kernel/exit.c:1029 [inline]\n __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1029\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd5/0x270 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\nRIP: 0033:0x7f9d6cbdac09\nCode: Unable to access opcode bytes at 0x7f9d6cbdabdf.\nRSP: 002b:00007fff5952feb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9d6cbdac09\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000\nRBP: 00007f9d6cc552b0 R08: ffffffffffffffb8 R09: 0000000000000006\nR10: 0000000000000006 R11: 0000000000000246 R12: 00007f9d6cc552b0\nR13: 0000000000000000 R14: 00007f9d6cc55d00 R15: 00007f9d6cbabe70\n </TASK>', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26780 was patched at 2024-05-15

9112. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26781) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix possible deadlock in subflow diag\n\nSyzbot and Eric reported a lockdep splat in the subflow diag:\n\n WARNING: possible circular locking dependency detected\n 6.8.0-rc4-syzkaller-00212-g40b9385dd8e6 #0 Not tainted\n\n syz-executor.2/24141 is trying to acquire lock:\n ffff888045870130 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at:\n tcp_diag_put_ulp net/ipv4/tcp_diag.c:100 [inline]\n ffff888045870130 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at:\n tcp_diag_get_aux+0x738/0x830 net/ipv4/tcp_diag.c:137\n\n but task is already holding lock:\n ffffc9000135e488 (&h->lhash2[i].lock){+.+.}-{2:2}, at: spin_lock\n include/linux/spinlock.h:351 [inline]\n ffffc9000135e488 (&h->lhash2[i].lock){+.+.}-{2:2}, at:\n inet_diag_dump_icsk+0x39f/0x1f80 net/ipv4/inet_diag.c:1038\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -> #1 (&h->lhash2[i].lock){+.+.}-{2:2}:\n lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]\n _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154\n spin_lock include/linux/spinlock.h:351 [inline]\n __inet_hash+0x335/0xbe0 net/ipv4/inet_hashtables.c:743\n inet_csk_listen_start+0x23a/0x320 net/ipv4/inet_connection_sock.c:1261\n __inet_listen_sk+0x2a2/0x770 net/ipv4/af_inet.c:217\n inet_listen+0xa3/0x110 net/ipv4/af_inet.c:239\n rds_tcp_listen_init+0x3fd/0x5a0 net/rds/tcp_listen.c:316\n rds_tcp_init_net+0x141/0x320 net/rds/tcp.c:577\n ops_init+0x352/0x610 net/core/net_namespace.c:136\n __register_pernet_operations net/core/net_namespace.c:1214 [inline]\n register_pernet_operations+0x2cb/0x660 net/core/net_namespace.c:1283\n register_pernet_device+0x33/0x80 net/core/net_namespace.c:1370\n rds_tcp_init+0x62/0xd0 net/rds/tcp.c:735\n do_one_initcall+0x238/0x830 init/main.c:1236\n do_initcall_level+0x157/0x210 init/main.c:1298\n do_initcalls+0x3f/0x80 init/main.c:1314\n kernel_init_freeable+0x42f/0x5d0 init/main.c:1551\n kernel_init+0x1d/0x2a0 init/main.c:1441\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242\n\n -> #0 (k-sk_lock-AF_INET6){+.+.}-{0:0}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x18ca/0x58e0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n lock_sock_fast include/net/sock.h:1723 [inline]\n subflow_get_info+0x166/0xd20 net/mptcp/diag.c:28\n tcp_diag_put_ulp net/ipv4/tcp_diag.c:100 [inline]\n tcp_diag_get_aux+0x738/0x830 net/ipv4/tcp_diag.c:137\n inet_sk_diag_fill+0x10ed/0x1e00 net/ipv4/inet_diag.c:345\n inet_diag_dump_icsk+0x55b/0x1f80 net/ipv4/inet_diag.c:1061\n __inet_diag_dump+0x211/0x3a0 net/ipv4/inet_diag.c:1263\n inet_diag_dump_compat+0x1c1/0x2d0 net/ipv4/inet_diag.c:1371\n netlink_dump+0x59b/0xc80 net/netlink/af_netlink.c:2264\n __netlink_dump_start+0x5df/0x790 net/netlink/af_netlink.c:2370\n netlink_dump_start include/linux/netlink.h:338 [inline]\n inet_diag_rcv_msg_compat+0x209/0x4c0 net/ipv4/inet_diag.c:1405\n sock_diag_rcv_msg+0xe7/0x410\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543\n sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367\n netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\nAs noted by Eric we can break the lock dependency chain avoid\ndumping \n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26781 was patched at 2024-05-06, 2024-05-15

9113. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26783) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index\n\nWith numa balancing on, when a numa system is running where a numa node\ndoesn't have its local memory so it has no managed zones, the following\noops has been observed. It's because wakeup_kswapd() is called with a\nwrong zone index, -1. Fixed it by checking the index before calling\nwakeup_kswapd().\n\n> BUG: unable to handle page fault for address: 00000000000033f3\n> #PF: supervisor read access in kernel mode\n> #PF: error_code(0x0000) - not-present page\n> PGD 0 P4D 0\n> Oops: 0000 [#1] PREEMPT SMP NOPTI\n> CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255\n> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n> rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n> RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812)\n> Code: (omitted)\n> RSP: 0000:ffffc90004257d58 EFLAGS: 00010286\n> RAX: ffffffffffffffff RBX: ffff88883fff0480 RCX: 0000000000000003\n> RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480\n> RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff\n> R10: ffff888106c95540 R11: 0000000055555554 R12: 0000000000000003\n> R13: 0000000000000000 R14: 0000000000000000 R15: ffff88883fff0940\n> FS: 00007fc4b8124740(0000) GS:ffff888827c00000(0000) knlGS:0000000000000000\n> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n> CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0\n> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n> PKRU: 55555554\n> Call Trace:\n> <TASK>\n> ? __die\n> ? page_fault_oops\n> ? __pte_offset_map_lock\n> ? exc_page_fault\n> ? asm_exc_page_fault\n> ? wakeup_kswapd\n> migrate_misplaced_page\n> __handle_mm_fault\n> handle_mm_fault\n> do_user_addr_fault\n> exc_page_fault\n> asm_exc_page_fault\n> RIP: 0033:0x55b897ba0808\n> Code: (omitted)\n> RSP: 002b:00007ffeefa821a0 EFLAGS: 00010287\n> RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0\n> RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0\n> RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 0000000000000075\n> R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000\n> R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000\n> </TASK>', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26783 was patched at 2024-05-15

9114. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26787) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: mmci: stm32: fix DMA API overlapping mappings warning\n\nTurning on CONFIG_DMA_API_DEBUG_SG results in the following warning:\n\nDMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST,\noverlapping mappings aren't supported\nWARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568\nadd_dma_entry+0x234/0x2f4\nModules linked in:\nCPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1\nHardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT)\nWorkqueue: events_freezable mmc_rescan\nCall trace:\nadd_dma_entry+0x234/0x2f4\ndebug_dma_map_sg+0x198/0x350\n__dma_map_sg_attrs+0xa0/0x110\ndma_map_sg_attrs+0x10/0x2c\nsdmmc_idma_prep_data+0x80/0xc0\nmmci_prep_data+0x38/0x84\nmmci_start_data+0x108/0x2dc\nmmci_request+0xe4/0x190\n__mmc_start_request+0x68/0x140\nmmc_start_request+0x94/0xc0\nmmc_wait_for_req+0x70/0x100\nmmc_send_tuning+0x108/0x1ac\nsdmmc_execute_tuning+0x14c/0x210\nmmc_execute_tuning+0x48/0xec\nmmc_sd_init_uhs_card.part.0+0x208/0x464\nmmc_sd_init_card+0x318/0x89c\nmmc_attach_sd+0xe4/0x180\nmmc_rescan+0x244/0x320\n\nDMA API debug brings to light leaking dma-mappings as dma_map_sg and\ndma_unmap_sg are not correctly balanced.\n\nIf an error occurs in mmci_cmd_irq function, only mmci_dma_error\nfunction is called and as this API is not managed on stm32 variant,\ndma_unmap_sg is never called in this error path.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26787 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26787 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9115. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26788) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fsl-qdma: init irq after reg initialization\n\nInitialize the qDMA irqs after the registers are configured so that\ninterrupts that may have been pending from a primary kernel don't get\nprocessed by the irq handler before it is ready to and cause panic with\nthe following trace:\n\n Call trace:\n fsl_qdma_queue_handler+0xf8/0x3e8\n __handle_irq_event_percpu+0x78/0x2b0\n handle_irq_event_percpu+0x1c/0x68\n handle_irq_event+0x44/0x78\n handle_fasteoi_irq+0xc8/0x178\n generic_handle_irq+0x24/0x38\n __handle_domain_irq+0x90/0x100\n gic_handle_irq+0x5c/0xb8\n el1_irq+0xb8/0x180\n _raw_spin_unlock_irqrestore+0x14/0x40\n __setup_irq+0x4bc/0x798\n request_threaded_irq+0xd8/0x190\n devm_request_threaded_irq+0x74/0xe8\n fsl_qdma_probe+0x4d4/0xca8\n platform_drv_probe+0x50/0xa0\n really_probe+0xe0/0x3f8\n driver_probe_device+0x64/0x130\n device_driver_attach+0x6c/0x78\n __driver_attach+0xbc/0x158\n bus_for_each_dev+0x5c/0x98\n driver_attach+0x20/0x28\n bus_add_driver+0x158/0x220\n driver_register+0x60/0x110\n __platform_driver_register+0x44/0x50\n fsl_qdma_driver_init+0x18/0x20\n do_one_initcall+0x48/0x258\n kernel_init_freeable+0x1a4/0x23c\n kernel_init+0x10/0xf8\n ret_from_fork+0x10/0x18', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26788 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26788 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9116. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26789) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: arm64/neonbs - fix out-of-bounds access on short input\n\nThe bit-sliced implementation of AES-CTR operates on blocks of 128\nbytes, and will fall back to the plain NEON version for tail blocks or\ninputs that are shorter than 128 bytes to begin with.\n\nIt will call straight into the plain NEON asm helper, which performs all\nmemory accesses in granules of 16 bytes (the size of a NEON register).\nFor this reason, the associated plain NEON glue code will copy inputs\nshorter than 16 bytes into a temporary buffer, given that this is a rare\noccurrence and it is not worth the effort to work around this in the asm\ncode.\n\nThe fallback from the bit-sliced NEON version fails to take this into\naccount, potentially resulting in out-of-bounds accesses. So clone the\nsame workaround, and use a temp buffer for short in/outputs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26789 was patched at 2024-05-15

9117. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26790) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read\n\nThere is chip (ls1028a) errata:\n\nThe SoC may hang on 16 byte unaligned read transactions by QDMA.\n\nUnaligned read transactions initiated by QDMA may stall in the NOC\n(Network On-Chip), causing a deadlock condition. Stalled transactions will\ntrigger completion timeouts in PCIe controller.\n\nWorkaround:\nEnable prefetch by setting the source descriptor prefetchable bit\n( SD[PF] = 1 ).\n\nImplement this workaround.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26790 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26790 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9118. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26791) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: dev-replace: properly validate device names\n\nThere's a syzbot report that device name buffers passed to device\nreplace are not properly checked for string termination which could lead\nto a read out of bounds in getname_kernel().\n\nAdd a helper that validates both source and target device name buffers.\nFor devid as the source initialize the buffer to empty string in case\nsomething tries to read it later.\n\nThis was originally analyzed and fixed in a different way by Edward Adam\nDavis (see links).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26791 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26791 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9119. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26795) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Sparse-Memory/vmemmap out-of-bounds fix\n\nOffset vmemmap so that the first page of vmemmap will be mapped\nto the first page of physical memory in order to ensure that\nvmemmap’s bounds will be respected during\npfn_to_page()/page_to_pfn() operations.\nThe conversion macros will produce correct SV39/48/57 addresses\nfor every possible/valid DRAM_BASE inside the physical memory limits.\n\nv2:Address Alex's comments', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26795 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26795 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9120. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26799) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: Fix uninitialized pointer dmactl\n\nIn the case where __lpass_get_dmactl_handle is called and the driver\nid dai_id is invalid the pointer dmactl is not being assigned a value,\nand dmactl contains a garbage value since it has not been initialized\nand so the null check may not work. Fix this to initialize dmactl to\nNULL. One could argue that modern compilers will set this to zero, but\nit is useful to keep this initialized as per the same way in functions\n__lpass_platform_codec_intf_init and lpass_cdc_dma_daiops_hw_params.\n\nCleans up clang scan build warning:\nsound/soc/qcom/lpass-cdc-dma.c:275:7: warning: Branch condition\nevaluates to a garbage value [core.uninitialized.Branch]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26799 was patched at 2024-05-15

9121. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26802) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nstmmac: Clear variable when destroying workqueue\n\nCurrently when suspending driver and stopping workqueue it is checked whether\nworkqueue is not NULL and if so, it is destroyed.\nFunction destroy_workqueue() does drain queue and does clear variable, but\nit does not set workqueue variable to NULL. This can cause kernel/module\npanic if code attempts to clear workqueue that was not initialized.\n\nThis scenario is possible when resuming suspended driver in stmmac_resume(),\nbecause there is no handling for failed stmmac_hw_setup(),\nwhich can fail and return if DMA engine has failed to initialize,\nand workqueue is initialized after DMA engine.\nShould DMA engine fail to initialize, resume will proceed normally,\nbut interface won't work and TX queue will eventually timeout,\ncausing 'Reset adapter' error.\nThis then does destroy workqueue during reset process.\nAnd since workqueue is initialized after DMA engine and can be skipped,\nit will cause kernel/module panic.\n\nTo secure against this possible crash, set workqueue variable to NULL when\ndestroying workqueue.\n\nLog/backtrace from crash goes as follows:\n[88.031977]------------[ cut here ]------------\n[88.031985]NETDEV WATCHDOG: eth0 (sxgmac): transmit queue 1 timed out\n[88.032017]WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:477 dev_watchdog+0x390/0x398\n <Skipping backtrace for watchdog timeout>\n[88.032251]---[ end trace e70de432e4d5c2c0 ]---\n[88.032282]sxgmac 16d88000.ethernet eth0: Reset adapter.\n[88.036359]------------[ cut here ]------------\n[88.036519]Call trace:\n[88.036523] flush_workqueue+0x3e4/0x430\n[88.036528] drain_workqueue+0xc4/0x160\n[88.036533] destroy_workqueue+0x40/0x270\n[88.036537] stmmac_fpe_stop_wq+0x4c/0x70\n[88.036541] stmmac_release+0x278/0x280\n[88.036546] __dev_close_many+0xcc/0x158\n[88.036551] dev_close_many+0xbc/0x190\n[88.036555] dev_close.part.0+0x70/0xc0\n[88.036560] dev_close+0x24/0x30\n[88.036564] stmmac_service_task+0x110/0x140\n[88.036569] process_one_work+0x1d8/0x4a0\n[88.036573] worker_thread+0x54/0x408\n[88.036578] kthread+0x164/0x170\n[88.036583] ret_from_fork+0x10/0x20\n[88.036588]---[ end trace e70de432e4d5c2c1 ]---\n[88.036597]Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26802 was patched at 2024-05-15

ubuntu: CVE-2024-26802 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9122. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26803) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: veth: clear GRO when clearing XDP even when down\n\nveth sets NETIF_F_GRO automatically when XDP is enabled,\nbecause both features use the same NAPI machinery.\n\nThe logic to clear NETIF_F_GRO sits in veth_disable_xdp() which\nis called both on ndo_stop and when XDP is turned off.\nTo avoid the flag from being cleared when the device is brought\ndown, the clearing is skipped when IFF_UP is not set.\nBringing the device down should indeed not modify its features.\n\nUnfortunately, this means that clearing is also skipped when\nXDP is disabled _while_ the device is down. And there's nothing\non the open path to bring the device features back into sync.\nIOW if user enables XDP, disables it and then brings the device\nup we'll end up with a stray GRO flag set but no NAPI instances.\n\nWe don't depend on the GRO flag on the datapath, so the datapath\nwon't crash. We will crash (or hang), however, next time features\nare sync'ed (either by user via ethtool or peer changing its config).\nThe GRO flag will go away, and veth will try to disable the NAPIs.\nBut the open path never created them since XDP was off, the GRO flag\nwas a stray. If NAPI was initialized before we'll hang in napi_disable().\nIf it never was we'll crash trying to stop uninitialized hrtimer.\n\nMove the GRO flag updates to the XDP enable / disable paths,\ninstead of mixing them with the ndo_open / ndo_close paths.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26803 was patched at 2024-05-15

ubuntu: CVE-2024-26803 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9123. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26805) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Fix kernel-infoleak-after-free in __skb_datagram_iter\n\nsyzbot reported the following uninit-value access issue [1]:\n\nnetlink_to_full_skb() creates a new `skb` and puts the `skb->data`\npassed as a 1st arg of netlink_to_full_skb() onto new `skb`. The data\nsize is specified as `len` and passed to skb_put_data(). This `len`\nis based on `skb->end` that is not data offset but buffer offset. The\n`skb->end` contains data and tailroom. Since the tailroom is not\ninitialized when the new `skb` created, KMSAN detects uninitialized\nmemory area when copying the data.\n\nThis patch resolved this issue by correct the len from `skb->end` to\n`skb->len`, which is the actual data offset.\n\nBUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in copy_to_user_iter lib/iov_iter.c:24 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_ubuf include/linux/iov_iter.h:29 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance include/linux/iov_iter.h:271 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n copy_to_user_iter lib/iov_iter.c:24 [inline]\n iterate_ubuf include/linux/iov_iter.h:29 [inline]\n iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n iterate_and_advance include/linux/iov_iter.h:271 [inline]\n _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186\n copy_to_iter include/linux/uio.h:197 [inline]\n simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:532\n __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:420\n skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546\n skb_copy_datagram_msg include/linux/skbuff.h:3960 [inline]\n packet_recvmsg+0xd9c/0x2000 net/packet/af_packet.c:3482\n sock_recvmsg_nosec net/socket.c:1044 [inline]\n sock_recvmsg net/socket.c:1066 [inline]\n sock_read_iter+0x467/0x580 net/socket.c:1136\n call_read_iter include/linux/fs.h:2014 [inline]\n new_sync_read fs/read_write.c:389 [inline]\n vfs_read+0x8f6/0xe00 fs/read_write.c:470\n ksys_read+0x20f/0x4c0 fs/read_write.c:613\n __do_sys_read fs/read_write.c:623 [inline]\n __se_sys_read fs/read_write.c:621 [inline]\n __x64_sys_read+0x93/0xd0 fs/read_write.c:621\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was stored to memory at:\n skb_put_data include/linux/skbuff.h:2622 [inline]\n netlink_to_full_skb net/netlink/af_netlink.c:181 [inline]\n __netlink_deliver_tap_skb net/netlink/af_netlink.c:298 [inline]\n __netlink_deliver_tap+0x5be/0xc90 net/netlink/af_netlink.c:325\n netlink_deliver_tap net/netlink/af_netlink.c:338 [inline]\n netlink_deliver_tap_kernel net/netlink/af_netlink.c:347 [inline]\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x10f1/0x1250 net/netlink/af_netlink.c:1368\n netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n __sys_sendmsg net/socket.c:2667 [inline]\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n free_pages_prepare mm/page_alloc.c:1087 [inline]\n free_unref_page_prepare+0xb0/0xa40 mm/page_alloc.c:2347\n free_unref_page_list+0xeb/0x1100 mm/page_alloc.c:2533\n release_pages+0x23d3/0x2410 mm/swap.c:1042\n free_pages_and_swap_cache+0xd9/0xf0 mm/swap_state.c:316\n tlb_batch_pages\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26805 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26805 was patched at 2024-05-16, 2024-05-20, 2024-05-21, 2024-05-23, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9124. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26808) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain\n\nRemove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER\nevent is reported, otherwise a stale reference to netdevice remains in\nthe hook list.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26808 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26808 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9125. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26820) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed\n\nIf hv_netvsc driver is unloaded and reloaded, the NET_DEVICE_REGISTER\nhandler cannot perform VF register successfully as the register call\nis received before netvsc_probe is finished. This is because we\nregister register_netdevice_notifier() very early( even before\nvmbus_driver_register()).\nTo fix this, we try to register each such matching VF( if it is visible\nas a netdevice) at the end of netvsc_probe.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26820 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26820 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9126. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26822) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: set correct id, uid and cruid for multiuser automounts\n\nWhen uid, gid and cruid are not specified, we need to dynamically\nset them into the filesystem context used for automounting otherwise\nthey'll end up reusing the values from the parent mount.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26822 was patched at 2024-05-15

9127. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26825) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: nci: free rx_data_reassembly skb on NCI device cleanup\n\nrx_data_reassembly skb is stored during NCI data exchange for processing\nfragmented packets. It is dropped only when the last fragment is processed\nor when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received.\nHowever, the NCI device may be deallocated before that which leads to skb\nleak.\n\nAs by design the rx_data_reassembly skb is bound to the NCI device and\nnothing prevents the device to be freed before the skb is processed in\nsome way and cleaned, free it on the NCI device cleanup.\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26825 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26825 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9128. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26826) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix data re-injection from stale subflow\n\nWhen the MPTCP PM detects that a subflow is stale, all the packet\nscheduler must re-inject all the mptcp-level unacked data. To avoid\nacquiring unneeded locks, it first try to check if any unacked data\nis present at all in the RTX queue, but such check is currently\nbroken, as it uses TCP-specific helper on an MPTCP socket.\n\nFunnily enough fuzzers and static checkers are happy, as the accessed\nmemory still belongs to the mptcp_sock struct, and even from a\nfunctional perspective the recovery completed successfully, as\nthe short-cut test always failed.\n\nA recent unrelated TCP change - commit d5fed5addb2b ("tcp: reorganize\ntcp_sock fast path variables") - exposed the issue, as the tcp field\nreorganization makes the mptcp code always skip the re-inection.\n\nFix the issue dropping the bogus call: we are on a slow path, the early\noptimization proved once again to be evil.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26826 was patched at 2024-05-15

ubuntu: CVE-2024-26826 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9129. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26828) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix underflow in parse_server_interfaces()\n\nIn this loop, we step through the buffer and after each item we check\nif the size_left is greater than the minimum size we need. However,\nthe problem is that "bytes_left" is type ssize_t while sizeof() is type\nsize_t. That means that because of type promotion, the comparison is\ndone as an unsigned and if we have negative bytes left the loop\ncontinues instead of ending.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26828 was patched at 2024-05-15

redhat: CVE-2024-26828 was patched at 2024-05-29

9130. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26829) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ir_toy: fix a memleak in irtoy_tx\n\nWhen irtoy_command fails, buf should be freed since it is allocated by\nirtoy_tx, or there is a memleak.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26829 was patched at 2024-05-15

ubuntu: CVE-2024-26829 was patched at 2024-05-07, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9131. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26830) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: Do not allow untrusted VF to remove administratively set MAC\n\nCurrently when PF administratively sets VF's MAC address and the VF\nis put down (VF tries to delete all MACs) then the MAC is removed\nfrom MAC filters and primary VF MAC is zeroed.\n\nDo not allow untrusted VF to remove primary MAC when it was set\nadministratively by PF.\n\nReproducer:\n1) Create VF\n2) Set VF interface up\n3) Administratively set the VF's MAC\n4) Put VF interface down\n\n[root@host ~]# echo 1 > /sys/class/net/enp2s0f0/device/sriov_numvfs\n[root@host ~]# ip link set enp2s0f0v0 up\n[root@host ~]# ip link set enp2s0f0 vf 0 mac fe:6c:b5:da:c7:7d\n[root@host ~]# ip link show enp2s0f0\n23: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000\n link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff\n vf 0 link/ether fe:6c:b5:da:c7:7d brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off\n[root@host ~]# ip link set enp2s0f0v0 down\n[root@host ~]# ip link show enp2s0f0\n23: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000\n link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff\n vf 0 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26830 was patched at 2024-05-15

9132. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26834) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_flow_offload: release dst in case direct xmit path is used\n\nDirect xmit does not use it since it calls dev_queue_xmit() to send\npackets, hence it calls dst_release().\n\nkmemleak reports:\n\nunreferenced object 0xffff88814f440900 (size 184):\n comm "softirq", pid 0, jiffies 4294951896\n hex dump (first 32 bytes):\n 00 60 5b 04 81 88 ff ff 00 e6 e8 82 ff ff ff ff .`[.............\n 21 0b 50 82 ff ff ff ff 00 00 00 00 00 00 00 00 !.P.............\n backtrace (crc cb2bf5d6):\n [<000000003ee17107>] kmem_cache_alloc+0x286/0x340\n [<0000000021a5de2c>] dst_alloc+0x43/0xb0\n [<00000000f0671159>] rt_dst_alloc+0x2e/0x190\n [<00000000fe5092c9>] __mkroute_output+0x244/0x980\n [<000000005fb96fb0>] ip_route_output_flow+0xc0/0x160\n [<0000000045367433>] nf_ip_route+0xf/0x30\n [<0000000085da1d8e>] nf_route+0x2d/0x60\n [<00000000d1ecd1cb>] nft_flow_route+0x171/0x6a0 [nft_flow_offload]\n [<00000000d9b2fb60>] nft_flow_offload_eval+0x4e8/0x700 [nft_flow_offload]\n [<000000009f447dbb>] expr_call_ops_eval+0x53/0x330 [nf_tables]\n [<00000000072e1be6>] nft_do_chain+0x17c/0x840 [nf_tables]\n [<00000000d0551029>] nft_do_chain_inet+0xa1/0x210 [nf_tables]\n [<0000000097c9d5c6>] nf_hook_slow+0x5b/0x160\n [<0000000005eccab1>] ip_forward+0x8b6/0x9b0\n [<00000000553a269b>] ip_rcv+0x221/0x230\n [<00000000412872e5>] __netif_receive_skb_one_core+0xfe/0x110', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26834 was patched at 2024-05-15

9133. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26835) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: set dormant flag on hook register failure\n\nWe need to set the dormant flag again if we fail to register\nthe hooks.\n\nDuring memory pressure hook registration can fail and we end up\nwith a table marked as active but no registered hooks.\n\nOn table/base chain deletion, nf_tables will attempt to unregister\nthe hook again which yields a warn splat from the nftables core.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26835 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26835 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9134. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26836) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: think-lmi: Fix password opcode ordering for workstations\n\nThe Lenovo workstations require the password opcode to be run before\nthe attribute value is changed (if Admin password is enabled).\n\nTested on some Thinkpads to confirm they are OK with this order too.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26836 was patched at 2024-05-15

9135. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26837) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: switchdev: Skip MDB replays of deferred events on offload\n\nBefore this change, generation of the list of MDB events to replay\nwould race against the creation of new group memberships, either from\nthe IGMP/MLD snooping logic or from user configuration.\n\nWhile new memberships are immediately visible to walkers of\nbr->mdb_list, the notification of their existence to switchdev event\nsubscribers is deferred until a later point in time. So if a replay\nlist was generated during a time that overlapped with such a window,\nit would also contain a replay of the not-yet-delivered event.\n\nThe driver would thus receive two copies of what the bridge internally\nconsidered to be one single event. On destruction of the bridge, only\na single membership deletion event was therefore sent. As a\nconsequence of this, drivers which reference count memberships (at\nleast DSA), would be left with orphan groups in their hardware\ndatabase when the bridge was destroyed.\n\nThis is only an issue when replaying additions. While deletion events\nmay still be pending on the deferred queue, they will already have\nbeen removed from br->mdb_list, so no duplicates can be generated in\nthat scenario.\n\nTo a user this meant that old group memberships, from a bridge in\nwhich a port was previously attached, could be reanimated (in\nhardware) when the port joined a new bridge, without the new bridge's\nknowledge.\n\nFor example, on an mv88e6xxx system, create a snooping bridge and\nimmediately add a port to it:\n\n root@infix-06-0b-00:~$ ip link add dev br0 up type bridge mcast_snooping 1 && \\\n > ip link set dev x3 up master br0\n\nAnd then destroy the bridge:\n\n root@infix-06-0b-00:~$ ip link del dev br0\n root@infix-06-0b-00:~$ mvls atu\n ADDRESS FID STATE Q F 0 1 2 3 4 5 6 7 8 9 a\n DEV:0 Marvell 88E6393X\n 33:33:00:00:00:6a 1 static - - 0 . . . . . . . . . .\n 33:33:ff:87:e4:3f 1 static - - 0 . . . . . . . . . .\n ff:ff:ff:ff:ff:ff 1 static - - 0 1 2 3 4 5 6 7 8 9 a\n root@infix-06-0b-00:~$\n\nThe two IPv6 groups remain in the hardware database because the\nport (x3) is notified of the host's membership twice: once via the\noriginal event and once via a replay. Since only a single delete\nnotification is sent, the count remains at 1 when the bridge is\ndestroyed.\n\nThen add the same port (or another port belonging to the same hardware\ndomain) to a new bridge, this time with snooping disabled:\n\n root@infix-06-0b-00:~$ ip link add dev br1 up type bridge mcast_snooping 0 && \\\n > ip link set dev x3 up master br1\n\nAll multicast, including the two IPv6 groups from br0, should now be\nflooded, according to the policy of br1. But instead the old\nmemberships are still active in the hardware database, causing the\nswitch to only forward traffic to those groups towards the CPU (port\n0).\n\nEliminate the race in two steps:\n\n1. Grab the write-side lock of the MDB while generating the replay\n list.\n\nThis prevents new memberships from showing up while we are generating\nthe replay list. But it leaves the scenario in which a deferred event\nwas already generated, but not delivered, before we grabbed the\nlock. Therefore:\n\n2. Make sure that no deferred version of a replay event is already\n enqueued to the switchdev deferred queue, before adding it to the\n replay list, when replaying additions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26837 was patched at 2024-05-15

9136. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26838) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix KASAN issue with tasklet\n\nKASAN testing revealed the following issue assocated with freeing an IRQ.\n\n[50006.466686] Call Trace:\n[50006.466691] <IRQ>\n[50006.489538] dump_stack+0x5c/0x80\n[50006.493475] print_address_description.constprop.6+0x1a/0x150\n[50006.499872] ? irdma_sc_process_ceq+0x483/0x790 [irdma]\n[50006.505742] ? irdma_sc_process_ceq+0x483/0x790 [irdma]\n[50006.511644] kasan_report.cold.11+0x7f/0x118\n[50006.516572] ? irdma_sc_process_ceq+0x483/0x790 [irdma]\n[50006.522473] irdma_sc_process_ceq+0x483/0x790 [irdma]\n[50006.528232] irdma_process_ceq+0xb2/0x400 [irdma]\n[50006.533601] ? irdma_hw_flush_wqes_callback+0x370/0x370 [irdma]\n[50006.540298] irdma_ceq_dpc+0x44/0x100 [irdma]\n[50006.545306] tasklet_action_common.isra.14+0x148/0x2c0\n[50006.551096] __do_softirq+0x1d0/0xaf8\n[50006.555396] irq_exit_rcu+0x219/0x260\n[50006.559670] irq_exit+0xa/0x20\n[50006.563320] smp_apic_timer_interrupt+0x1bf/0x690\n[50006.568645] apic_timer_interrupt+0xf/0x20\n[50006.573341] </IRQ>\n\nThe issue is that a tasklet could be pending on another core racing\nthe delete of the irq.\n\nFix by insuring any scheduled tasklet is killed after deleting the\nirq.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26838 was patched at 2024-05-15

ubuntu: CVE-2024-26838 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9137. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26839) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix a memleak in init_credit_return\n\nWhen dma_alloc_coherent fails to allocate dd->cr_base[i].va,\ninit_credit_return should deallocate dd->cr_base and\ndd->cr_base[i] that allocated before. Or those resources\nwould be never freed and a memleak is triggered.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26839 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26839 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9138. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26841) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Update cpu_sibling_map when disabling nonboot CPUs\n\nUpdate cpu_sibling_map when disabling nonboot CPUs by defining & calling\nclear_cpu_sibling_map(), otherwise we get such errors on SMT systems:\n\njump label: negative count!\nWARNING: CPU: 6 PID: 45 at kernel/jump_label.c:263 __static_key_slow_dec_cpuslocked+0xec/0x100\nCPU: 6 PID: 45 Comm: cpuhp/6 Not tainted 6.8.0-rc5+ #1340\npc 90000000004c302c ra 90000000004c302c tp 90000001005bc000 sp 90000001005bfd20\na0 000000000000001b a1 900000000224c278 a2 90000001005bfb58 a3 900000000224c280\na4 900000000224c278 a5 90000001005bfb50 a6 0000000000000001 a7 0000000000000001\nt0 ce87a4763eb5234a t1 ce87a4763eb5234a t2 0000000000000000 t3 0000000000000000\nt4 0000000000000006 t5 0000000000000000 t6 0000000000000064 t7 0000000000001964\nt8 000000000009ebf6 u0 9000000001f2a068 s9 0000000000000000 s0 900000000246a2d8\ns1 ffffffffffffffff s2 ffffffffffffffff s3 90000000021518c0 s4 0000000000000040\ns5 9000000002151058 s6 9000000009828e40 s7 00000000000000b4 s8 0000000000000006\n ra: 90000000004c302c __static_key_slow_dec_cpuslocked+0xec/0x100\n ERA: 90000000004c302c __static_key_slow_dec_cpuslocked+0xec/0x100\n CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n PRMD: 00000004 (PPLV0 +PIE -PWE)\n EUEN: 00000000 (-FPE -SXE -ASXE -BTE)\n ECFG: 00071c1c (LIE=2-4,10-12 VS=7)\nESTAT: 000c0000 [BRK] (IS= ECode=12 EsubCode=0)\n PRID: 0014d000 (Loongson-64bit, Loongson-3A6000-HV)\nCPU: 6 PID: 45 Comm: cpuhp/6 Not tainted 6.8.0-rc5+ #1340\nStack : 0000000000000000 900000000203f258 900000000179afc8 90000001005bc000\n 90000001005bf980 0000000000000000 90000001005bf988 9000000001fe0be0\n 900000000224c280 900000000224c278 90000001005bf8c0 0000000000000001\n 0000000000000001 ce87a4763eb5234a 0000000007f38000 90000001003f8cc0\n 0000000000000000 0000000000000006 0000000000000000 4c206e6f73676e6f\n 6f4c203a656d616e 000000000009ec99 0000000007f38000 0000000000000000\n 900000000214b000 9000000001fe0be0 0000000000000004 0000000000000000\n 0000000000000107 0000000000000009 ffffffffffafdabe 00000000000000b4\n 0000000000000006 90000000004c302c 9000000000224528 00005555939a0c7c\n 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c\n ...\nCall Trace:\n[<9000000000224528>] show_stack+0x48/0x1a0\n[<900000000179afc8>] dump_stack_lvl+0x78/0xa0\n[<9000000000263ed0>] __warn+0x90/0x1a0\n[<90000000017419b8>] report_bug+0x1b8/0x280\n[<900000000179c564>] do_bp+0x264/0x420\n[<90000000004c302c>] __static_key_slow_dec_cpuslocked+0xec/0x100\n[<90000000002b4d7c>] sched_cpu_deactivate+0x2fc/0x300\n[<9000000000266498>] cpuhp_invoke_callback+0x178/0x8a0\n[<9000000000267f70>] cpuhp_thread_fun+0xf0/0x240\n[<90000000002a117c>] smpboot_thread_fn+0x1dc/0x2e0\n[<900000000029a720>] kthread+0x140/0x160\n[<9000000000222288>] ret_from_kernel_thread+0xc/0xa4', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26841 was patched at 2024-05-15

9139. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26842) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Fix shift issue in ufshcd_clear_cmd()\n\nWhen task_tag >= 32 (in MCQ mode) and sizeof(unsigned int) == 4, 1U <<\ntask_tag will out of bounds for a u32 mask. Fix this up to prevent\nSHIFT_ISSUE (bitwise shifts that are out of bounds for their data type).\n\n[name:debug_monitors&]Unexpected kernel BRK exception at EL1\n[name:traps&]Internal error: BRK handler: 00000000f2005514 [#1] PREEMPT SMP\n[name:mediatek_cpufreq_hw&]cpufreq stop DVFS log done\n[name:mrdump&]Kernel Offset: 0x1ba5800000 from 0xffffffc008000000\n[name:mrdump&]PHYS_OFFSET: 0x80000000\n[name:mrdump&]pstate: 22400005 (nzCv daif +PAN -UAO)\n[name:mrdump&]pc : [0xffffffdbaf52bb2c] ufshcd_clear_cmd+0x280/0x288\n[name:mrdump&]lr : [0xffffffdbaf52a774] ufshcd_wait_for_dev_cmd+0x3e4/0x82c\n[name:mrdump&]sp : ffffffc0081471b0\n<snip>\nWorkqueue: ufs_eh_wq_0 ufshcd_err_handler\nCall trace:\n dump_backtrace+0xf8/0x144\n show_stack+0x18/0x24\n dump_stack_lvl+0x78/0x9c\n dump_stack+0x18/0x44\n mrdump_common_die+0x254/0x480 [mrdump]\n ipanic_die+0x20/0x30 [mrdump]\n notify_die+0x15c/0x204\n die+0x10c/0x5f8\n arm64_notify_die+0x74/0x13c\n do_debug_exception+0x164/0x26c\n el1_dbg+0x64/0x80\n el1h_64_sync_handler+0x3c/0x90\n el1h_64_sync+0x68/0x6c\n ufshcd_clear_cmd+0x280/0x288\n ufshcd_wait_for_dev_cmd+0x3e4/0x82c\n ufshcd_exec_dev_cmd+0x5bc/0x9ac\n ufshcd_verify_dev_init+0x84/0x1c8\n ufshcd_probe_hba+0x724/0x1ce0\n ufshcd_host_reset_and_restore+0x260/0x574\n ufshcd_reset_and_restore+0x138/0xbd0\n ufshcd_err_handler+0x1218/0x2f28\n process_one_work+0x5fc/0x1140\n worker_thread+0x7d8/0xe20\n kthread+0x25c/0x468\n ret_from_fork+0x10/0x20', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26842 was patched at 2024-05-15

9140. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26843) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nefi: runtime: Fix potential overflow of soft-reserved region size\n\nmd_size will have been narrowed if we have >= 4GB worth of pages in a\nsoft-reserved region.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26843 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26843 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9141. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26844) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix WARNING in _copy_from_iter\n\nSyzkaller reports a warning in _copy_from_iter because an\niov_iter is supposedly used in the wrong direction. The reason\nis that syzcaller managed to generate a request with\na transfer direction of SG_DXFER_TO_FROM_DEV. This instructs\nthe kernel to copy user buffers into the kernel, read into\nthe copied buffers and then copy the data back to user space.\n\nThus the iovec is used in both directions.\n\nDetect this situation in the block layer and construct a new\niterator with the correct direction for the copy-in.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26844 was patched at 2024-05-15

9142. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26845) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: core: Add TMF to tmr_list handling\n\nAn abort that is responded to by iSCSI itself is added to tmr_list but does\nnot go to target core. A LUN_RESET that goes through tmr_list takes a\nrefcounter on the abort and waits for completion. However, the abort will\nbe never complete because it was not started in target core.\n\n Unable to locate ITT: 0x05000000 on CID: 0\n Unable to locate RefTaskTag: 0x05000000 on CID: 0.\n wait_for_tasks: Stopping tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop\n wait for tasks: tmf LUN_RESET with tag 0x0 ref_task_tag 0x0 i_state 34 t_state ISTATE_PROCESSING refcnt 2 transport_state active,stop,fabric_stop\n...\n INFO: task kworker/0:2:49 blocked for more than 491 seconds.\n task:kworker/0:2 state:D stack: 0 pid: 49 ppid: 2 flags:0x00000800\n Workqueue: events target_tmr_work [target_core_mod]\nCall Trace:\n __switch_to+0x2c4/0x470\n _schedule+0x314/0x1730\n schedule+0x64/0x130\n schedule_timeout+0x168/0x430\n wait_for_completion+0x140/0x270\n target_put_cmd_and_wait+0x64/0xb0 [target_core_mod]\n core_tmr_lun_reset+0x30/0xa0 [target_core_mod]\n target_tmr_work+0xc8/0x1b0 [target_core_mod]\n process_one_work+0x2d4/0x5d0\n worker_thread+0x78/0x6c0\n\nTo fix this, only add abort to tmr_list if it will be handled by target\ncore.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26845 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26845 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-12, 2024-06-14

9143. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26846) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-fc: do not wait in vain when unloading module\n\nThe module exit path has race between deleting all controllers and\nfreeing 'left over IDs'. To prevent double free a synchronization\nbetween nvme_delete_ctrl and ida_destroy has been added by the initial\ncommit.\n\nThere is some logic around trying to prevent from hanging forever in\nwait_for_completion, though it does not handling all cases. E.g.\nblktests is able to reproduce the situation where the module unload\nhangs forever.\n\nIf we completely rely on the cleanup code executed from the\nnvme_delete_ctrl path, all IDs will be freed eventually. This makes\ncalling ida_destroy unnecessary. We only have to ensure that all\nnvme_delete_ctrl code has been executed before we leave\nnvme_fc_exit_module. This is done by flushing the nvme_delete_wq\nworkqueue.\n\nWhile at it, remove the unused nvme_fc_wq workqueue too.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26846 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26846 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9144. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26848) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Fix endless loop in directory parsing\n\nIf a directory has a block with only ".__afsXXXX" files in it (from\nuncompleted silly-rename), these .__afsXXXX files are skipped but without\nadvancing the file position in the dir_context. This leads to\nafs_dir_iterate() repeating the block again and again.\n\nFix this by making the code that skips the .__afsXXXX file also manually\nadvance the file position.\n\nThe symptoms are a soft lookup:\n\n watchdog: BUG: soft lockup - CPU#3 stuck for 52s! [check:5737]\n ...\n RIP: 0010:afs_dir_iterate_block+0x39/0x1fd\n ...\n ? watchdog_timer_fn+0x1a6/0x213\n ...\n ? asm_sysvec_apic_timer_interrupt+0x16/0x20\n ? afs_dir_iterate_block+0x39/0x1fd\n afs_dir_iterate+0x10a/0x148\n afs_readdir+0x30/0x4a\n iterate_dir+0x93/0xd3\n __do_sys_getdents64+0x6b/0xd4\n\nThis is almost certainly the actual fix for:\n\n https://bugzilla.kernel.org/show_bug.cgi?id=218496', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26848 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26848 was patched at 2024-06-07, 2024-06-11, 2024-06-12, 2024-06-14

9145. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26849) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: add nla be16/32 types to minlen array\n\nBUG: KMSAN: uninit-value in nla_validate_range_unsigned lib/nlattr.c:222 [inline]\nBUG: KMSAN: uninit-value in nla_validate_int_range lib/nlattr.c:336 [inline]\nBUG: KMSAN: uninit-value in validate_nla lib/nlattr.c:575 [inline]\nBUG: KMSAN: uninit-value in __nla_validate_parse+0x2e20/0x45c0 lib/nlattr.c:631\n nla_validate_range_unsigned lib/nlattr.c:222 [inline]\n nla_validate_int_range lib/nlattr.c:336 [inline]\n validate_nla lib/nlattr.c:575 [inline]\n...\n\nThe message in question matches this policy:\n\n [NFTA_TARGET_REV] = NLA_POLICY_MAX(NLA_BE32, 255),\n\nbut because NLA_BE32 size in minlen array is 0, the validation\ncode will read past the malformed (too small) attribute.\n\nNote: Other attributes, e.g. BITFIELD32, SINT, UINT.. are also missing:\nthose likely should be added too.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26849 was patched at 2024-05-15

9146. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26851) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_h323: Add protection for bmp length out of range\n\nUBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts\nthat are out of bounds for their data type.\n\nvmlinux get_bitmap(b=75) + 712\n<net/netfilter/nf_conntrack_h323_asn1.c:0>\nvmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956\n<net/netfilter/nf_conntrack_h323_asn1.c:592>\nvmlinux decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216\n<net/netfilter/nf_conntrack_h323_asn1.c:814>\nvmlinux decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812\n<net/netfilter/nf_conntrack_h323_asn1.c:576>\nvmlinux decode_choice(base=0xFFFFFFD008037280, level=0) + 1216\n<net/netfilter/nf_conntrack_h323_asn1.c:814>\nvmlinux DecodeRasMessage() + 304\n<net/netfilter/nf_conntrack_h323_asn1.c:833>\nvmlinux ras_help() + 684\n<net/netfilter/nf_conntrack_h323_main.c:1728>\nvmlinux nf_confirm() + 188\n<net/netfilter/nf_conntrack_proto.c:137>\n\nDue to abnormal data in skb->data, the extension bitmap length\nexceeds 32 when decoding ras message then uses the length to make\na shift operation. It will change into negative after several loop.\nUBSAN load could detect a negative shift as an undefined behaviour\nand reports exception.\nSo we add the protection to avoid the length exceeding 32. Or else\nit will return out of range error and stop decoding.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26851 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26851 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9147. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26855) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()\n\nThe function ice_bridge_setlink() may encounter a NULL pointer dereference\nif nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently\nin nla_for_each_nested(). To address this issue, add a check to ensure that\nbr_spec is not NULL before proceeding with the nested attribute iteration.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26855 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26855 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9148. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26857) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ngeneve: make sure to pull inner header in geneve_rx()\n\nsyzbot triggered a bug in geneve_rx() [1]\n\nIssue is similar to the one I fixed in commit 8d975c15c0cd\n("ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()")\n\nWe have to save skb->network_header in a temporary variable\nin order to be able to recompute the network_header pointer\nafter a pskb_inet_may_pull() call.\n\npskb_inet_may_pull() makes sure the needed headers are in skb->head.\n\n[1]\nBUG: KMSAN: uninit-value in IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n BUG: KMSAN: uninit-value in geneve_rx drivers/net/geneve.c:279 [inline]\n BUG: KMSAN: uninit-value in geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391\n IP_ECN_decapsulate include/net/inet_ecn.h:302 [inline]\n geneve_rx drivers/net/geneve.c:279 [inline]\n geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391\n udp_queue_rcv_one_skb+0x1d39/0x1f20 net/ipv4/udp.c:2108\n udp_queue_rcv_skb+0x6ae/0x6e0 net/ipv4/udp.c:2186\n udp_unicast_rcv_skb+0x184/0x4b0 net/ipv4/udp.c:2346\n __udp4_lib_rcv+0x1c6b/0x3010 net/ipv4/udp.c:2422\n udp_rcv+0x7d/0xa0 net/ipv4/udp.c:2604\n ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2b8/0x440 net/ipv4/ip_input.c:233\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254\n dst_input include/net/dst.h:461 [inline]\n ip_rcv_finish net/ipv4/ip_input.c:449 [inline]\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core net/core/dev.c:5534 [inline]\n __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5648\n process_backlog+0x480/0x8b0 net/core/dev.c:5976\n __napi_poll+0xe3/0x980 net/core/dev.c:6576\n napi_poll net/core/dev.c:6645 [inline]\n net_rx_action+0x8b8/0x1870 net/core/dev.c:6778\n __do_softirq+0x1b7/0x7c5 kernel/softirq.c:553\n do_softirq+0x9a/0xf0 kernel/softirq.c:454\n __local_bh_enable_ip+0x9b/0xa0 kernel/softirq.c:381\n local_bh_enable include/linux/bottom_half.h:33 [inline]\n rcu_read_unlock_bh include/linux/rcupdate.h:820 [inline]\n __dev_queue_xmit+0x2768/0x51c0 net/core/dev.c:4378\n dev_queue_xmit include/linux/netdevice.h:3171 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3081 [inline]\n packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3819 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n kmem_cache_alloc_node+0x5cb/0xbc0 mm/slub.c:3903\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n __alloc_skb+0x352/0x790 net/core/skbuff.c:651\n alloc_skb include/linux/skbuff.h:1296 [inline]\n alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6394\n sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2783\n packet_alloc_skb net/packet/af_packet.c:2930 [inline]\n packet_snd net/packet/af_packet.c:3024 [inline]\n packet_sendmsg+0x70c2/0x9f10 net/packet/af_packet.c:3113\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26857 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26857 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9149. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26861) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: receive: annotate data-race around receiving_counter.counter\n\nSyzkaller with KCSAN identified a data-race issue when accessing\nkeypair->receiving_counter.counter. Use READ_ONCE() and WRITE_ONCE()\nannotations to mark the data race as intentional.\n\n BUG: KCSAN: data-race in wg_packet_decrypt_worker / wg_packet_rx_poll\n\n write to 0xffff888107765888 of 8 bytes by interrupt on cpu 0:\n counter_validate drivers/net/wireguard/receive.c:321 [inline]\n wg_packet_rx_poll+0x3ac/0xf00 drivers/net/wireguard/receive.c:461\n __napi_poll+0x60/0x3b0 net/core/dev.c:6536\n napi_poll net/core/dev.c:6605 [inline]\n net_rx_action+0x32b/0x750 net/core/dev.c:6738\n __do_softirq+0xc4/0x279 kernel/softirq.c:553\n do_softirq+0x5e/0x90 kernel/softirq.c:454\n __local_bh_enable_ip+0x64/0x70 kernel/softirq.c:381\n __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n _raw_spin_unlock_bh+0x36/0x40 kernel/locking/spinlock.c:210\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n ptr_ring_consume_bh include/linux/ptr_ring.h:367 [inline]\n wg_packet_decrypt_worker+0x6c5/0x700 drivers/net/wireguard/receive.c:499\n process_one_work kernel/workqueue.c:2633 [inline]\n ...\n\n read to 0xffff888107765888 of 8 bytes by task 3196 on cpu 1:\n decrypt_packet drivers/net/wireguard/receive.c:252 [inline]\n wg_packet_decrypt_worker+0x220/0x700 drivers/net/wireguard/receive.c:501\n process_one_work kernel/workqueue.c:2633 [inline]\n process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2706\n worker_thread+0x525/0x730 kernel/workqueue.c:2787\n ...', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26861 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26861 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9150. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26862) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npacket: annotate data-races around ignore_outgoing\n\nignore_outgoing is read locklessly from dev_queue_xmit_nit()\nand packet_getsockopt()\n\nAdd appropriate READ_ONCE()/WRITE_ONCE() annotations.\n\nsyzbot reported:\n\nBUG: KCSAN: data-race in dev_queue_xmit_nit / packet_setsockopt\n\nwrite to 0xffff888107804542 of 1 bytes by task 22618 on cpu 0:\n packet_setsockopt+0xd83/0xfd0 net/packet/af_packet.c:4003\n do_sock_setsockopt net/socket.c:2311 [inline]\n __sys_setsockopt+0x1d8/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0x66/0x80 net/socket.c:2340\n do_syscall_64+0xd3/0x1d0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nread to 0xffff888107804542 of 1 bytes by task 27 on cpu 1:\n dev_queue_xmit_nit+0x82/0x620 net/core/dev.c:2248\n xmit_one net/core/dev.c:3527 [inline]\n dev_hard_start_xmit+0xcc/0x3f0 net/core/dev.c:3547\n __dev_queue_xmit+0xf24/0x1dd0 net/core/dev.c:4335\n dev_queue_xmit include/linux/netdevice.h:3091 [inline]\n batadv_send_skb_packet+0x264/0x300 net/batman-adv/send.c:108\n batadv_send_broadcast_skb+0x24/0x30 net/batman-adv/send.c:127\n batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:392 [inline]\n batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:420 [inline]\n batadv_iv_send_outstanding_bat_ogm_packet+0x3f0/0x4b0 net/batman-adv/bat_iv_ogm.c:1700\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0x465/0x990 kernel/workqueue.c:3335\n worker_thread+0x526/0x730 kernel/workqueue.c:3416\n kthread+0x1d1/0x210 kernel/kthread.c:388\n ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243\n\nvalue changed: 0x00 -> 0x01\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 1 PID: 27 Comm: kworker/u8:1 Tainted: G W 6.8.0-syzkaller-08073-g480e035fc4c7 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\nWorkqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26862 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26862 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9151. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26863) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nhsr: Fix uninit-value access in hsr_get_node()\n\nKMSAN reported the following uninit-value access issue [1]:\n\n=====================================================\nBUG: KMSAN: uninit-value in hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246\n hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246\n fill_frame_info net/hsr/hsr_forward.c:577 [inline]\n hsr_forward_skb+0xe12/0x30e0 net/hsr/hsr_forward.c:615\n hsr_dev_xmit+0x1a1/0x270 net/hsr/hsr_device.c:223\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564\n __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3087 [inline]\n packet_sendmsg+0x8b1d/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n slab_alloc_node mm/slub.c:3478 [inline]\n kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523\n kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560\n __alloc_skb+0x318/0x740 net/core/skbuff.c:651\n alloc_skb include/linux/skbuff.h:1286 [inline]\n alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334\n sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787\n packet_alloc_skb net/packet/af_packet.c:2936 [inline]\n packet_snd net/packet/af_packet.c:3030 [inline]\n packet_sendmsg+0x70e8/0x9f30 net/packet/af_packet.c:3119\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nCPU: 1 PID: 5033 Comm: syz-executor334 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023\n=====================================================\n\nIf the packet type ID field in the Ethernet header is either ETH_P_PRP or\nETH_P_HSR, but it is not followed by an HSR tag, hsr_get_skb_sequence_nr()\nreads an invalid value as a sequence number. This causes the above issue.\n\nThis patch fixes the issue by returning NULL if the Ethernet header is not\nfollowed by an HSR tag.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26863 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26863 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9152. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26864) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Fix refcnt handling in __inet_hash_connect().\n\nsyzbot reported a warning in sk_nulls_del_node_init_rcu().\n\nThe commit 66b60b0c8c4a ("dccp/tcp: Unhash sk from ehash for tb2 alloc\nfailure after check_estalblished().") tried to fix an issue that an\nunconnected socket occupies an ehash entry when bhash2 allocation fails.\n\nIn such a case, we need to revert changes done by check_established(),\nwhich does not hold refcnt when inserting socket into ehash.\n\nSo, to revert the change, we need to __sk_nulls_add_node_rcu() instead\nof sk_nulls_add_node_rcu().\n\nOtherwise, sock_put() will cause refcnt underflow and leak the socket.\n\n[0]:\nWARNING: CPU: 0 PID: 23948 at include/net/sock.h:799 sk_nulls_del_node_init_rcu+0x166/0x1a0 include/net/sock.h:799\nModules linked in:\nCPU: 0 PID: 23948 Comm: syz-executor.2 Not tainted 6.8.0-rc6-syzkaller-00159-gc055fc00c07b #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nRIP: 0010:sk_nulls_del_node_init_rcu+0x166/0x1a0 include/net/sock.h:799\nCode: e8 7f 71 c6 f7 83 fb 02 7c 25 e8 35 6d c6 f7 4d 85 f6 0f 95 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 1b 6d c6 f7 90 <0f> 0b 90 eb b2 e8 10 6d c6 f7 4c 89 e7 be 04 00 00 00 e8 63 e7 d2\nRSP: 0018:ffffc900032d7848 EFLAGS: 00010246\nRAX: ffffffff89cd0035 RBX: 0000000000000001 RCX: 0000000000040000\nRDX: ffffc90004de1000 RSI: 000000000003ffff RDI: 0000000000040000\nRBP: 1ffff1100439ac26 R08: ffffffff89ccffe3 R09: 1ffff1100439ac28\nR10: dffffc0000000000 R11: ffffed100439ac29 R12: ffff888021cd6140\nR13: dffffc0000000000 R14: ffff88802a9bf5c0 R15: ffff888021cd6130\nFS: 00007f3b823f16c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f3b823f0ff8 CR3: 000000004674a000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n <TASK>\n __inet_hash_connect+0x140f/0x20b0 net/ipv4/inet_hashtables.c:1139\n dccp_v6_connect+0xcb9/0x1480 net/dccp/ipv6.c:956\n __inet_stream_connect+0x262/0xf30 net/ipv4/af_inet.c:678\n inet_stream_connect+0x65/0xa0 net/ipv4/af_inet.c:749\n __sys_connect_file net/socket.c:2048 [inline]\n __sys_connect+0x2df/0x310 net/socket.c:2065\n __do_sys_connect net/socket.c:2075 [inline]\n __se_sys_connect net/socket.c:2072 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2072\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\nRIP: 0033:0x7f3b8167dda9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f3b823f10c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 00007f3b817abf80 RCX: 00007f3b8167dda9\nRDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003\nRBP: 00007f3b823f1120 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001\nR13: 000000000000000b R14: 00007f3b817abf80 R15: 00007ffd3beb57b8\n </TASK>', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26864 was patched at 2024-05-15

ubuntu: CVE-2024-26864 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9153. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26868) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: fix panic when nfs4_ff_layout_prepare_ds() fails\n\nWe've been seeing the following panic in production\n\nBUG: kernel NULL pointer dereference, address: 0000000000000065\nPGD 2f485f067 P4D 2f485f067 PUD 2cc5d8067 PMD 0\nRIP: 0010:ff_layout_cancel_io+0x3a/0x90 [nfs_layout_flexfiles]\nCall Trace:\n <TASK>\n ? __die+0x78/0xc0\n ? page_fault_oops+0x286/0x380\n ? __rpc_execute+0x2c3/0x470 [sunrpc]\n ? rpc_new_task+0x42/0x1c0 [sunrpc]\n ? exc_page_fault+0x5d/0x110\n ? asm_exc_page_fault+0x22/0x30\n ? ff_layout_free_layoutreturn+0x110/0x110 [nfs_layout_flexfiles]\n ? ff_layout_cancel_io+0x3a/0x90 [nfs_layout_flexfiles]\n ? ff_layout_cancel_io+0x6f/0x90 [nfs_layout_flexfiles]\n pnfs_mark_matching_lsegs_return+0x1b0/0x360 [nfsv4]\n pnfs_error_mark_layout_for_return+0x9e/0x110 [nfsv4]\n ? ff_layout_send_layouterror+0x50/0x160 [nfs_layout_flexfiles]\n nfs4_ff_layout_prepare_ds+0x11f/0x290 [nfs_layout_flexfiles]\n ff_layout_pg_init_write+0xf0/0x1f0 [nfs_layout_flexfiles]\n __nfs_pageio_add_request+0x154/0x6c0 [nfs]\n nfs_pageio_add_request+0x26b/0x380 [nfs]\n nfs_do_writepage+0x111/0x1e0 [nfs]\n nfs_writepages_callback+0xf/0x30 [nfs]\n write_cache_pages+0x17f/0x380\n ? nfs_pageio_init_write+0x50/0x50 [nfs]\n ? nfs_writepages+0x6d/0x210 [nfs]\n ? nfs_writepages+0x6d/0x210 [nfs]\n nfs_writepages+0x125/0x210 [nfs]\n do_writepages+0x67/0x220\n ? generic_perform_write+0x14b/0x210\n filemap_fdatawrite_wbc+0x5b/0x80\n file_write_and_wait_range+0x6d/0xc0\n nfs_file_fsync+0x81/0x170 [nfs]\n ? nfs_file_mmap+0x60/0x60 [nfs]\n __x64_sys_fsync+0x53/0x90\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n\nInspecting the core with drgn I was able to pull this\n\n >>> prog.crashed_thread().stack_trace()[0]\n #0 at 0xffffffffa079657a (ff_layout_cancel_io+0x3a/0x84) in ff_layout_cancel_io at fs/nfs/flexfilelayout/flexfilelayout.c:2021:27\n >>> prog.crashed_thread().stack_trace()[0]['idx']\n (u32)1\n >>> prog.crashed_thread().stack_trace()[0]['flseg'].mirror_array[1].mirror_ds\n (struct nfs4_ff_layout_ds *)0xffffffffffffffed\n\nThis is clear from the stack trace, we call nfs4_ff_layout_prepare_ds()\nwhich could error out initializing the mirror_ds, and then we go to\nclean it all up and our check is only for if (!mirror->mirror_ds). This\nis inconsistent with the rest of the users of mirror_ds, which have\n\n if (IS_ERR_OR_NULL(mirror_ds))\n\nto keep from tripping over this exact scenario. Fix this up in\nff_layout_cancel_io() to make sure we don't panic when we get an error.\nI also spot checked all the other instances of checking mirror_ds and we\nappear to be doing the correct checks everywhere, only unconditionally\ndereferencing mirror_ds when we know it would be valid.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26868 was patched at 2024-05-15

ubuntu: CVE-2024-26868 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9154. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26869) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to truncate meta inode pages forcely\n\nBelow race case can cause data corruption:\n\nThread A\t\t\t\tGC thread\n\t\t\t\t\t- gc_data_segment\n\t\t\t\t\t - ra_data_block\n\t\t\t\t\t - locked meta_inode page\n- f2fs_inplace_write_data\n - invalidate_mapping_pages\n : fail to invalidate meta_inode page\n due to lock failure or dirty|writeback\n status\n - f2fs_submit_page_bio\n : write last dirty data to old blkaddr\n\t\t\t\t\t - move_data_block\n\t\t\t\t\t - load old data from meta_inode page\n\t\t\t\t\t - f2fs_submit_page_write\n\t\t\t\t\t : write old data to new blkaddr\n\nBecause invalidate_mapping_pages() will skip invalidating page which\nhas unclear status including locked, dirty, writeback and so on, so\nwe need to use truncate_inode_pages_range() instead of\ninvalidate_mapping_pages() to make sure meta_inode page will be dropped.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26869 was patched at 2024-05-15

ubuntu: CVE-2024-26869 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9155. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26870) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102\n\nA call to listxattr() with a buffer size = 0 returns the actual\nsize of the buffer needed for a subsequent call. When size > 0,\nnfs4_listxattr() does not return an error because either\ngeneric_listxattr() or nfs4_listxattr_nfs4_label() consumes\nexactly all the bytes then size is 0 when calling\nnfs4_listxattr_nfs4_user() which then triggers the following\nkernel BUG:\n\n [ 99.403778] kernel BUG at mm/usercopy.c:102!\n [ 99.404063] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP\n [ 99.408463] CPU: 0 PID: 3310 Comm: python3 Not tainted 6.6.0-61.fc40.aarch64 #1\n [ 99.415827] Call trace:\n [ 99.415985] usercopy_abort+0x70/0xa0\n [ 99.416227] __check_heap_object+0x134/0x158\n [ 99.416505] check_heap_object+0x150/0x188\n [ 99.416696] __check_object_size.part.0+0x78/0x168\n [ 99.416886] __check_object_size+0x28/0x40\n [ 99.417078] listxattr+0x8c/0x120\n [ 99.417252] path_listxattr+0x78/0xe0\n [ 99.417476] __arm64_sys_listxattr+0x28/0x40\n [ 99.417723] invoke_syscall+0x78/0x100\n [ 99.417929] el0_svc_common.constprop.0+0x48/0xf0\n [ 99.418186] do_el0_svc+0x24/0x38\n [ 99.418376] el0_svc+0x3c/0x110\n [ 99.418554] el0t_64_sync_handler+0x120/0x130\n [ 99.418788] el0t_64_sync+0x194/0x198\n [ 99.418994] Code: aa0003e3 d000a3e0 91310000 97f49bdb (d4210000)\n\nIssue is reproduced when generic_listxattr() returns 'system.nfs4_acl',\nthus calling lisxattr() with size = 16 will trigger the bug.\n\nAdd check on nfs4_listxattr() to return ERANGE error when it is\ncalled with size > 0 and the return value is greater than size.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26870 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26870 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9156. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26876) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/bridge: adv7511: fix crash on irq during probe\n\nMoved IRQ registration down to end of adv7511_probe().\n\nIf an IRQ already is pending during adv7511_probe\n(before adv7511_cec_init) then cec_received_msg_ts\ncould crash using uninitialized data:\n\n Unable to handle kernel read from unreadable memory at virtual address 00000000000003d5\n Internal error: Oops: 96000004 [#1] PREEMPT_RT SMP\n Call trace:\n cec_received_msg_ts+0x48/0x990 [cec]\n adv7511_cec_irq_process+0x1cc/0x308 [adv7511]\n adv7511_irq_process+0xd8/0x120 [adv7511]\n adv7511_irq_handler+0x1c/0x30 [adv7511]\n irq_thread_fn+0x30/0xa0\n irq_thread+0x14c/0x238\n kthread+0x190/0x1a8', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26876 was patched at 2024-05-15

ubuntu: CVE-2024-26876 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9157. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26877) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: xilinx - call finalize with bh disabled\n\nWhen calling crypto_finalize_request, BH should be disabled to avoid\ntriggering the following calltrace:\n\n ------------[ cut here ]------------\n WARNING: CPU: 2 PID: 74 at crypto/crypto_engine.c:58 crypto_finalize_request+0xa0/0x118\n Modules linked in: cryptodev(O)\n CPU: 2 PID: 74 Comm: firmware:zynqmp Tainted: G O 6.8.0-rc1-yocto-standard #323\n Hardware name: ZynqMP ZCU102 Rev1.0 (DT)\n pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : crypto_finalize_request+0xa0/0x118\n lr : crypto_finalize_request+0x104/0x118\n sp : ffffffc085353ce0\n x29: ffffffc085353ce0 x28: 0000000000000000 x27: ffffff8808ea8688\n x26: ffffffc081715038 x25: 0000000000000000 x24: ffffff880100db00\n x23: ffffff880100da80 x22: 0000000000000000 x21: 0000000000000000\n x20: ffffff8805b14000 x19: ffffff880100da80 x18: 0000000000010450\n x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000\n x14: 0000000000000003 x13: 0000000000000000 x12: ffffff880100dad0\n x11: 0000000000000000 x10: ffffffc0832dcd08 x9 : ffffffc0812416d8\n x8 : 00000000000001f4 x7 : ffffffc0830d2830 x6 : 0000000000000001\n x5 : ffffffc082091000 x4 : ffffffc082091658 x3 : 0000000000000000\n x2 : ffffffc7f9653000 x1 : 0000000000000000 x0 : ffffff8802d20000\n Call trace:\n crypto_finalize_request+0xa0/0x118\n crypto_finalize_aead_request+0x18/0x30\n zynqmp_handle_aes_req+0xcc/0x388\n crypto_pump_work+0x168/0x2d8\n kthread_worker_fn+0xfc/0x3a0\n kthread+0x118/0x138\n ret_from_fork+0x10/0x20\n irq event stamp: 40\n hardirqs last enabled at (39): [<ffffffc0812416f8>] _raw_spin_unlock_irqrestore+0x70/0xb0\n hardirqs last disabled at (40): [<ffffffc08122d208>] el1_dbg+0x28/0x90\n softirqs last enabled at (36): [<ffffffc080017dec>] kernel_neon_begin+0x8c/0xf0\n softirqs last disabled at (34): [<ffffffc080017dc0>] kernel_neon_begin+0x60/0xf0\n ---[ end trace 0000000000000000 ]---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26877 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26877 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9158. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26878) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nquota: Fix potential NULL pointer dereference\n\nBelow race may cause NULL pointer dereference\n\nP1\t\t\t\t\tP2\ndquot_free_inode\t\t\tquota_off\n\t\t\t\t\t drop_dquot_ref\n\t\t\t\t\t remove_dquot_ref\n\t\t\t\t\t dquots = i_dquot(inode)\n dquots = i_dquot(inode)\n srcu_read_lock\n dquots[cnt]) != NULL (1)\n\t\t\t\t\t dquots[type] = NULL (2)\n spin_lock(&dquots[cnt]->dq_dqb_lock) (3)\n ....\n\nIf dquot_free_inode(or other routines) checks inode's quota pointers (1)\nbefore quota_off sets it to NULL(2) and use it (3) after that, NULL pointer\ndereference will be triggered.\n\nSo let's fix it by using a temporary pointer to avoid this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26878 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26878 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9159. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26879) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nclk: meson: Add missing clocks to axg_clk_regmaps\n\nSome clocks were missing from axg_clk_regmaps, which caused kernel panic\nduring cat /sys/kernel/debug/clk/clk_summary\n\n[ 57.349402] Unable to handle kernel NULL pointer dereference at virtual address 00000000000001fc\n...\n[ 57.430002] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 57.436900] pc : regmap_read+0x1c/0x88\n[ 57.440608] lr : clk_regmap_gate_is_enabled+0x3c/0xb0\n[ 57.445611] sp : ffff800082f1b690\n[ 57.448888] x29: ffff800082f1b690 x28: 0000000000000000 x27: ffff800080eb9a70\n[ 57.455961] x26: 0000000000000007 x25: 0000000000000016 x24: 0000000000000000\n[ 57.463033] x23: ffff800080e8b488 x22: 0000000000000015 x21: ffff00000e7e7000\n[ 57.470106] x20: ffff00000400ec00 x19: 0000000000000000 x18: ffffffffffffffff\n[ 57.477178] x17: 0000000000000000 x16: 0000000000000000 x15: ffff0000042a3000\n[ 57.484251] x14: 0000000000000000 x13: ffff0000042a2fec x12: 0000000005f5e100\n[ 57.491323] x11: abcc77118461cefd x10: 0000000000000020 x9 : ffff8000805e4b24\n[ 57.498396] x8 : ffff0000028063c0 x7 : ffff800082f1b710 x6 : ffff800082f1b710\n[ 57.505468] x5 : 00000000ffffffd0 x4 : ffff800082f1b6e0 x3 : 0000000000001000\n[ 57.512541] x2 : ffff800082f1b6e4 x1 : 000000000000012c x0 : 0000000000000000\n[ 57.519615] Call trace:\n[ 57.522030] regmap_read+0x1c/0x88\n[ 57.525393] clk_regmap_gate_is_enabled+0x3c/0xb0\n[ 57.530050] clk_core_is_enabled+0x44/0x120\n[ 57.534190] clk_summary_show_subtree+0x154/0x2f0\n[ 57.538847] clk_summary_show_subtree+0x220/0x2f0\n[ 57.543505] clk_summary_show_subtree+0x220/0x2f0\n[ 57.548162] clk_summary_show_subtree+0x220/0x2f0\n[ 57.552820] clk_summary_show_subtree+0x220/0x2f0\n[ 57.557477] clk_summary_show_subtree+0x220/0x2f0\n[ 57.562135] clk_summary_show_subtree+0x220/0x2f0\n[ 57.566792] clk_summary_show_subtree+0x220/0x2f0\n[ 57.571450] clk_summary_show+0x84/0xb8\n[ 57.575245] seq_read_iter+0x1bc/0x4b8\n[ 57.578954] seq_read+0x8c/0xd0\n[ 57.582059] full_proxy_read+0x68/0xc8\n[ 57.585767] vfs_read+0xb0/0x268\n[ 57.588959] ksys_read+0x70/0x108\n[ 57.592236] __arm64_sys_read+0x24/0x38\n[ 57.596031] invoke_syscall+0x50/0x128\n[ 57.599740] el0_svc_common.constprop.0+0x48/0xf8\n[ 57.604397] do_el0_svc+0x28/0x40\n[ 57.607675] el0_svc+0x34/0xb8\n[ 57.610694] el0t_64_sync_handler+0x13c/0x158\n[ 57.615006] el0t_64_sync+0x190/0x198\n[ 57.618635] Code: a9bd7bfd 910003fd a90153f3 aa0003f3 (b941fc00)\n[ 57.624668] ---[ end trace 0000000000000000 ]---\n\n[jbrunet: add missing Fixes tag]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26879 was patched at 2024-05-15

ubuntu: CVE-2024-26879 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9160. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26880) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndm: call the resume method on internal suspend\n\nThere is this reported crash when experimenting with the lvm2 testsuite.\nThe list corruption is caused by the fact that the postsuspend and resume\nmethods were not paired correctly; there were two consecutive calls to the\norigin_postsuspend function. The second call attempts to remove the\n"hash_list" entry from a list, while it was already removed by the first\ncall.\n\nFix __dm_internal_resume so that it calls the preresume and resume\nmethods of the table's targets.\n\nIf a preresume method of some target fails, we are in a tricky situation.\nWe can't return an error because dm_internal_resume isn't supposed to\nreturn errors. We can't return success, because then the "resume" and\n"postsuspend" methods would not be paired correctly. So, we set the\nDMF_SUSPENDED flag and we fake normal suspend - it may confuse userspace\ntools, but it won't cause a kernel crash.\n\n------------[ cut here ]------------\nkernel BUG at lib/list_debug.c:56!\ninvalid opcode: 0000 [#1] PREEMPT SMP\nCPU: 1 PID: 8343 Comm: dmsetup Not tainted 6.8.0-rc6 #4\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-2 04/01/2014\nRIP: 0010:__list_del_entry_valid_or_report+0x77/0xc0\n<snip>\nRSP: 0018:ffff8881b831bcc0 EFLAGS: 00010282\nRAX: 000000000000004e RBX: ffff888143b6eb80 RCX: 0000000000000000\nRDX: 0000000000000001 RSI: ffffffff819053d0 RDI: 00000000ffffffff\nRBP: ffff8881b83a3400 R08: 00000000fffeffff R09: 0000000000000058\nR10: 0000000000000000 R11: ffffffff81a24080 R12: 0000000000000001\nR13: ffff88814538e000 R14: ffff888143bc6dc0 R15: ffffffffa02e4bb0\nFS: 00000000f7c0f780(0000) GS:ffff8893f0a40000(0000) knlGS:0000000000000000\nCS: 0010 DS: 002b ES: 002b CR0: 0000000080050033\nCR2: 0000000057fb5000 CR3: 0000000143474000 CR4: 00000000000006b0\nCall Trace:\n <TASK>\n ? die+0x2d/0x80\n ? do_trap+0xeb/0xf0\n ? __list_del_entry_valid_or_report+0x77/0xc0\n ? do_error_trap+0x60/0x80\n ? __list_del_entry_valid_or_report+0x77/0xc0\n ? exc_invalid_op+0x49/0x60\n ? __list_del_entry_valid_or_report+0x77/0xc0\n ? asm_exc_invalid_op+0x16/0x20\n ? table_deps+0x1b0/0x1b0 [dm_mod]\n ? __list_del_entry_valid_or_report+0x77/0xc0\n origin_postsuspend+0x1a/0x50 [dm_snapshot]\n dm_table_postsuspend_targets+0x34/0x50 [dm_mod]\n dm_suspend+0xd8/0xf0 [dm_mod]\n dev_suspend+0x1f2/0x2f0 [dm_mod]\n ? table_deps+0x1b0/0x1b0 [dm_mod]\n ctl_ioctl+0x300/0x5f0 [dm_mod]\n dm_compat_ctl_ioctl+0x7/0x10 [dm_mod]\n __x64_compat_sys_ioctl+0x104/0x170\n do_syscall_64+0x184/0x1b0\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0xf7e6aead\n<snip>\n---[ end trace 0000000000000000 ]---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26880 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26880 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9161. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26886) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: af_bluetooth: Fix deadlock\n\nAttemting to do sock_lock on .recvmsg may cause a deadlock as shown\nbellow, so instead of using sock_sock this uses sk_receive_queue.lock\non bt_sock_ioctl to avoid the UAF:\n\nINFO: task kworker/u9:1:121 blocked for more than 30 seconds.\n Not tainted 6.7.6-lemon #183\nWorkqueue: hci0 hci_rx_work\nCall Trace:\n <TASK>\n __schedule+0x37d/0xa00\n schedule+0x32/0xe0\n __lock_sock+0x68/0xa0\n ? __pfx_autoremove_wake_function+0x10/0x10\n lock_sock_nested+0x43/0x50\n l2cap_sock_recv_cb+0x21/0xa0\n l2cap_recv_frame+0x55b/0x30a0\n ? psi_task_switch+0xeb/0x270\n ? finish_task_switch.isra.0+0x93/0x2a0\n hci_rx_work+0x33a/0x3f0\n process_one_work+0x13a/0x2f0\n worker_thread+0x2f0/0x410\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe0/0x110\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x2c/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n </TASK>', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26886 was patched at 2024-05-15

ubuntu: CVE-2024-26886 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9162. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26891) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Don't issue ATS Invalidation request when device is disconnected\n\nFor those endpoint devices connect to system via hotplug capable ports,\nusers could request a hot reset to the device by flapping device's link\nthrough setting the slot's link control register, as pciehp_ist() DLLSC\ninterrupt sequence response, pciehp will unload the device driver and\nthen power it off. thus cause an IOMMU device-TLB invalidation (Intel\nVT-d spec, or ATS Invalidation in PCIe spec r6.1) request for non-existence\ntarget device to be sent and deadly loop to retry that request after ITE\nfault triggered in interrupt context.\n\nThat would cause following continuous hard lockup warning and system hang\n\n[ 4211.433662] pcieport 0000:17:01.0: pciehp: Slot(108): Link Down\n[ 4211.433664] pcieport 0000:17:01.0: pciehp: Slot(108): Card not present\n[ 4223.822591] NMI watchdog: Watchdog detected hard LOCKUP on cpu 144\n[ 4223.822622] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S\n OE kernel version xxxx\n[ 4223.822623] Hardware name: vendorname xxxx 666-106,\nBIOS 01.01.02.03.01 05/15/2023\n[ 4223.822623] RIP: 0010:qi_submit_sync+0x2c0/0x490\n[ 4223.822624] Code: 48 be 00 00 00 00 00 08 00 00 49 85 74 24 20 0f 95 c1 48 8b\n 57 10 83 c1 04 83 3c 1a 03 0f 84 a2 01 00 00 49 8b 04 24 8b 70 34 <40> f6 c6 1\n0 74 17 49 8b 04 24 8b 80 80 00 00 00 89 c2 d3 fa 41 39\n[ 4223.822624] RSP: 0018:ffffc4f074f0bbb8 EFLAGS: 00000093\n[ 4223.822625] RAX: ffffc4f040059000 RBX: 0000000000000014 RCX: 0000000000000005\n[ 4223.822625] RDX: ffff9f3841315800 RSI: 0000000000000000 RDI: ffff9f38401a8340\n[ 4223.822625] RBP: ffff9f38401a8340 R08: ffffc4f074f0bc00 R09: 0000000000000000\n[ 4223.822626] R10: 0000000000000010 R11: 0000000000000018 R12: ffff9f384005e200\n[ 4223.822626] R13: 0000000000000004 R14: 0000000000000046 R15: 0000000000000004\n[ 4223.822626] FS: 0000000000000000(0000) GS:ffffa237ae400000(0000)\nknlGS:0000000000000000\n[ 4223.822627] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4223.822627] CR2: 00007ffe86515d80 CR3: 000002fd3000a001 CR4: 0000000000770ee0\n[ 4223.822627] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4223.822628] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 4223.822628] PKRU: 55555554\n[ 4223.822628] Call Trace:\n[ 4223.822628] qi_flush_dev_iotlb+0xb1/0xd0\n[ 4223.822628] __dmar_remove_one_dev_info+0x224/0x250\n[ 4223.822629] dmar_remove_one_dev_info+0x3e/0x50\n[ 4223.822629] intel_iommu_release_device+0x1f/0x30\n[ 4223.822629] iommu_release_device+0x33/0x60\n[ 4223.822629] iommu_bus_notifier+0x7f/0x90\n[ 4223.822630] blocking_notifier_call_chain+0x60/0x90\n[ 4223.822630] device_del+0x2e5/0x420\n[ 4223.822630] pci_remove_bus_device+0x70/0x110\n[ 4223.822630] pciehp_unconfigure_device+0x7c/0x130\n[ 4223.822631] pciehp_disable_slot+0x6b/0x100\n[ 4223.822631] pciehp_handle_presence_or_link_change+0xd8/0x320\n[ 4223.822631] pciehp_ist+0x176/0x180\n[ 4223.822631] ? irq_finalize_oneshot.part.50+0x110/0x110\n[ 4223.822632] irq_thread_fn+0x19/0x50\n[ 4223.822632] irq_thread+0x104/0x190\n[ 4223.822632] ? irq_forced_thread_fn+0x90/0x90\n[ 4223.822632] ? irq_thread_check_affinity+0xe0/0xe0\n[ 4223.822633] kthread+0x114/0x130\n[ 4223.822633] ? __kthread_cancel_work+0x40/0x40\n[ 4223.822633] ret_from_fork+0x1f/0x30\n[ 4223.822633] Kernel panic - not syncing: Hard LOCKUP\n[ 4223.822634] CPU: 144 PID: 1422 Comm: irq/57-pciehp Kdump: loaded Tainted: G S\n OE kernel version xxxx\n[ 4223.822634] Hardware name: vendorname xxxx 666-106,\nBIOS 01.01.02.03.01 05/15/2023\n[ 4223.822634] Call Trace:\n[ 4223.822634] <NMI>\n[ 4223.822635] dump_stack+0x6d/0x88\n[ 4223.822635] panic+0x101/0x2d0\n[ 4223.822635] ? ret_from_fork+0x11/0x30\n[ 4223.822635] nmi_panic.cold.14+0xc/0xc\n[ 4223.822636] watchdog_overflow_callback.cold.8+0x6d/0x81\n[ 4223.822636] __perf_event_overflow+0x4f/0xf0\n[ 4223.822636] handle_pmi_common\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26891 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26891 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9163. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26897) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete\n\nThe ath9k_wmi_event_tasklet() used in ath9k_htc assumes that all the data\nstructures have been fully initialised by the time it runs. However, because of\nthe order in which things are initialised, this is not guaranteed to be the\ncase, because the device is exposed to the USB subsystem before the ath9k driver\ninitialisation is completed.\n\nWe already committed a partial fix for this in commit:\n8b3046abc99e ("ath9k_htc: fix NULL pointer dereference at ath9k_htc_tx_get_packet()")\n\nHowever, that commit only aborted the WMI_TXSTATUS_EVENTID command in the event\ntasklet, pairing it with an "initialisation complete" bit in the TX struct. It\nseems syzbot managed to trigger the race for one of the other commands as well,\nso let's just move the existing synchronisation bit to cover the whole\ntasklet (setting it at the end of ath9k_htc_probe_device() instead of inside\nath9k_tx_init()).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26897 was patched at 2024-06-05

debian: CVE-2024-26897 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-26897 was patched at 2024-06-05

redhat: CVE-2024-26897 was patched at 2024-06-05

ubuntu: CVE-2024-26897 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9164. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26901) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndo_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak\n\nsyzbot identified a kernel information leak vulnerability in\ndo_sys_name_to_handle() and issued the following report [1].\n\n[1]\n"BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:40\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n _copy_to_user+0xbc/0x100 lib/usercopy.c:40\n copy_to_user include/linux/uaccess.h:191 [inline]\n do_sys_name_to_handle fs/fhandle.c:73 [inline]\n __do_sys_name_to_handle_at fs/fhandle.c:112 [inline]\n __se_sys_name_to_handle_at+0x949/0xb10 fs/fhandle.c:94\n __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94\n ...\n\nUninit was created at:\n slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768\n slab_alloc_node mm/slub.c:3478 [inline]\n __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517\n __do_kmalloc_node mm/slab_common.c:1006 [inline]\n __kmalloc+0x121/0x3c0 mm/slab_common.c:1020\n kmalloc include/linux/slab.h:604 [inline]\n do_sys_name_to_handle fs/fhandle.c:39 [inline]\n __do_sys_name_to_handle_at fs/fhandle.c:112 [inline]\n __se_sys_name_to_handle_at+0x441/0xb10 fs/fhandle.c:94\n __x64_sys_name_to_handle_at+0xe4/0x140 fs/fhandle.c:94\n ...\n\nBytes 18-19 of 20 are uninitialized\nMemory access of size 20 starts at ffff888128a46380\nData copied to user address 0000000020000240"\n\nPer Chuck Lever's suggestion, use kzalloc() instead of kmalloc() to\nsolve the problem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26901 was patched at 2024-06-05

debian: CVE-2024-26901 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-26901 was patched at 2024-06-05

redhat: CVE-2024-26901 was patched at 2024-06-05

ubuntu: CVE-2024-26901 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9165. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26905) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix data races when accessing the reserved amount of block reserves\n\nAt space_info.c we have several places where we access the ->reserved\nfield of a block reserve without taking the block reserve's spinlock\nfirst, which makes KCSAN warn about a data race since that field is\nalways updated while holding the spinlock.\n\nThe reports from KCSAN are like the following:\n\n [117.193526] BUG: KCSAN: data-race in btrfs_block_rsv_release [btrfs] / need_preemptive_reclaim [btrfs]\n\n [117.195148] read to 0x000000017f587190 of 8 bytes by task 6303 on cpu 3:\n [117.195172] need_preemptive_reclaim+0x222/0x2f0 [btrfs]\n [117.195992] __reserve_bytes+0xbb0/0xdc8 [btrfs]\n [117.196807] btrfs_reserve_metadata_bytes+0x4c/0x120 [btrfs]\n [117.197620] btrfs_block_rsv_add+0x78/0xa8 [btrfs]\n [117.198434] btrfs_delayed_update_inode+0x154/0x368 [btrfs]\n [117.199300] btrfs_update_inode+0x108/0x1c8 [btrfs]\n [117.200122] btrfs_dirty_inode+0xb4/0x140 [btrfs]\n [117.200937] btrfs_update_time+0x8c/0xb0 [btrfs]\n [117.201754] touch_atime+0x16c/0x1e0\n [117.201789] filemap_read+0x674/0x728\n [117.201823] btrfs_file_read_iter+0xf8/0x410 [btrfs]\n [117.202653] vfs_read+0x2b6/0x498\n [117.203454] ksys_read+0xa2/0x150\n [117.203473] __s390x_sys_read+0x68/0x88\n [117.203495] do_syscall+0x1c6/0x210\n [117.203517] __do_syscall+0xc8/0xf0\n [117.203539] system_call+0x70/0x98\n\n [117.203579] write to 0x000000017f587190 of 8 bytes by task 11 on cpu 0:\n [117.203604] btrfs_block_rsv_release+0x2e8/0x578 [btrfs]\n [117.204432] btrfs_delayed_inode_release_metadata+0x7c/0x1d0 [btrfs]\n [117.205259] __btrfs_update_delayed_inode+0x37c/0x5e0 [btrfs]\n [117.206093] btrfs_async_run_delayed_root+0x356/0x498 [btrfs]\n [117.206917] btrfs_work_helper+0x160/0x7a0 [btrfs]\n [117.207738] process_one_work+0x3b6/0x838\n [117.207768] worker_thread+0x75e/0xb10\n [117.207797] kthread+0x21a/0x230\n [117.207830] __ret_from_fork+0x6c/0xb8\n [117.207861] ret_from_fork+0xa/0x30\n\nSo add a helper to get the reserved amount of a block reserve while\nholding the lock. The value may be not be up to date anymore when used by\nneed_preemptive_reclaim() and btrfs_preempt_reclaim_metadata_space(), but\nthat's ok since the worst it can do is cause more reclaim work do be done\nsooner rather than later. Reading the field while holding the lock instead\nof using the data_race() annotation is used in order to prevent load\ntearing.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26905 was patched at 2024-05-15

9166. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26906) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()\n\nWhen trying to use copy_from_kernel_nofault() to read vsyscall page\nthrough a bpf program, the following oops was reported:\n\n BUG: unable to handle page fault for address: ffffffffff600000\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 3231067 P4D 3231067 PUD 3233067 PMD 3235067 PTE 0\n Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 PID: 20390 Comm: test_progs ...... 6.7.0+ #58\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ......\n RIP: 0010:copy_from_kernel_nofault+0x6f/0x110\n ......\n Call Trace:\n <TASK>\n ? copy_from_kernel_nofault+0x6f/0x110\n bpf_probe_read_kernel+0x1d/0x50\n bpf_prog_2061065e56845f08_do_probe_read+0x51/0x8d\n trace_call_bpf+0xc5/0x1c0\n perf_call_bpf_enter.isra.0+0x69/0xb0\n perf_syscall_enter+0x13e/0x200\n syscall_trace_enter+0x188/0x1c0\n do_syscall_64+0xb5/0xe0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n </TASK>\n ......\n ---[ end trace 0000000000000000 ]---\n\nThe oops is triggered when:\n\n1) A bpf program uses bpf_probe_read_kernel() to read from the vsyscall\npage and invokes copy_from_kernel_nofault() which in turn calls\n__get_user_asm().\n\n2) Because the vsyscall page address is not readable from kernel space,\na page fault exception is triggered accordingly.\n\n3) handle_page_fault() considers the vsyscall page address as a user\nspace address instead of a kernel space address. This results in the\nfix-up setup by bpf not being applied and a page_fault_oops() is invoked\ndue to SMAP.\n\nConsidering handle_page_fault() has already considered the vsyscall page\naddress as a userspace address, fix the problem by disallowing vsyscall\npage read for copy_from_kernel_nofault().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26906 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26906 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9167. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26914) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix incorrect mpc_combine array size\n\n[why]\nMAX_SURFACES is per stream, while MAX_PLANES is per asic. The\nmpc_combine is an array that records all the planes per asic. Therefore\nMAX_PLANES should be used as the array size. Using MAX_SURFACES causes\narray overflow when there are more than 3 planes.\n\n[how]\nUse the MAX_PLANES for the mpc_combine array size.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26914 was patched at 2024-05-15

9168. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26917) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"\n\nThis reverts commit 1a1975551943f681772720f639ff42fbaa746212.\n\nThis commit causes interrupts to be lost for FCoE devices, since it changed\nsping locks from "bh" to "irqsave".\n\nInstead, a work queue should be used, and will be addressed in a separate\ncommit.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26917 was patched at 2024-05-06, 2024-05-15

9169. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26919) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: ulpi: Fix debugfs directory leak\n\nThe ULPI per-device debugfs root is named after the ulpi device's\nparent, but ulpi_unregister_interface tries to remove a debugfs\ndirectory named after the ulpi device itself. This results in the\ndirectory sticking around and preventing subsequent (deferred) probes\nfrom succeeding. Change the directory name to match the ulpi device.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26919 was patched at 2024-06-05

debian: CVE-2024-26919 was patched at 2024-05-15

oraclelinux: CVE-2024-26919 was patched at 2024-06-05

redhat: CVE-2024-26919 was patched at 2024-06-05

9170. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26920) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/trigger: Fix to return error if failed to alloc snapshot\n\nFix register_snapshot_trigger() to return error code if it failed to\nallocate a snapshot instead of 0 (success). Unless that, it will register\nsnapshot trigger without an error.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26920 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26920 was patched at 2024-05-07, 2024-05-14, 2024-05-15, 2024-05-20, 2024-05-28, 2024-06-11

9171. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26922) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: validate the parameters of bo mapping operations more clearly\n\nVerify the parameters of\namdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26922 was patched at 2024-05-06, 2024-05-15

9172. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26925) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: release mutex after nft_gc_seq_end from abort path\n\nThe commit mutex should not be released during the critical section\nbetween nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC\nworker could collect expired objects and get the released commit lock\nwithin the same GC sequence.\n\nnf_tables_module_autoload() temporarily releases the mutex to load\nmodule dependencies, then it goes back to replay the transaction again.\nMove it at the end of the abort phase after nft_gc_seq_end() is called.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26925 was patched at 2024-05-06, 2024-05-15

9173. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26926) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: check offset alignment in binder_get_object()\n\nCommit 6d98eb95b450 ("binder: avoid potential data leakage when copying\ntxn") introduced changes to how binder objects are copied. In doing so,\nit unintentionally removed an offset alignment check done through calls\nto binder_alloc_copy_from_buffer() -> check_buffer().\n\nThese calls were replaced in binder_get_object() with copy_from_user(),\nso now an explicit offset alignment check is needed here. This avoids\nlater complications when unwinding the objects gets harder.\n\nIt is worth noting this check existed prior to commit 7a67a39320df\n("binder: add function to copy binder object from buffer"), likely\nremoved due to redundancy at the time.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26926 was patched at 2024-05-06, 2024-05-15

9174. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26931) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix command flush on cable pull\n\nSystem crash due to command failed to flush back to SCSI layer.\n\n BUG: unable to handle kernel NULL pointer dereference at 0000000000000000\n PGD 0 P4D 0\n Oops: 0000 [#1] SMP NOPTI\n CPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: loaded Tainted: G OE --------- - - 4.18.0-372.9.1.el8.x86_64 #1\n Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021\n Workqueue: nvme-wq nvme_fc_connect_ctrl_work [nvme_fc]\n RIP: 0010:__wake_up_common+0x4c/0x190\n Code: 24 10 4d 85 c9 74 0a 41 f6 01 04 0f 85 9d 00 00 00 48 8b 43 08 48 83 c3 08 4c 8d 48 e8 49 8d 41 18 48 39 c3 0f 84 f0 00 00 00 <49> 8b 41 18 89 54 24 08 31 ed 4c 8d 70 e8 45 8b 29 41 f6 c5 04 75\n RSP: 0018:ffff95f3e0cb7cd0 EFLAGS: 00010086\n RAX: 0000000000000000 RBX: ffff8b08d3b26328 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff8b08d3b26320\n RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffffffffffe8\n R10: 0000000000000000 R11: ffff95f3e0cb7a60 R12: ffff95f3e0cb7d20\n R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000000\n FS: 0000000000000000(0000) GS:ffff8b2fdf6c0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000002f1e410002 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n __wake_up_common_lock+0x7c/0xc0\n qla_nvme_ls_req+0x355/0x4c0 [qla2xxx]\n qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae1407ca000 from port 21:32:00:02:ac:07:ee:b8 loop_id 0x02 s_id 01:02:00 logout 1 keep 0 els_logo 0\n ? __nvme_fc_send_ls_req+0x260/0x380 [nvme_fc]\n qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:00:02:ac:07:ee:b8 state transitioned from ONLINE to LOST - portid=010200.\n ? nvme_fc_send_ls_req.constprop.42+0x1a/0x45 [nvme_fc]\n qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320002ac07eeb8. rport ffff8ae598122000 roles 1\n ? nvme_fc_connect_ctrl_work.cold.63+0x1e3/0xa7d [nvme_fc]\n qla2xxx [0000:12:00.1]-f084:3: qlt_free_session_done: se_sess 0000000000000000 / sess ffff8ae14801e000 from port 21:32:01:02:ad:f7:ee:b8 loop_id 0x04 s_id 01:02:01 logout 1 keep 0 els_logo 0\n ? __switch_to+0x10c/0x450\n ? process_one_work+0x1a7/0x360\n qla2xxx [0000:12:00.1]-207d:3: FCPort 21:32:01:02:ad:f7:ee:b8 state transitioned from ONLINE to LOST - portid=010201.\n ? worker_thread+0x1ce/0x390\n ? create_worker+0x1a0/0x1a0\n qla2xxx [0000:12:00.1]-2109:3: qla2x00_schedule_rport_del 21320102adf7eeb8. rport ffff8ae3b2312800 roles 70\n ? kthread+0x10a/0x120\n qla2xxx [0000:12:00.1]-2112:3: qla_nvme_unregister_remote_port: unregister remoteport on ffff8ae14801e000 21320102adf7eeb8\n ? set_kthread_struct+0x40/0x40\n qla2xxx [0000:12:00.1]-2110:3: remoteport_delete of ffff8ae14801e000 21320102adf7eeb8 completed.\n ? ret_from_fork+0x1f/0x40\n qla2xxx [0000:12:00.1]-f086:3: qlt_free_session_done: waiting for sess ffff8ae14801e000 logout\n\nThe system was under memory stress where driver was not able to allocate an\nSRB to carry out error recovery of cable pull. The failure to flush causes\nupper layer to start modifying scsi_cmnd. When the system frees up some\nmemory, the subsequent cable pull trigger another command flush. At this\npoint the driver access a null pointer when attempting to DMA unmap the\nSGL.\n\nAdd a check to make sure commands are flush back on session tear down to\nprevent the null pointer access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26931 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26931 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9175. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26934) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix deadlock in usb_deauthorize_interface()\n\nAmong the attribute file callback routines in\ndrivers/usb/core/sysfs.c, the interface_authorized_store() function is\nthe only one which acquires a device lock on an ancestor device: It\ncalls usb_deauthorize_interface(), which locks the interface's parent\nUSB device.\n\nThe will lead to deadlock if another process already owns that lock\nand tries to remove the interface, whether through a configuration\nchange or because the device has been disconnected. As part of the\nremoval procedure, device_del() waits for all ongoing sysfs attribute\ncallbacks to complete. But usb_deauthorize_interface() can't complete\nuntil the device lock has been released, and the lock won't be\nreleased until the removal has finished.\n\nThe mechanism provided by sysfs to prevent this kind of deadlock is\nto use the sysfs_break_active_protection() function, which tells sysfs\nnot to wait for the attribute callback.\n\nReported-and-tested by: Yue Sun <samsun1006219@gmail.com>\nReported by: xingwei lee <xrivendell7@gmail.com>', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26934 was patched at 2024-06-05

debian: CVE-2024-26934 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-26934 was patched at 2024-06-05

redhat: CVE-2024-26934 was patched at 2024-06-05

ubuntu: CVE-2024-26934 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9176. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26935) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix unremoved procfs host directory regression\n\nCommit fc663711b944 ("scsi: core: Remove the /proc/scsi/${proc_name}\ndirectory earlier") fixed a bug related to modules loading/unloading, by\nadding a call to scsi_proc_hostdir_rm() on scsi_remove_host(). But that led\nto a potential duplicate call to the hostdir_rm() routine, since it's also\ncalled from scsi_host_dev_release(). That triggered a regression report,\nwhich was then fixed by commit be03df3d4bfe ("scsi: core: Fix a procfs host\ndirectory removal regression"). The fix just dropped the hostdir_rm() call\nfrom dev_release().\n\nBut it happens that this proc directory is created on scsi_host_alloc(),\nand that function "pairs" with scsi_host_dev_release(), while\nscsi_remove_host() pairs with scsi_add_host(). In other words, it seems the\nreason for removing the proc directory on dev_release() was meant to cover\ncases in which a SCSI host structure was allocated, but the call to\nscsi_add_host() didn't happen. And that pattern happens to exist in some\nerror paths, for example.\n\nSyzkaller causes that by using USB raw gadget device, error'ing on\nusb-storage driver, at usb_stor_probe2(). By checking that path, we can see\nthat the BadDevice label leads to a scsi_host_put() after a SCSI host\nallocation, but there's no call to scsi_add_host() in such path. That leads\nto messages like this in dmesg (and a leak of the SCSI host proc\nstructure):\n\nusb-storage 4-1:87.51: USB Mass Storage device detected\nproc_dir_entry 'scsi/usb-storage' already registered\nWARNING: CPU: 1 PID: 3519 at fs/proc/generic.c:377 proc_register+0x347/0x4e0 fs/proc/generic.c:376\n\nThe proper fix seems to still call scsi_proc_hostdir_rm() on dev_release(),\nbut guard that with the state check for SHOST_CREATED; there is even a\ncomment in scsi_host_dev_release() detailing that: such conditional is\nmeant for cases where the SCSI host was allocated but there was no calls to\n{add,remove}_host(), like the usb-storage case.\n\nThis is what we propose here and with that, the error path of usb-storage\ndoes not trigger the warning anymore.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26935 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26935 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9177. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26936) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate request buffer size in smb2_allocate_rsp_buf()\n\nThe response buffer should be allocated in smb2_allocate_rsp_buf\nbefore validating request. But the fields in payload as well as smb2 header\nis used in smb2_allocate_rsp_buf(). This patch add simple buffer size\nvalidation to avoid potencial out-of-bounds in request buffer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26936 was patched at 2024-05-06, 2024-05-15

9178. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26937) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Reset queue_priority_hint on parking\n\nOriginally, with strict in order execution, we could complete execution\nonly when the queue was empty. Preempt-to-busy allows replacement of an\nactive request that may complete before the preemption is processed by\nHW. If that happens, the request is retired from the queue, but the\nqueue_priority_hint remains set, preventing direct submission until\nafter the next CS interrupt is processed.\n\nThis preempt-to-busy race can be triggered by the heartbeat, which will\nalso act as the power-management barrier and upon completion allow us to\nidle the HW. We may process the completion of the heartbeat, and begin\nparking the engine before the CS event that restores the\nqueue_priority_hint, causing us to fail the assertion that it is MIN.\n\n<3>[ 166.210729] __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1))\n<0>[ 166.210781] Dumping ftrace buffer:\n<0>[ 166.210795] ---------------------------------\n...\n<0>[ 167.302811] drm_fdin-1097 2..s1. 165741070us : trace_ports: 0000:00:02.0 rcs0: promote { ccid:20 1217:2 prio 0 }\n<0>[ 167.302861] drm_fdin-1097 2d.s2. 165741072us : execlists_submission_tasklet: 0000:00:02.0 rcs0: preempting last=1217:2, prio=0, hint=2147483646\n<0>[ 167.302928] drm_fdin-1097 2d.s2. 165741072us : __i915_request_unsubmit: 0000:00:02.0 rcs0: fence 1217:2, current 0\n<0>[ 167.302992] drm_fdin-1097 2d.s2. 165741073us : __i915_request_submit: 0000:00:02.0 rcs0: fence 3:4660, current 4659\n<0>[ 167.303044] drm_fdin-1097 2d.s1. 165741076us : execlists_submission_tasklet: 0000:00:02.0 rcs0: context:3 schedule-in, ccid:40\n<0>[ 167.303095] drm_fdin-1097 2d.s1. 165741077us : trace_ports: 0000:00:02.0 rcs0: submit { ccid:40 3:4660* prio 2147483646 }\n<0>[ 167.303159] kworker/-89 11..... 165741139us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence c90:2, current 2\n<0>[ 167.303208] kworker/-89 11..... 165741148us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:c90 unpin\n<0>[ 167.303272] kworker/-89 11..... 165741159us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 1217:2, current 2\n<0>[ 167.303321] kworker/-89 11..... 165741166us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:1217 unpin\n<0>[ 167.303384] kworker/-89 11..... 165741170us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 3:4660, current 4660\n<0>[ 167.303434] kworker/-89 11d..1. 165741172us : __intel_context_retire: 0000:00:02.0 rcs0: context:1216 retire runtime: { total:56028ns, avg:56028ns }\n<0>[ 167.303484] kworker/-89 11..... 165741198us : __engine_park: 0000:00:02.0 rcs0: parked\n<0>[ 167.303534] <idle>-0 5d.H3. 165741207us : execlists_irq_handler: 0000:00:02.0 rcs0: semaphore yield: 00000040\n<0>[ 167.303583] kworker/-89 11..... 165741397us : __intel_context_retire: 0000:00:02.0 rcs0: context:1217 retire runtime: { total:325575ns, avg:0ns }\n<0>[ 167.303756] kworker/-89 11..... 165741777us : __intel_context_retire: 0000:00:02.0 rcs0: context:c90 retire runtime: { total:0ns, avg:0ns }\n<0>[ 167.303806] kworker/-89 11..... 165742017us : __engine_park: __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1))\n<0>[ 167.303811] ---------------------------------\n<4>[ 167.304722] ------------[ cut here ]------------\n<2>[ 167.304725] kernel BUG at drivers/gpu/drm/i915/gt/intel_engine_pm.c:283!\n<4>[ 167.304731] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n<4>[ 167.304734] CPU: 11 PID: 89 Comm: kworker/11:1 Tainted: G W 6.8.0-rc2-CI_DRM_14193-gc655e0fd2804+ #1\n<4>[ 167.304736] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022\n<4>[ 167.304738] Workqueue: i915-unordered retire_work_handler [i915]\n<4>[ 16\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26937 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26937 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9179. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26938) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()\n\nIf we have no VBT, or the VBT didn't declare the encoder\nin question, we won't have the 'devdata' for the encoder.\nInstead of oopsing just bail early.\n\nWe won't be able to tell whether the port is DP++ or not,\nbut so be it.\n\n(cherry picked from commit 26410896206342c8a80d2b027923e9ee7d33b733)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26938 was patched at 2024-05-15

ubuntu: CVE-2024-26938 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9180. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26940) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed\n\nThe driver creates /sys/kernel/debug/dri/0/mob_ttm even when the\ncorresponding ttm_resource_manager is not allocated.\nThis leads to a crash when trying to read from this file.\n\nAdd a check to create mob_ttm, system_mob_ttm, and gmr_ttm debug file\nonly when the corresponding ttm_resource_manager is allocated.\n\ncrash> bt\nPID: 3133409 TASK: ffff8fe4834a5000 CPU: 3 COMMAND: "grep"\n #0 [ffffb954506b3b20] machine_kexec at ffffffffb2a6bec3\n #1 [ffffb954506b3b78] __crash_kexec at ffffffffb2bb598a\n #2 [ffffb954506b3c38] crash_kexec at ffffffffb2bb68c1\n #3 [ffffb954506b3c50] oops_end at ffffffffb2a2a9b1\n #4 [ffffb954506b3c70] no_context at ffffffffb2a7e913\n #5 [ffffb954506b3cc8] __bad_area_nosemaphore at ffffffffb2a7ec8c\n #6 [ffffb954506b3d10] do_page_fault at ffffffffb2a7f887\n #7 [ffffb954506b3d40] page_fault at ffffffffb360116e\n [exception RIP: ttm_resource_manager_debug+0x11]\n RIP: ffffffffc04afd11 RSP: ffffb954506b3df0 RFLAGS: 00010246\n RAX: ffff8fe41a6d1200 RBX: 0000000000000000 RCX: 0000000000000940\n RDX: 0000000000000000 RSI: ffffffffc04b4338 RDI: 0000000000000000\n RBP: ffffb954506b3e08 R8: ffff8fee3ffad000 R9: 0000000000000000\n R10: ffff8fe41a76a000 R11: 0000000000000001 R12: 00000000ffffffff\n R13: 0000000000000001 R14: ffff8fe5bb6f3900 R15: ffff8fe41a6d1200\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n #8 [ffffb954506b3e00] ttm_resource_manager_show at ffffffffc04afde7 [ttm]\n #9 [ffffb954506b3e30] seq_read at ffffffffb2d8f9f3\n RIP: 00007f4c4eda8985 RSP: 00007ffdbba9e9f8 RFLAGS: 00000246\n RAX: ffffffffffffffda RBX: 000000000037e000 RCX: 00007f4c4eda8985\n RDX: 000000000037e000 RSI: 00007f4c41573000 RDI: 0000000000000003\n RBP: 000000000037e000 R8: 0000000000000000 R9: 000000000037fe30\n R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c41573000\n R13: 0000000000000003 R14: 00007f4c41572010 R15: 0000000000000003\n ORIG_RAX: 0000000000000000 CS: 0033 SS: 002b', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26940 was patched at 2024-05-15

ubuntu: CVE-2024-26940 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9181. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26943) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/dmem: handle kcalloc() allocation failure\n\nThe kcalloc() in nouveau_dmem_evict_chunk() will return null if\nthe physical memory has run out. As a result, if we dereference\nsrc_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs\nwill happen.\n\nMoreover, the GPU is going away. If the kcalloc() fails, we could not\nevict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL\nflag in kcalloc().\n\nFinally, as there is no need to have physically contiguous memory,\nthis patch switches kcalloc() to kvcalloc() in order to avoid\nfailing allocations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26943 was patched at 2024-05-15

ubuntu: CVE-2024-26943 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9182. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26945) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix nr_cpus < nr_iaa case\n\nIf nr_cpus < nr_iaa, the calculated cpus_per_iaa will be 0, which\ncauses a divide-by-0 in rebalance_wq_table().\n\nMake sure cpus_per_iaa is 1 in that case, and also in the nr_iaa == 0\ncase, even though cpus_per_iaa is never used if nr_iaa == 0, for\nparanoia.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26945 was patched at 2024-05-15

ubuntu: CVE-2024-26945 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9183. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26946) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nkprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address\n\nRead from an unsafe address with copy_from_kernel_nofault() in\narch_adjust_kprobe_addr() because this function is used before checking\nthe address is in text or not. Syzcaller bot found a bug and reported\nthe case if user specifies inaccessible data area,\narch_adjust_kprobe_addr() will cause a kernel panic.\n\n[ mingo: Clarified the comment. ]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26946 was patched at 2024-05-15

ubuntu: CVE-2024-26946 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9184. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26947) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses\n\nSince commit a4d5613c4dc6 ("arm: extend pfn_valid to take into account\nfreed memory map alignment") changes the semantics of pfn_valid() to check\npresence of the memory map for a PFN. A valid page for an address which\nis reserved but not mapped by the kernel[1], the system crashed during\nsome uio test with the following memory layout:\n\n node 0: [mem 0x00000000c0a00000-0x00000000cc8fffff]\n node 0: [mem 0x00000000d0000000-0x00000000da1fffff]\n the uio layout is:0xc0900000, 0x100000\n\nthe crash backtrace like:\n\n Unable to handle kernel paging request at virtual address bff00000\n [...]\n CPU: 1 PID: 465 Comm: startapp.bin Tainted: G O 5.10.0 #1\n Hardware name: Generic DT based system\n PC is at b15_flush_kern_dcache_area+0x24/0x3c\n LR is at __sync_icache_dcache+0x6c/0x98\n [...]\n (b15_flush_kern_dcache_area) from (__sync_icache_dcache+0x6c/0x98)\n (__sync_icache_dcache) from (set_pte_at+0x28/0x54)\n (set_pte_at) from (remap_pfn_range+0x1a0/0x274)\n (remap_pfn_range) from (uio_mmap+0x184/0x1b8 [uio])\n (uio_mmap [uio]) from (__mmap_region+0x264/0x5f4)\n (__mmap_region) from (__do_mmap_mm+0x3ec/0x440)\n (__do_mmap_mm) from (do_mmap+0x50/0x58)\n (do_mmap) from (vm_mmap_pgoff+0xfc/0x188)\n (vm_mmap_pgoff) from (ksys_mmap_pgoff+0xac/0xc4)\n (ksys_mmap_pgoff) from (ret_fast_syscall+0x0/0x5c)\n Code: e0801001 e2423001 e1c00003 f57ff04f (ee070f3e)\n ---[ end trace 09cf0734c3805d52 ]---\n Kernel panic - not syncing: Fatal exception\n\nSo check if PG_reserved was set to solve this issue.\n\n[1]: https://lore.kernel.org/lkml/Zbtdue57RO0QScJM@linux.ibm.com/', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26947 was patched at 2024-05-15

ubuntu: CVE-2024-26947 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9185. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26948) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Add a dc_state NULL check in dc_state_release\n\n[How]\nCheck wheather state is NULL before releasing it.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26948 was patched at 2024-05-15

ubuntu: CVE-2024-26948 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9186. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26950) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: netlink: access device through ctx instead of peer\n\nThe previous commit fixed a bug that led to a NULL peer->device being\ndereferenced. It's actually easier and faster performance-wise to\ninstead get the device from ctx->wg. This semantically makes more sense\ntoo, since ctx->wg->peer_allowedips.seq is compared with\nctx->allowedips_seq, basing them both in ctx. This also acts as a\ndefence in depth provision against freed peers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26950 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26950 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9187. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26953) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: esp: fix bad handling of pages from page_pool\n\nWhen the skb is reorganized during esp_output (!esp->inline), the pages\ncoming from the original skb fragments are supposed to be released back\nto the system through put_page. But if the skb fragment pages are\noriginating from a page_pool, calling put_page on them will trigger a\npage_pool leak which will eventually result in a crash.\n\nThis leak can be easily observed when using CONFIG_DEBUG_VM and doing\nipsec + gre (non offloaded) forwarding:\n\n BUG: Bad page state in process ksoftirqd/16 pfn:1451b6\n page:00000000de2b8d32 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1451b6000 pfn:0x1451b6\n flags: 0x200000000000000(node=0|zone=2)\n page_type: 0xffffffff()\n raw: 0200000000000000 dead000000000040 ffff88810d23c000 0000000000000000\n raw: 00000001451b6000 0000000000000001 00000000ffffffff 0000000000000000\n page dumped because: page_pool leak\n Modules linked in: ip_gre gre mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat nf_nat xt_addrtype br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core overlay zram zsmalloc fuse [last unloaded: mlx5_core]\n CPU: 16 PID: 96 Comm: ksoftirqd/16 Not tainted 6.8.0-rc4+ #22\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n Call Trace:\n <TASK>\n dump_stack_lvl+0x36/0x50\n bad_page+0x70/0xf0\n free_unref_page_prepare+0x27a/0x460\n free_unref_page+0x38/0x120\n esp_ssg_unref.isra.0+0x15f/0x200\n esp_output_tail+0x66d/0x780\n esp_xmit+0x2c5/0x360\n validate_xmit_xfrm+0x313/0x370\n ? validate_xmit_skb+0x1d/0x330\n validate_xmit_skb_list+0x4c/0x70\n sch_direct_xmit+0x23e/0x350\n __dev_queue_xmit+0x337/0xba0\n ? nf_hook_slow+0x3f/0xd0\n ip_finish_output2+0x25e/0x580\n iptunnel_xmit+0x19b/0x240\n ip_tunnel_xmit+0x5fb/0xb60\n ipgre_xmit+0x14d/0x280 [ip_gre]\n dev_hard_start_xmit+0xc3/0x1c0\n __dev_queue_xmit+0x208/0xba0\n ? nf_hook_slow+0x3f/0xd0\n ip_finish_output2+0x1ca/0x580\n ip_sublist_rcv_finish+0x32/0x40\n ip_sublist_rcv+0x1b2/0x1f0\n ? ip_rcv_finish_core.constprop.0+0x460/0x460\n ip_list_rcv+0x103/0x130\n __netif_receive_skb_list_core+0x181/0x1e0\n netif_receive_skb_list_internal+0x1b3/0x2c0\n napi_gro_receive+0xc8/0x200\n gro_cell_poll+0x52/0x90\n __napi_poll+0x25/0x1a0\n net_rx_action+0x28e/0x300\n __do_softirq+0xc3/0x276\n ? sort_range+0x20/0x20\n run_ksoftirqd+0x1e/0x30\n smpboot_thread_fn+0xa6/0x130\n kthread+0xcd/0x100\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x31/0x50\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork_asm+0x11/0x20\n </TASK>\n\nThe suggested fix is to introduce a new wrapper (skb_page_unref) that\ncovers page refcounting for page_pool pages as well.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26953 was patched at 2024-05-15

ubuntu: CVE-2024-26953 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9188. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26955) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: prevent kernel bug at submit_bh_wbc()\n\nFix a bug where nilfs_get_block() returns a successful status when\nsearching and inserting the specified block both fail inconsistently. If\nthis inconsistent behavior is not due to a previously fixed bug, then an\nunexpected race is occurring, so return a temporary error -EAGAIN instead.\n\nThis prevents callers such as __block_write_begin_int() from requesting a\nread into a buffer that is not mapped, which would cause the BUG_ON check\nfor the BH_Mapped flag in submit_bh_wbc() to fail.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26955 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26955 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9189. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26956) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix failure to detect DAT corruption in btree and direct mappings\n\nPatch series "nilfs2: fix kernel bug at submit_bh_wbc()".\n\nThis resolves a kernel BUG reported by syzbot. Since there are two\nflaws involved, I've made each one a separate patch.\n\nThe first patch alone resolves the syzbot-reported bug, but I think\nboth fixes should be sent to stable, so I've tagged them as such.\n\n\nThis patch (of 2):\n\nSyzbot has reported a kernel bug in submit_bh_wbc() when writing file data\nto a nilfs2 file system whose metadata is corrupted.\n\nThere are two flaws involved in this issue.\n\nThe first flaw is that when nilfs_get_block() locates a data block using\nbtree or direct mapping, if the disk address translation routine\nnilfs_dat_translate() fails with internal code -ENOENT due to DAT metadata\ncorruption, it can be passed back to nilfs_get_block(). This causes\nnilfs_get_block() to misidentify an existing block as non-existent,\ncausing both data block lookup and insertion to fail inconsistently.\n\nThe second flaw is that nilfs_get_block() returns a successful status in\nthis inconsistent state. This causes the caller __block_write_begin_int()\nor others to request a read even though the buffer is not mapped,\nresulting in a BUG_ON check for the BH_Mapped flag in submit_bh_wbc()\nfailing.\n\nThis fixes the first issue by changing the return value to code -EINVAL\nwhen a conversion using DAT fails with code -ENOENT, avoiding the\nconflicting condition that leads to the kernel bug described above. Here,\ncode -EINVAL indicates that metadata corruption was detected during the\nblock lookup, which will be properly handled as a file system error and\nconverted to -EIO when passing through the nilfs2 bmap layer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26956 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26956 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9190. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26957) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/zcrypt: fix reference counting on zcrypt card objects\n\nTests with hot-plugging crytpo cards on KVM guests with debug\nkernel build revealed an use after free for the load field of\nthe struct zcrypt_card. The reason was an incorrect reference\nhandling of the zcrypt card object which could lead to a free\nof the zcrypt card object while it was still in use.\n\nThis is an example of the slab message:\n\n kernel: 0x00000000885a7512-0x00000000885a7513 @offset=1298. First byte 0x68 instead of 0x6b\n kernel: Allocated in zcrypt_card_alloc+0x36/0x70 [zcrypt] age=18046 cpu=3 pid=43\n kernel: kmalloc_trace+0x3f2/0x470\n kernel: zcrypt_card_alloc+0x36/0x70 [zcrypt]\n kernel: zcrypt_cex4_card_probe+0x26/0x380 [zcrypt_cex4]\n kernel: ap_device_probe+0x15c/0x290\n kernel: really_probe+0xd2/0x468\n kernel: driver_probe_device+0x40/0xf0\n kernel: __device_attach_driver+0xc0/0x140\n kernel: bus_for_each_drv+0x8c/0xd0\n kernel: __device_attach+0x114/0x198\n kernel: bus_probe_device+0xb4/0xc8\n kernel: device_add+0x4d2/0x6e0\n kernel: ap_scan_adapter+0x3d0/0x7c0\n kernel: ap_scan_bus+0x5a/0x3b0\n kernel: ap_scan_bus_wq_callback+0x40/0x60\n kernel: process_one_work+0x26e/0x620\n kernel: worker_thread+0x21c/0x440\n kernel: Freed in zcrypt_card_put+0x54/0x80 [zcrypt] age=9024 cpu=3 pid=43\n kernel: kfree+0x37e/0x418\n kernel: zcrypt_card_put+0x54/0x80 [zcrypt]\n kernel: ap_device_remove+0x4c/0xe0\n kernel: device_release_driver_internal+0x1c4/0x270\n kernel: bus_remove_device+0x100/0x188\n kernel: device_del+0x164/0x3c0\n kernel: device_unregister+0x30/0x90\n kernel: ap_scan_adapter+0xc8/0x7c0\n kernel: ap_scan_bus+0x5a/0x3b0\n kernel: ap_scan_bus_wq_callback+0x40/0x60\n kernel: process_one_work+0x26e/0x620\n kernel: worker_thread+0x21c/0x440\n kernel: kthread+0x150/0x168\n kernel: __ret_from_fork+0x3c/0x58\n kernel: ret_from_fork+0xa/0x30\n kernel: Slab 0x00000372022169c0 objects=20 used=18 fp=0x00000000885a7c88 flags=0x3ffff00000000a00(workingset|slab|node=0|zone=1|lastcpupid=0x1ffff)\n kernel: Object 0x00000000885a74b8 @offset=1208 fp=0x00000000885a7c88\n kernel: Redzone 00000000885a74b0: bb bb bb bb bb bb bb bb ........\n kernel: Object 00000000885a74b8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk\n kernel: Object 00000000885a74c8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk\n kernel: Object 00000000885a74d8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk\n kernel: Object 00000000885a74e8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk\n kernel: Object 00000000885a74f8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk\n kernel: Object 00000000885a7508: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 68 4b 6b 6b 6b a5 kkkkkkkkkkhKkkk.\n kernel: Redzone 00000000885a7518: bb bb bb bb bb bb bb bb ........\n kernel: Padding 00000000885a756c: 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZZZZZ\n kernel: CPU: 0 PID: 387 Comm: systemd-udevd Not tainted 6.8.0-HF #2\n kernel: Hardware name: IBM 3931 A01 704 (KVM/Linux)\n kernel: Call Trace:\n kernel: [<00000000ca5ab5b8>] dump_stack_lvl+0x90/0x120\n kernel: [<00000000c99d78bc>] check_bytes_and_report+0x114/0x140\n kernel: [<00000000c99d53cc>] check_object+0x334/0x3f8\n kernel: [<00000000c99d820c>] alloc_debug_processing+0xc4/0x1f8\n kernel: [<00000000c99d852e>] get_partial_node.part.0+0x1ee/0x3e0\n kernel: [<00000000c99d94ec>] ___slab_alloc+0xaf4/0x13c8\n kernel: [<00000000c99d9e38>] __slab_alloc.constprop.0+0x78/0xb8\n kernel: [<00000000c99dc8dc>] __kmalloc+0x434/0x590\n kernel: [<00000000c9b4c0ce>] ext4_htree_store_dirent+0x4e/0x1c0\n kernel: [<00000000c9b908a2>] htree_dirblock_to_tree+0x17a/0x3f0\n kernel: \n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26957 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26957 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9191. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26960) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm: swap: fix race between free_swap_and_cache() and swapoff()\n\nThere was previously a theoretical window where swapoff() could run and\nteardown a swap_info_struct while a call to free_swap_and_cache() was\nrunning in another thread. This could cause, amongst other bad\npossibilities, swap_page_trans_huge_swapped() (called by\nfree_swap_and_cache()) to access the freed memory for swap_map.\n\nThis is a theoretical problem and I haven't been able to provoke it from a\ntest case. But there has been agreement based on code review that this is\npossible (see link below).\n\nFix it by using get_swap_device()/put_swap_device(), which will stall\nswapoff(). There was an extra check in _swap_info_get() to confirm that\nthe swap entry was not free. This isn't present in get_swap_device()\nbecause it doesn't make sense in general due to the race between getting\nthe reference and swapoff. So I've added an equivalent check directly in\nfree_swap_and_cache().\n\nDetails of how to provoke one possible issue (thanks to David Hildenbrand\nfor deriving this):\n\n--8<-----\n\n__swap_entry_free() might be the last user and result in\n"count == SWAP_HAS_CACHE".\n\nswapoff->try_to_unuse() will stop as soon as soon as si->inuse_pages==0.\n\nSo the question is: could someone reclaim the folio and turn\nsi->inuse_pages==0, before we completed swap_page_trans_huge_swapped().\n\nImagine the following: 2 MiB folio in the swapcache. Only 2 subpages are\nstill references by swap entries.\n\nProcess 1 still references subpage 0 via swap entry.\nProcess 2 still references subpage 1 via swap entry.\n\nProcess 1 quits. Calls free_swap_and_cache().\n-> count == SWAP_HAS_CACHE\n[then, preempted in the hypervisor etc.]\n\nProcess 2 quits. Calls free_swap_and_cache().\n-> count == SWAP_HAS_CACHE\n\nProcess 2 goes ahead, passes swap_page_trans_huge_swapped(), and calls\n__try_to_reclaim_swap().\n\n__try_to_reclaim_swap()->folio_free_swap()->delete_from_swap_cache()->\nput_swap_folio()->free_swap_slot()->swapcache_free_entries()->\nswap_entry_free()->swap_range_free()->\n...\nWRITE_ONCE(si->inuse_pages, si->inuse_pages - nr_entries);\n\nWhat stops swapoff to succeed after process 2 reclaimed the swap cache\nbut before process1 finished its call to swap_page_trans_huge_swapped()?\n\n--8<-----', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26960 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26960 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9192. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26962) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape\n\nFor raid456, if reshape is still in progress, then IO across reshape\nposition will wait for reshape to make progress. However, for dm-raid,\nin following cases reshape will never make progress hence IO will hang:\n\n1) the array is read-only;\n2) MD_RECOVERY_WAIT is set;\n3) MD_RECOVERY_FROZEN is set;\n\nAfter commit c467e97f079f ("md/raid6: use valid sector values to determine\nif an I/O should wait on the reshape") fix the problem that IO across\nreshape position doesn't wait for reshape, the dm-raid test\nshell/lvconvert-raid-reshape.sh start to hang:\n\n[root@fedora ~]# cat /proc/979/stack\n[<0>] wait_woken+0x7d/0x90\n[<0>] raid5_make_request+0x929/0x1d70 [raid456]\n[<0>] md_handle_request+0xc2/0x3b0 [md_mod]\n[<0>] raid_map+0x2c/0x50 [dm_raid]\n[<0>] __map_bio+0x251/0x380 [dm_mod]\n[<0>] dm_submit_bio+0x1f0/0x760 [dm_mod]\n[<0>] __submit_bio+0xc2/0x1c0\n[<0>] submit_bio_noacct_nocheck+0x17f/0x450\n[<0>] submit_bio_noacct+0x2bc/0x780\n[<0>] submit_bio+0x70/0xc0\n[<0>] mpage_readahead+0x169/0x1f0\n[<0>] blkdev_readahead+0x18/0x30\n[<0>] read_pages+0x7c/0x3b0\n[<0>] page_cache_ra_unbounded+0x1ab/0x280\n[<0>] force_page_cache_ra+0x9e/0x130\n[<0>] page_cache_sync_ra+0x3b/0x110\n[<0>] filemap_get_pages+0x143/0xa30\n[<0>] filemap_read+0xdc/0x4b0\n[<0>] blkdev_read_iter+0x75/0x200\n[<0>] vfs_read+0x272/0x460\n[<0>] ksys_read+0x7a/0x170\n[<0>] __x64_sys_read+0x1c/0x30\n[<0>] do_syscall_64+0xc6/0x230\n[<0>] entry_SYSCALL_64_after_hwframe+0x6c/0x74\n\nThis is because reshape can't make progress.\n\nFor md/raid, the problem doesn't exist because register new sync_thread\ndoesn't rely on the IO to be done any more:\n\n1) If array is read-only, it can switch to read-write by ioctl/sysfs;\n2) md/raid never set MD_RECOVERY_WAIT;\n3) If MD_RECOVERY_FROZEN is set, mddev_suspend() doesn't hold\n 'reconfig_mutex', hence it can be cleared and reshape can continue by\n sysfs api 'sync_action'.\n\nHowever, I'm not sure yet how to avoid the problem in dm-raid yet. This\npatch on the one hand make sure raid_message() can't change\nsync_thread() through raid_message() after presuspend(), on the other\nhand detect the above 3 cases before wait for IO do be done in\ndm_suspend(), and let dm-raid requeue those IO.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26962 was patched at 2024-05-15

ubuntu: CVE-2024-26962 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9193. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26963) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3-am62: fix module unload/reload behavior\n\nAs runtime PM is enabled, the module can be runtime\nsuspended when .remove() is called.\n\nDo a pm_runtime_get_sync() to make sure module is active\nbefore doing any register operations.\n\nDoing a pm_runtime_put_sync() should disable the refclk\nso no need to disable it again.\n\nFixes the below warning at module removel.\n\n[ 39.705310] ------------[ cut here ]------------\n[ 39.710004] clk:162:3 already disabled\n[ 39.713941] WARNING: CPU: 0 PID: 921 at drivers/clk/clk.c:1090 clk_core_disable+0xb0/0xb8\n\nWe called of_platform_populate() in .probe() so call the\ncleanup function of_platform_depopulate() in .remove().\nGet rid of the now unnnecessary dwc3_ti_remove_core().\nWithout this, module re-load doesn't work properly.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26963 was patched at 2024-05-15

ubuntu: CVE-2024-26963 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9194. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26965) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: mmcc-msm8974: fix terminating of frequency table arrays\n\nThe frequency table arrays are supposed to be terminated with an\nempty element. Add such entry to the end of the arrays where it\nis missing in order to avoid possible out-of-bound access when\nthe table is traversed by functions like qcom_find_freq() or\nqcom_find_freq_floor().\n\nOnly compile tested.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26965 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26965 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9195. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26966) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: mmcc-apq8084: fix terminating of frequency table arrays\n\nThe frequency table arrays are supposed to be terminated with an\nempty element. Add such entry to the end of the arrays where it\nis missing in order to avoid possible out-of-bound access when\nthe table is traversed by functions like qcom_find_freq() or\nqcom_find_freq_floor().\n\nOnly compile tested.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26966 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26966 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9196. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26969) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: gcc-ipq8074: fix terminating of frequency table arrays\n\nThe frequency table arrays are supposed to be terminated with an\nempty element. Add such entry to the end of the arrays where it\nis missing in order to avoid possible out-of-bound access when\nthe table is traversed by functions like qcom_find_freq() or\nqcom_find_freq_floor().\n\nOnly compile tested.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26969 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26969 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9197. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26970) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: gcc-ipq6018: fix terminating of frequency table arrays\n\nThe frequency table arrays are supposed to be terminated with an\nempty element. Add such entry to the end of the arrays where it\nis missing in order to avoid possible out-of-bound access when\nthe table is traversed by functions like qcom_find_freq() or\nqcom_find_freq_floor().\n\nOnly compile tested.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26970 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26970 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9198. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26972) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nubifs: ubifs_symlink: Fix memleak of inode->i_link in error path\n\nFor error handling path in ubifs_symlink(), inode will be marked as\nbad first, then iput() is invoked. If inode->i_link is initialized by\nfscrypt_encrypt_symlink() in encryption scenario, inode->i_link won't\nbe freed by callchain ubifs_free_inode -> fscrypt_free_inode in error\nhandling path, because make_bad_inode() has changed 'inode->i_mode' as\n'S_IFREG'.\nFollowing kmemleak is easy to be reproduced by injecting error in\nubifs_jnl_update() when doing symlink in encryption scenario:\n unreferenced object 0xffff888103da3d98 (size 8):\n comm "ln", pid 1692, jiffies 4294914701 (age 12.045s)\n backtrace:\n kmemdup+0x32/0x70\n __fscrypt_encrypt_symlink+0xed/0x1c0\n ubifs_symlink+0x210/0x300 [ubifs]\n vfs_symlink+0x216/0x360\n do_symlinkat+0x11a/0x190\n do_syscall_64+0x3b/0xe0\nThere are two ways fixing it:\n 1. Remove make_bad_inode() in error handling path. We can do that\n because ubifs_evict_inode() will do same processes for good\n symlink inode and bad symlink inode, for inode->i_nlink checking\n is before is_bad_inode().\n 2. Free inode->i_link before marking inode bad.\nMethod 2 is picked, it has less influence, personally, I think.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26972 was patched at 2024-05-15

ubuntu: CVE-2024-26972 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9199. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26973) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfat: fix uninitialized field in nostale filehandles\n\nWhen fat_encode_fh_nostale() encodes file handle without a parent it\nstores only first 10 bytes of the file handle. However the length of the\nfile handle must be a multiple of 4 so the file handle is actually 12\nbytes long and the last two bytes remain uninitialized. This is not\ngreat at we potentially leak uninitialized information with the handle\nto userspace. Properly initialize the full handle length.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26973 was patched at 2024-06-05

debian: CVE-2024-26973 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-26973 was patched at 2024-06-05

redhat: CVE-2024-26973 was patched at 2024-06-05

ubuntu: CVE-2024-26973 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9200. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26976) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Always flush async #PF workqueue when vCPU is being destroyed\n\nAlways flush the per-vCPU async #PF workqueue when a vCPU is clearing its\ncompletion queue, e.g. when a VM and all its vCPUs is being destroyed.\nKVM must ensure that none of its workqueue callbacks is running when the\nlast reference to the KVM _module_ is put. Gifting a reference to the\nassociated VM prevents the workqueue callback from dereferencing freed\nvCPU/VM memory, but does not prevent the KVM module from being unloaded\nbefore the callback completes.\n\nDrop the misguided VM refcount gifting, as calling kvm_put_kvm() from\nasync_pf_execute() if kvm_put_kvm() flushes the async #PF workqueue will\nresult in deadlock. async_pf_execute() can't return until kvm_put_kvm()\nfinishes, and kvm_put_kvm() can't return until async_pf_execute() finishes:\n\n WARNING: CPU: 8 PID: 251 at virt/kvm/kvm_main.c:1435 kvm_put_kvm+0x2d/0x320 [kvm]\n Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel kvm irqbypass\n CPU: 8 PID: 251 Comm: kworker/8:1 Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Workqueue: events async_pf_execute [kvm]\n RIP: 0010:kvm_put_kvm+0x2d/0x320 [kvm]\n Call Trace:\n <TASK>\n async_pf_execute+0x198/0x260 [kvm]\n process_one_work+0x145/0x2d0\n worker_thread+0x27e/0x3a0\n kthread+0xba/0xe0\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x11/0x20\n </TASK>\n ---[ end trace 0000000000000000 ]---\n INFO: task kworker/8:1:251 blocked for more than 120 seconds.\n Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.\n task:kworker/8:1 state:D stack:0 pid:251 ppid:2 flags:0x00004000\n Workqueue: events async_pf_execute [kvm]\n Call Trace:\n <TASK>\n __schedule+0x33f/0xa40\n schedule+0x53/0xc0\n schedule_timeout+0x12a/0x140\n __wait_for_common+0x8d/0x1d0\n __flush_work.isra.0+0x19f/0x2c0\n kvm_clear_async_pf_completion_queue+0x129/0x190 [kvm]\n kvm_arch_destroy_vm+0x78/0x1b0 [kvm]\n kvm_put_kvm+0x1c1/0x320 [kvm]\n async_pf_execute+0x198/0x260 [kvm]\n process_one_work+0x145/0x2d0\n worker_thread+0x27e/0x3a0\n kthread+0xba/0xe0\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x11/0x20\n </TASK>\n\nIf kvm_clear_async_pf_completion_queue() actually flushes the workqueue,\nthen there's no need to gift async_pf_execute() a reference because all\ninvocations of async_pf_execute() will be forced to complete before the\nvCPU and its VM are destroyed/freed. And that in turn fixes the module\nunloading bug as __fput() won't do module_put() on the last vCPU reference\nuntil the vCPU has been freed, e.g. if closing the vCPU file also puts the\nlast reference to the KVM module.\n\nNote that kvm_check_async_pf_completion() may also take the work item off\nthe completion queue and so also needs to flush the work queue, as the\nwork will not be seen by kvm_clear_async_pf_completion_queue(). Waiting\non the workqueue could theoretically delay a vCPU due to waiting for the\nwork to complete, but that's a very, very small chance, and likely a very\nsmall delay. kvm_arch_async_page_present_queued() unconditionally makes a\nnew request, i.e. will effectively delay entering the guest, so the\nremaining work is really just:\n\n trace_kvm_async_pf_completed(addr, cr2_or_gpa);\n\n __kvm_vcpu_wake_up(vcpu);\n\n mmput(mm);\n\nand mmput() can't drop the last reference to the page tables if the vCPU is\nstill alive, i.e. the vCPU won't get stuck tearing down page tables.\n\nAdd a helper to do the flushing, specifically to deal with "wakeup all"\nwork items, as they aren't actually work items, i.e. are never placed in a\nworkqueue. Trying to flush a bogus workqueue entry rightly makes\n__flush_work() complain (kudos to whoever added that sanity check).\n\nNote, commit 5f6de5cbebee ("KVM: Prevent module exit until al\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26976 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-26976 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9201. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26977) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npci_iounmap(): Fix MMIO mapping leak\n\nThe #ifdef ARCH_HAS_GENERIC_IOPORT_MAP accidentally also guards iounmap(),\nwhich means MMIO mappings are leaked.\n\nMove the guard so we call iounmap() for MMIO mappings.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26977 was patched at 2024-05-15

ubuntu: CVE-2024-26977 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9202. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26981) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix OOB in nilfs_set_de_type\n\nThe size of the nilfs_type_by_mode array in the fs/nilfs2/dir.c file is\ndefined as "S_IFMT >> S_SHIFT", but the nilfs_set_de_type() function,\nwhich uses this array, specifies the index to read from the array in the\nsame way as "(mode & S_IFMT) >> S_SHIFT".\n\nstatic void nilfs_set_de_type(struct nilfs_dir_entry *de, struct inode\n *inode)\n{\n\tumode_t mode = inode->i_mode;\n\n\tde->file_type = nilfs_type_by_mode[(mode & S_IFMT)>>S_SHIFT]; // oob\n}\n\nHowever, when the index is determined this way, an out-of-bounds (OOB)\nerror occurs by referring to an index that is 1 larger than the array size\nwhen the condition "mode & S_IFMT == S_IFMT" is satisfied. Therefore, a\npatch to resize the nilfs_type_by_mode array should be applied to prevent\nOOB errors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26981 was patched at 2024-05-06, 2024-05-15

9203. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26982) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSquashfs: check the inode number is not the invalid value of zero\n\nSyskiller has produced an out of bounds access in fill_meta_index().\n\nThat out of bounds access is ultimately caused because the inode\nhas an inode number with the invalid value of zero, which was not checked.\n\nThe reason this causes the out of bounds access is due to following\nsequence of events:\n\n1. Fill_meta_index() is called to allocate (via empty_meta_index())\n and fill a metadata index. It however suffers a data read error\n and aborts, invalidating the newly returned empty metadata index.\n It does this by setting the inode number of the index to zero,\n which means unused (zero is not a valid inode number).\n\n2. When fill_meta_index() is subsequently called again on another\n read operation, locate_meta_index() returns the previous index\n because it matches the inode number of 0. Because this index\n has been returned it is expected to have been filled, and because\n it hasn't been, an out of bounds access is performed.\n\nThis patch adds a sanity check which checks that the inode number\nis not zero when the inode is created and returns -EINVAL if it is.\n\n[phillip@squashfs.org.uk: whitespace fix]\n Link: https://lkml.kernel.org/r/20240409204723.446925-1-phillip@squashfs.org.uk', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26982 was patched at 2024-05-15

9204. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26987) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled\n\nWhen I did hard offline test with hugetlb pages, below deadlock occurs:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.8.0-11409-gf6cef5f8c37f #1 Not tainted\n------------------------------------------------------\nbash/46904 is trying to acquire lock:\nffffffffabe68910 (cpu_hotplug_lock){++++}-{0:0}, at: static_key_slow_dec+0x16/0x60\n\nbut task is already holding lock:\nffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (pcp_batch_high_lock){+.+.}-{3:3}:\n __mutex_lock+0x6c/0x770\n page_alloc_cpu_online+0x3c/0x70\n cpuhp_invoke_callback+0x397/0x5f0\n __cpuhp_invoke_callback_range+0x71/0xe0\n _cpu_up+0xeb/0x210\n cpu_up+0x91/0xe0\n cpuhp_bringup_mask+0x49/0xb0\n bringup_nonboot_cpus+0xb7/0xe0\n smp_init+0x25/0xa0\n kernel_init_freeable+0x15f/0x3e0\n kernel_init+0x15/0x1b0\n ret_from_fork+0x2f/0x50\n ret_from_fork_asm+0x1a/0x30\n\n-> #0 (cpu_hotplug_lock){++++}-{0:0}:\n __lock_acquire+0x1298/0x1cd0\n lock_acquire+0xc0/0x2b0\n cpus_read_lock+0x2a/0xc0\n static_key_slow_dec+0x16/0x60\n __hugetlb_vmemmap_restore_folio+0x1b9/0x200\n dissolve_free_huge_page+0x211/0x260\n __page_handle_poison+0x45/0xc0\n memory_failure+0x65e/0xc70\n hard_offline_page_store+0x55/0xa0\n kernfs_fop_write_iter+0x12c/0x1d0\n vfs_write+0x387/0x550\n ksys_write+0x64/0xe0\n do_syscall_64+0xca/0x1e0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(pcp_batch_high_lock);\n lock(cpu_hotplug_lock);\n lock(pcp_batch_high_lock);\n rlock(cpu_hotplug_lock);\n\n *** DEADLOCK ***\n\n5 locks held by bash/46904:\n #0: ffff98f6c3bb23f0 (sb_writers#5){.+.+}-{0:0}, at: ksys_write+0x64/0xe0\n #1: ffff98f6c328e488 (&of->mutex){+.+.}-{3:3}, at: kernfs_fop_write_iter+0xf8/0x1d0\n #2: ffff98ef83b31890 (kn->active#113){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x100/0x1d0\n #3: ffffffffabf9db48 (mf_mutex){+.+.}-{3:3}, at: memory_failure+0x44/0xc70\n #4: ffffffffabf92ea8 (pcp_batch_high_lock){+.+.}-{3:3}, at: zone_pcp_disable+0x16/0x40\n\nstack backtrace:\nCPU: 10 PID: 46904 Comm: bash Kdump: loaded Not tainted 6.8.0-11409-gf6cef5f8c37f #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0x68/0xa0\n check_noncircular+0x129/0x140\n __lock_acquire+0x1298/0x1cd0\n lock_acquire+0xc0/0x2b0\n cpus_read_lock+0x2a/0xc0\n static_key_slow_dec+0x16/0x60\n __hugetlb_vmemmap_restore_folio+0x1b9/0x200\n dissolve_free_huge_page+0x211/0x260\n __page_handle_poison+0x45/0xc0\n memory_failure+0x65e/0xc70\n hard_offline_page_store+0x55/0xa0\n kernfs_fop_write_iter+0x12c/0x1d0\n vfs_write+0x387/0x550\n ksys_write+0x64/0xe0\n do_syscall_64+0xca/0x1e0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\nRIP: 0033:0x7fc862314887\nCode: 10 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 48 89 54 24 18 48 89 74 24\nRSP: 002b:00007fff19311268 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007fc862314887\nRDX: 000000000000000c RSI: 000056405645fe10 RDI: 0000000000000001\nRBP: 000056405645fe10 R08: 00007fc8623d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007fc86241b780 R14: 00007fc862417600 R15: 00007fc862416a00\n\nIn short, below scene breaks the \n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26987 was patched at 2024-05-06, 2024-05-15

9205. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26988) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ninit/main.c: Fix potential static_command_line memory overflow\n\nWe allocate memory of size 'xlen + strlen(boot_command_line) + 1' for\nstatic_command_line, but the strings copied into static_command_line are\nextra_command_line and command_line, rather than extra_command_line and\nboot_command_line.\n\nWhen strlen(command_line) > strlen(boot_command_line), static_command_line\nwill overflow.\n\nThis patch just recovers strlen(command_line) which was miss-consolidated\nwith strlen(boot_command_line) in the commit f5c7310ac73e ("init/main: add\nchecks for the return value of memblock_alloc*()")', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26988 was patched at 2024-05-06, 2024-05-15

9206. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26989) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\narm64: hibernate: Fix level3 translation fault in swsusp_save()\n\nOn arm64 machines, swsusp_save() faults if it attempts to access\nMEMBLOCK_NOMAP memory ranges. This can be reproduced in QEMU using UEFI\nwhen booting with rodata=off debug_pagealloc=off and CONFIG_KFENCE=n:\n\n Unable to handle kernel paging request at virtual address ffffff8000000000\n Mem abort info:\n ESR = 0x0000000096000007\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x07: level 3 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000007, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n swapper pgtable: 4k pages, 39-bit VAs, pgdp=00000000eeb0b000\n [ffffff8000000000] pgd=180000217fff9803, p4d=180000217fff9803, pud=180000217fff9803, pmd=180000217fff8803, pte=0000000000000000\n Internal error: Oops: 0000000096000007 [#1] SMP\n Internal error: Oops: 0000000096000007 [#1] SMP\n Modules linked in: xt_multiport ipt_REJECT nf_reject_ipv4 xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c iptable_filter bpfilter rfkill at803x snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg dwmac_generic stmmac_platform snd_hda_codec stmmac joydev pcs_xpcs snd_hda_core phylink ppdev lp parport ramoops reed_solomon ip_tables x_tables nls_iso8859_1 vfat multipath linear amdgpu amdxcp drm_exec gpu_sched drm_buddy hid_generic usbhid hid radeon video drm_suballoc_helper drm_ttm_helper ttm i2c_algo_bit drm_display_helper cec drm_kms_helper drm\n CPU: 0 PID: 3663 Comm: systemd-sleep Not tainted 6.6.2+ #76\n Source Version: 4e22ed63a0a48e7a7cff9b98b7806d8d4add7dc0\n Hardware name: Greatwall GW-XXXXXX-XXX/GW-XXXXXX-XXX, BIOS KunLun BIOS V4.0 01/19/2021\n pstate: 600003c5 (nZCv DAIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : swsusp_save+0x280/0x538\n lr : swsusp_save+0x280/0x538\n sp : ffffffa034a3fa40\n x29: ffffffa034a3fa40 x28: ffffff8000001000 x27: 0000000000000000\n x26: ffffff8001400000 x25: ffffffc08113e248 x24: 0000000000000000\n x23: 0000000000080000 x22: ffffffc08113e280 x21: 00000000000c69f2\n x20: ffffff8000000000 x19: ffffffc081ae2500 x18: 0000000000000000\n x17: 6666662074736420 x16: 3030303030303030 x15: 3038666666666666\n x14: 0000000000000b69 x13: ffffff9f89088530 x12: 00000000ffffffea\n x11: 00000000ffff7fff x10: 00000000ffff7fff x9 : ffffffc08193f0d0\n x8 : 00000000000bffe8 x7 : c0000000ffff7fff x6 : 0000000000000001\n x5 : ffffffa0fff09dc8 x4 : 0000000000000000 x3 : 0000000000000027\n x2 : 0000000000000000 x1 : 0000000000000000 x0 : 000000000000004e\n Call trace:\n swsusp_save+0x280/0x538\n swsusp_arch_suspend+0x148/0x190\n hibernation_snapshot+0x240/0x39c\n hibernate+0xc4/0x378\n state_store+0xf0/0x10c\n kobj_attr_store+0x14/0x24\n\nThe reason is swsusp_save() -> copy_data_pages() -> page_is_saveable()\n-> kernel_page_present() assuming that a page is always present when\ncan_set_direct_map() is false (all of rodata_full,\ndebug_pagealloc_enabled() and arm64_kfence_can_set_direct_map() false),\nirrespective of the MEMBLOCK_NOMAP ranges. Such MEMBLOCK_NOMAP regions\nshould not be saved during hibernation.\n\nThis problem was introduced by changes to the pfn_valid() logic in\ncommit a7d9f306ba70 ("arm64: drop pfn_valid_within() and simplify\npfn_valid()").\n\nSimilar to other architectures, drop the !can_set_direct_map() check in\nkernel_page_present() so that page_is_savable() skips such pages.\n\n[catalin.marinas@arm.com: rework commit message]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26989 was patched at 2024-05-06, 2024-05-15

9207. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26992) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86/pmu: Disable support for adaptive PEBS\n\nDrop support for virtualizing adaptive PEBS, as KVM's implementation is\narchitecturally broken without an obvious/easy path forward, and because\nexposing adaptive PEBS can leak host LBRs to the guest, i.e. can leak\nhost kernel addresses to the guest.\n\nBug #1 is that KVM doesn't account for the upper 32 bits of\nIA32_FIXED_CTR_CTRL when (re)programming fixed counters, e.g\nfixed_ctrl_field() drops the upper bits, reprogram_fixed_counters()\nstores local variables as u8s and truncates the upper bits too, etc.\n\nBug #2 is that, because KVM _always_ sets precise_ip to a non-zero value\nfor PEBS events, perf will _always_ generate an adaptive record, even if\nthe guest requested a basic record. Note, KVM will also enable adaptive\nPEBS in individual *counter*, even if adaptive PEBS isn't exposed to the\nguest, but this is benign as MSR_PEBS_DATA_CFG is guaranteed to be zero,\ni.e. the guest will only ever see Basic records.\n\nBug #3 is in perf. intel_pmu_disable_fixed() doesn't clear the upper\nbits either, i.e. leaves ICL_FIXED_0_ADAPTIVE set, and\nintel_pmu_enable_fixed() effectively doesn't clear ICL_FIXED_0_ADAPTIVE\neither. I.e. perf _always_ enables ADAPTIVE counters, regardless of what\nKVM requests.\n\nBug #4 is that adaptive PEBS *might* effectively bypass event filters set\nby the host, as "Updated Memory Access Info Group" records information\nthat might be disallowed by userspace via KVM_SET_PMU_EVENT_FILTER.\n\nBug #5 is that KVM doesn't ensure LBR MSRs hold guest values (or at least\nzeros) when entering a vCPU with adaptive PEBS, which allows the guest\nto read host LBRs, i.e. host RIPs/addresses, by enabling "LBR Entries"\nrecords.\n\nDisable adaptive PEBS support as an immediate fix due to the severity of\nthe LBR leak in particular, and because fixing all of the bugs will be\nnon-trivial, e.g. not suitable for backporting to stable kernels.\n\nNote! This will break live migration, but trying to make KVM play nice\nwith live migration would be quite complicated, wouldn't be guaranteed to\nwork (i.e. KVM might still kill/confuse the guest), and it's not clear\nthat there are any publicly available VMMs that support adaptive PEBS,\nlet alone live migrate VMs that support adaptive PEBS, e.g. QEMU doesn't\nsupport PEBS in any capacity.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26992 was patched at 2024-05-06, 2024-05-15

9208. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26993) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfs: sysfs: Fix reference leak in sysfs_break_active_protection()\n\nThe sysfs_break_active_protection() routine has an obvious reference\nleak in its error path. If the call to kernfs_find_and_get() fails then\nkn will be NULL, so the companion sysfs_unbreak_active_protection()\nroutine won't get called (and would only cause an access violation by\ntrying to dereference kn->parent if it was called). As a result, the\nreference to kobj acquired at the start of the function will never be\nreleased.\n\nFix the leak by adding an explicit kobject_put() call when kn is NULL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26993 was patched at 2024-06-05

debian: CVE-2024-26993 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-26993 was patched at 2024-06-05, 2024-06-06

redhat: CVE-2024-26993 was patched at 2024-05-29, 2024-06-05

9209. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26994) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nspeakup: Avoid crash on very long word\n\nIn case a console is set up really large and contains a really long word\n(> 256 characters), we have to stop before the length of the word buffer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26994 was patched at 2024-05-06, 2024-05-15

9210. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26997) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc2: host: Fix dereference issue in DDMA completion flow.\n\nFixed variable dereference issue in DDMA completion flow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26997 was patched at 2024-05-06, 2024-05-15

9211. Unknown Vulnerability Type - Linux Kernel (CVE-2024-26999) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial/pmac_zilog: Remove flawed mitigation for rx irq flood\n\nThe mitigation was intended to stop the irq completely. That may be\nbetter than a hard lock-up but it turns out that you get a crash anyway\nif you're using pmac_zilog as a serial console:\n\nttyPZ0: pmz: rx irq flood !\nBUG: spinlock recursion on CPU#0, swapper/0\n\nThat's because the pr_err() call in pmz_receive_chars() results in\npmz_console_write() attempting to lock a spinlock already locked in\npmz_interrupt(). With CONFIG_DEBUG_SPINLOCK=y, this produces a fatal\nBUG splat. The spinlock in question is the one in struct uart_port.\n\nEven when it's not fatal, the serial port rx function ceases to work.\nAlso, the iteration limit doesn't play nicely with QEMU, as can be\nseen in the bug report linked below.\n\nA web search for other reports of the error message "pmz: rx irq flood"\ndidn't produce anything. So I don't think this code is needed any more.\nRemove it.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26999 was patched at 2024-05-06, 2024-05-15

9212. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27000) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nserial: mxs-auart: add spinlock around changing cts state\n\nThe uart_handle_cts_change() function in serial_core expects the caller\nto hold uport->lock. For example, I have seen the below kernel splat,\nwhen the Bluetooth driver is loaded on an i.MX28 board.\n\n [ 85.119255] ------------[ cut here ]------------\n [ 85.124413] WARNING: CPU: 0 PID: 27 at /drivers/tty/serial/serial_core.c:3453 uart_handle_cts_change+0xb4/0xec\n [ 85.134694] Modules linked in: hci_uart bluetooth ecdh_generic ecc wlcore_sdio configfs\n [ 85.143314] CPU: 0 PID: 27 Comm: kworker/u3:0 Not tainted 6.6.3-00021-gd62a2f068f92 #1\n [ 85.151396] Hardware name: Freescale MXS (Device Tree)\n [ 85.156679] Workqueue: hci0 hci_power_on [bluetooth]\n (...)\n [ 85.191765] uart_handle_cts_change from mxs_auart_irq_handle+0x380/0x3f4\n [ 85.198787] mxs_auart_irq_handle from __handle_irq_event_percpu+0x88/0x210\n (...)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27000 was patched at 2024-05-06, 2024-05-15

9213. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27001) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: vmk80xx: fix incomplete endpoint checking\n\nWhile vmk80xx does have endpoint checking implemented, some things\ncan fall through the cracks. Depending on the hardware model,\nURBs can have either bulk or interrupt type, and current version\nof vmk80xx_find_usb_endpoints() function does not take that fully\ninto account. While this warning does not seem to be too harmful,\nat the very least it will crash systems with 'panic_on_warn' set on\nthem.\n\nFix the issue found by Syzkaller [1] by somewhat simplifying the\nendpoint checking process with usb_find_common_endpoints() and\nensuring that only expected endpoint types are present.\n\nThis patch has not been tested on real hardware.\n\n[1] Syzkaller report:\nusb 1-1: BOGUS urb xfer, pipe 1 != type 3\nWARNING: CPU: 0 PID: 781 at drivers/usb/core/urb.c:504 usb_submit_urb+0xc4e/0x18c0 drivers/usb/core/urb.c:503\n...\nCall Trace:\n <TASK>\n usb_start_wait_urb+0x113/0x520 drivers/usb/core/message.c:59\n vmk80xx_reset_device drivers/comedi/drivers/vmk80xx.c:227 [inline]\n vmk80xx_auto_attach+0xa1c/0x1a40 drivers/comedi/drivers/vmk80xx.c:818\n comedi_auto_config+0x238/0x380 drivers/comedi/drivers.c:1067\n usb_probe_interface+0x5cd/0xb00 drivers/usb/core/driver.c:399\n...\n\nSimilar issue also found by Syzkaller:', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27001 was patched at 2024-05-06, 2024-05-15

9214. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27002) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nclk: mediatek: Do a runtime PM get on controllers during probe\n\nmt8183-mfgcfg has a mutual dependency with genpd during the probing\nstage, which leads to a deadlock in the following call stack:\n\nCPU0: genpd_lock --> clk_prepare_lock\ngenpd_power_off_work_fn()\n genpd_lock()\n generic_pm_domain::power_off()\n clk_unprepare()\n clk_prepare_lock()\n\nCPU1: clk_prepare_lock --> genpd_lock\nclk_register()\n __clk_core_init()\n clk_prepare_lock()\n clk_pm_runtime_get()\n genpd_lock()\n\nDo a runtime PM get at the probe function to make sure clk_register()\nwon't acquire the genpd lock. Instead of only modifying mt8183-mfgcfg,\ndo this on all mediatek clock controller probings because we don't\nbelieve this would cause any regression.\n\nVerified on MT8183 and MT8192 Chromebooks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27002 was patched at 2024-05-06, 2024-05-15

9215. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27003) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Get runtime PM before walking tree for clk_summary\n\nSimilar to the previous commit, we should make sure that all devices are\nruntime resumed before printing the clk_summary through debugfs. Failure\nto do so would result in a deadlock if the thread is resuming a device\nto print clk state and that device is also runtime resuming in another\nthread, e.g the screen is turning on and the display driver is starting\nup. We remove the calls to clk_pm_runtime_{get,put}() in this path\nbecause they're superfluous now that we know the devices are runtime\nresumed. This also squashes a bug where the return value of\nclk_pm_runtime_get() wasn't checked, leading to an RPM count underflow\non error paths.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27003 was patched at 2024-05-06, 2024-05-15

9216. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27004) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Get runtime PM before walking tree during disable_unused\n\nDoug reported [1] the following hung task:\n\n INFO: task swapper/0:1 blocked for more than 122 seconds.\n Not tainted 5.15.149-21875-gf795ebc40eb8 #1\n "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.\n task:swapper/0 state:D stack: 0 pid: 1 ppid: 0 flags:0x00000008\n Call trace:\n __switch_to+0xf4/0x1f4\n __schedule+0x418/0xb80\n schedule+0x5c/0x10c\n rpm_resume+0xe0/0x52c\n rpm_resume+0x178/0x52c\n __pm_runtime_resume+0x58/0x98\n clk_pm_runtime_get+0x30/0xb0\n clk_disable_unused_subtree+0x58/0x208\n clk_disable_unused_subtree+0x38/0x208\n clk_disable_unused_subtree+0x38/0x208\n clk_disable_unused_subtree+0x38/0x208\n clk_disable_unused_subtree+0x38/0x208\n clk_disable_unused+0x4c/0xe4\n do_one_initcall+0xcc/0x2d8\n do_initcall_level+0xa4/0x148\n do_initcalls+0x5c/0x9c\n do_basic_setup+0x24/0x30\n kernel_init_freeable+0xec/0x164\n kernel_init+0x28/0x120\n ret_from_fork+0x10/0x20\n INFO: task kworker/u16:0:9 blocked for more than 122 seconds.\n Not tainted 5.15.149-21875-gf795ebc40eb8 #1\n "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.\n task:kworker/u16:0 state:D stack: 0 pid: 9 ppid: 2 flags:0x00000008\n Workqueue: events_unbound deferred_probe_work_func\n Call trace:\n __switch_to+0xf4/0x1f4\n __schedule+0x418/0xb80\n schedule+0x5c/0x10c\n schedule_preempt_disabled+0x2c/0x48\n __mutex_lock+0x238/0x488\n __mutex_lock_slowpath+0x1c/0x28\n mutex_lock+0x50/0x74\n clk_prepare_lock+0x7c/0x9c\n clk_core_prepare_lock+0x20/0x44\n clk_prepare+0x24/0x30\n clk_bulk_prepare+0x40/0xb0\n mdss_runtime_resume+0x54/0x1c8\n pm_generic_runtime_resume+0x30/0x44\n __genpd_runtime_resume+0x68/0x7c\n genpd_runtime_resume+0x108/0x1f4\n __rpm_callback+0x84/0x144\n rpm_callback+0x30/0x88\n rpm_resume+0x1f4/0x52c\n rpm_resume+0x178/0x52c\n __pm_runtime_resume+0x58/0x98\n __device_attach+0xe0/0x170\n device_initial_probe+0x1c/0x28\n bus_probe_device+0x3c/0x9c\n device_add+0x644/0x814\n mipi_dsi_device_register_full+0xe4/0x170\n devm_mipi_dsi_device_register_full+0x28/0x70\n ti_sn_bridge_probe+0x1dc/0x2c0\n auxiliary_bus_probe+0x4c/0x94\n really_probe+0xcc/0x2c8\n __driver_probe_device+0xa8/0x130\n driver_probe_device+0x48/0x110\n __device_attach_driver+0xa4/0xcc\n bus_for_each_drv+0x8c/0xd8\n __device_attach+0xf8/0x170\n device_initial_probe+0x1c/0x28\n bus_probe_device+0x3c/0x9c\n deferred_probe_work_func+0x9c/0xd8\n process_one_work+0x148/0x518\n worker_thread+0x138/0x350\n kthread+0x138/0x1e0\n ret_from_fork+0x10/0x20\n\nThe first thread is walking the clk tree and calling\nclk_pm_runtime_get() to power on devices required to read the clk\nhardware via struct clk_ops::is_enabled(). This thread holds the clk\nprepare_lock, and is trying to runtime PM resume a device, when it finds\nthat the device is in the process of resuming so the thread schedule()s\naway waiting for the device to finish resuming before continuing. The\nsecond thread is runtime PM resuming the same device, but the runtime\nresume callback is calling clk_prepare(), trying to grab the\nprepare_lock waiting on the first thread.\n\nThis is a classic ABBA deadlock. To properly fix the deadlock, we must\nnever runtime PM resume or suspend a device with the clk prepare_lock\nheld. Actually doing that is near impossible today because the global\nprepare_lock would have to be dropped in the middle of the tree, the\ndevice runtime PM resumed/suspended, and then the prepare_lock grabbed\nagain to ensure consistency of the clk tree topology. If anything\nchanges with the clk tree in the meantime, we've lost and will need to\nstart the operation all over again.\n\nLuckily, most of the time we're simply incrementing or decrementing the\nruntime PM count on an active device, so we don't have the chance to\nschedule away with the prepare_lock held. Let's fix this immediate\nproblem that can be\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27004 was patched at 2024-05-06, 2024-05-15

9217. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27005) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: Don't access req_list while it's being manipulated\n\nThe icc_lock mutex was split into separate icc_lock and icc_bw_lock\nmutexes in [1] to avoid lockdep splats. However, this didn't adequately\nprotect access to icc_node::req_list.\n\nThe icc_set_bw() function will eventually iterate over req_list while\nonly holding icc_bw_lock, but req_list can be modified while only\nholding icc_lock. This causes races between icc_set_bw(), of_icc_get(),\nand icc_put().\n\nExample A:\n\n CPU0 CPU1\n ---- ----\n icc_set_bw(path_a)\n mutex_lock(&icc_bw_lock);\n icc_put(path_b)\n mutex_lock(&icc_lock);\n aggregate_requests()\n hlist_for_each_entry(r, ...\n hlist_del(...\n <r = invalid pointer>\n\nExample B:\n\n CPU0 CPU1\n ---- ----\n icc_set_bw(path_a)\n mutex_lock(&icc_bw_lock);\n path_b = of_icc_get()\n of_icc_get_by_index()\n mutex_lock(&icc_lock);\n path_find()\n path_init()\n aggregate_requests()\n hlist_for_each_entry(r, ...\n hlist_add_head(...\n <r = invalid pointer>\n\nFix this by ensuring icc_bw_lock is always held before manipulating\nicc_node::req_list. The additional places icc_bw_lock is held don't\nperform any memory allocations, so we should still be safe from the\noriginal lockdep splats that motivated the separate locks.\n\n[1] commit af42269c3523 ("interconnect: Fix locking for runpm vs reclaim")', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27005 was patched at 2024-05-15

9218. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27008) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: nv04: Fix out of bounds access\n\nWhen Output Resource (dcb->or) value is assigned in\nfabricate_dcb_output(), there may be out of bounds access to\ndac_users array in case dcb->or is zero because ffs(dcb->or) is\nused as index there.\nThe 'or' argument of fabricate_dcb_output() must be interpreted as a\nnumber of bit to set, not value.\n\nUtilize macros from 'enum nouveau_or' in calls instead of hardcoding.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27008 was patched at 2024-05-06, 2024-05-15

9219. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27010) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Fix mirred deadlock on device recursion\n\nWhen the mirred action is used on a classful egress qdisc and a packet is\nmirrored or redirected to self we hit a qdisc lock deadlock.\nSee trace below.\n\n[..... other info removed for brevity....]\n[ 82.890906]\n[ 82.890906] ============================================\n[ 82.890906] WARNING: possible recursive locking detected\n[ 82.890906] 6.8.0-05205-g77fadd89fe2d-dirty #213 Tainted: G W\n[ 82.890906] --------------------------------------------\n[ 82.890906] ping/418 is trying to acquire lock:\n[ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[ 82.890906]\n[ 82.890906] but task is already holding lock:\n[ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at:\n__dev_queue_xmit+0x1778/0x3550\n[ 82.890906]\n[ 82.890906] other info that might help us debug this:\n[ 82.890906] Possible unsafe locking scenario:\n[ 82.890906]\n[ 82.890906] CPU0\n[ 82.890906] ----\n[ 82.890906] lock(&sch->q.lock);\n[ 82.890906] lock(&sch->q.lock);\n[ 82.890906]\n[ 82.890906] *** DEADLOCK ***\n[ 82.890906]\n[..... other info removed for brevity....]\n\nExample setup (eth0->eth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth0\n\nAnother example(eth0->eth1->eth0) to recreate\ntc qdisc add dev eth0 root handle 1: htb default 30\ntc filter add dev eth0 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth1\n\ntc qdisc add dev eth1 root handle 1: htb default 30\ntc filter add dev eth1 handle 1: protocol ip prio 2 matchall \\\n action mirred egress redirect dev eth0\n\nWe fix this by adding an owner field (CPU id) to struct Qdisc set after\nroot qdisc is entered. When the softirq enters it a second time, if the\nqdisc owner is the same CPU, the packet is dropped to break the loop.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27010 was patched at 2024-05-15

9220. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27011) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix memleak in map from abort path\n\nThe delete set command does not rely on the transaction object for\nelement removal, therefore, a combination of delete element + delete set\nfrom the abort path could result in restoring twice the refcount of the\nmapping.\n\nCheck for inactive element in the next generation for the delete element\ncommand in the abort path, skip restoring state if next generation bit\nhas been already cleared. This is similar to the activate logic using\nthe set walk iterator.\n\n[ 6170.286929] ------------[ cut here ]------------\n[ 6170.286939] WARNING: CPU: 6 PID: 790302 at net/netfilter/nf_tables_api.c:2086 nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.287071] Modules linked in: [...]\n[ 6170.287633] CPU: 6 PID: 790302 Comm: kworker/6:2 Not tainted 6.9.0-rc3+ #365\n[ 6170.287768] RIP: 0010:nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.287886] Code: df 48 8d 7d 58 e8 69 2e 3b df 48 8b 7d 58 e8 80 1b 37 df 48 8d 7d 68 e8 57 2e 3b df 48 8b 7d 68 e8 6e 1b 37 df 48 89 ef eb c4 <0f> 0b 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 0f\n[ 6170.287895] RSP: 0018:ffff888134b8fd08 EFLAGS: 00010202\n[ 6170.287904] RAX: 0000000000000001 RBX: ffff888125bffb28 RCX: dffffc0000000000\n[ 6170.287912] RDX: 0000000000000003 RSI: ffffffffa20298ab RDI: ffff88811ebe4750\n[ 6170.287919] RBP: ffff88811ebe4700 R08: ffff88838e812650 R09: fffffbfff0623a55\n[ 6170.287926] R10: ffffffff8311d2af R11: 0000000000000001 R12: ffff888125bffb10\n[ 6170.287933] R13: ffff888125bffb10 R14: dead000000000122 R15: dead000000000100\n[ 6170.287940] FS: 0000000000000000(0000) GS:ffff888390b00000(0000) knlGS:0000000000000000\n[ 6170.287948] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 6170.287955] CR2: 00007fd31fc00710 CR3: 0000000133f60004 CR4: 00000000001706f0\n[ 6170.287962] Call Trace:\n[ 6170.287967] <TASK>\n[ 6170.287973] ? __warn+0x9f/0x1a0\n[ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288092] ? report_bug+0x1b1/0x1e0\n[ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288092] ? report_bug+0x1b1/0x1e0\n[ 6170.288104] ? handle_bug+0x3c/0x70\n[ 6170.288112] ? exc_invalid_op+0x17/0x40\n[ 6170.288120] ? asm_exc_invalid_op+0x1a/0x20\n[ 6170.288132] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]\n[ 6170.288243] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables]\n[ 6170.288366] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables]\n[ 6170.288483] nf_tables_trans_destroy_work+0x588/0x590 [nf_tables]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27011 was patched at 2024-05-15

9221. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27013) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ntun: limit printing rate when illegal packet received by tun dev\n\nvhost_worker will call tun call backs to receive packets. If too many\nillegal packets arrives, tun_do_read will keep dumping packet contents.\nWhen console is enabled, it will costs much more cpu time to dump\npacket and soft lockup will be detected.\n\nnet_ratelimit mechanism can be used to limit the dumping rate.\n\nPID: 33036 TASK: ffff949da6f20000 CPU: 23 COMMAND: "vhost-32980"\n #0 [fffffe00003fce50] crash_nmi_callback at ffffffff89249253\n #1 [fffffe00003fce58] nmi_handle at ffffffff89225fa3\n #2 [fffffe00003fceb0] default_do_nmi at ffffffff8922642e\n #3 [fffffe00003fced0] do_nmi at ffffffff8922660d\n #4 [fffffe00003fcef0] end_repeat_nmi at ffffffff89c01663\n [exception RIP: io_serial_in+20]\n RIP: ffffffff89792594 RSP: ffffa655314979e8 RFLAGS: 00000002\n RAX: ffffffff89792500 RBX: ffffffff8af428a0 RCX: 0000000000000000\n RDX: 00000000000003fd RSI: 0000000000000005 RDI: ffffffff8af428a0\n RBP: 0000000000002710 R8: 0000000000000004 R9: 000000000000000f\n R10: 0000000000000000 R11: ffffffff8acbf64f R12: 0000000000000020\n R13: ffffffff8acbf698 R14: 0000000000000058 R15: 0000000000000000\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n #5 [ffffa655314979e8] io_serial_in at ffffffff89792594\n #6 [ffffa655314979e8] wait_for_xmitr at ffffffff89793470\n #7 [ffffa65531497a08] serial8250_console_putchar at ffffffff897934f6\n #8 [ffffa65531497a20] uart_console_write at ffffffff8978b605\n #9 [ffffa65531497a48] serial8250_console_write at ffffffff89796558\n #10 [ffffa65531497ac8] console_unlock at ffffffff89316124\n #11 [ffffa65531497b10] vprintk_emit at ffffffff89317c07\n #12 [ffffa65531497b68] printk at ffffffff89318306\n #13 [ffffa65531497bc8] print_hex_dump at ffffffff89650765\n #14 [ffffa65531497ca8] tun_do_read at ffffffffc0b06c27 [tun]\n #15 [ffffa65531497d38] tun_recvmsg at ffffffffc0b06e34 [tun]\n #16 [ffffa65531497d68] handle_rx at ffffffffc0c5d682 [vhost_net]\n #17 [ffffa65531497ed0] vhost_worker at ffffffffc0c644dc [vhost]\n #18 [ffffa65531497f10] kthread at ffffffff892d2e72\n #19 [ffffa65531497f50] ret_from_fork at ffffffff89c0022f', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27013 was patched at 2024-05-06, 2024-05-15

9222. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27014) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Prevent deadlock while disabling aRFS\n\nWhen disabling aRFS under the `priv->state_lock`, any scheduled\naRFS works are canceled using the `cancel_work_sync` function,\nwhich waits for the work to end if it has already started.\nHowever, while waiting for the work handler, the handler will\ntry to acquire the `state_lock` which is already acquired.\n\nThe worker acquires the lock to delete the rules if the state\nis down, which is not the worker's responsibility since\ndisabling aRFS deletes the rules.\n\nAdd an aRFS state variable, which indicates whether the aRFS is\nenabled and prevent adding rules when the aRFS is disabled.\n\nKernel log:\n\n======================================================\nWARNING: possible circular locking dependency detected\n6.7.0-rc4_net_next_mlx5_5483eb2 #1 Tainted: G I\n------------------------------------------------------\nethtool/386089 is trying to acquire lock:\nffff88810f21ce68 ((work_completion)(&rule->arfs_work)){+.+.}-{0:0}, at: __flush_work+0x74/0x4e0\n\nbut task is already holding lock:\nffff8884a1808cc0 (&priv->state_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-> #1 (&priv->state_lock){+.+.}-{3:3}:\n __mutex_lock+0x80/0xc90\n arfs_handle_work+0x4b/0x3b0 [mlx5_core]\n process_one_work+0x1dc/0x4a0\n worker_thread+0x1bf/0x3c0\n kthread+0xd7/0x100\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x11/0x20\n\n-> #0 ((work_completion)(&rule->arfs_work)){+.+.}-{0:0}:\n __lock_acquire+0x17b4/0x2c80\n lock_acquire+0xd0/0x2b0\n __flush_work+0x7a/0x4e0\n __cancel_work_timer+0x131/0x1c0\n arfs_del_rules+0x143/0x1e0 [mlx5_core]\n mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\n mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\n ethnl_set_channels+0x28f/0x3b0\n ethnl_default_set_doit+0xec/0x240\n genl_family_rcv_msg_doit+0xd0/0x120\n genl_rcv_msg+0x188/0x2c0\n netlink_rcv_skb+0x54/0x100\n genl_rcv+0x24/0x40\n netlink_unicast+0x1a1/0x270\n netlink_sendmsg+0x214/0x460\n __sock_sendmsg+0x38/0x60\n __sys_sendto+0x113/0x170\n __x64_sys_sendto+0x20/0x30\n do_syscall_64+0x40/0xe0\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(&priv->state_lock);\n lock((work_completion)(&rule->arfs_work));\n lock(&priv->state_lock);\n lock((work_completion)(&rule->arfs_work));\n\n *** DEADLOCK ***\n\n3 locks held by ethtool/386089:\n #0: ffffffff82ea7210 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40\n #1: ffffffff82e94c88 (rtnl_mutex){+.+.}-{3:3}, at: ethnl_default_set_doit+0xd3/0x240\n #2: ffff8884a1808cc0 (&priv->state_lock){+.+.}-{3:3}, at: mlx5e_ethtool_set_channels+0x53/0x200 [mlx5_core]\n\nstack backtrace:\nCPU: 15 PID: 386089 Comm: ethtool Tainted: G I 6.7.0-rc4_net_next_mlx5_5483eb2 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nCall Trace:\n <TASK>\n dump_stack_lvl+0x60/0xa0\n check_noncircular+0x144/0x160\n __lock_acquire+0x17b4/0x2c80\n lock_acquire+0xd0/0x2b0\n ? __flush_work+0x74/0x4e0\n ? save_trace+0x3e/0x360\n ? __flush_work+0x74/0x4e0\n __flush_work+0x7a/0x4e0\n ? __flush_work+0x74/0x4e0\n ? __lock_acquire+0xa78/0x2c80\n ? lock_acquire+0xd0/0x2b0\n ? mark_held_locks+0x49/0x70\n __cancel_work_timer+0x131/0x1c0\n ? mark_held_locks+0x49/0x70\n arfs_del_rules+0x143/0x1e0 [mlx5_core]\n mlx5e_arfs_disable+0x1b/0x30 [mlx5_core]\n mlx5e_ethtool_set_channels+0xcb/0x200 [mlx5_core]\n ethnl_set_channels+0x28f/0x3b0\n ethnl_default_set_doit+0xec/0x240\n genl_family_rcv_msg_doit+0xd0/0x120\n genl_rcv_msg+0x188/0x2c0\n ? ethn\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-27014 was patched at 2024-06-05

debian: CVE-2024-27014 was patched at 2024-05-06, 2024-05-15

oraclelinux: CVE-2024-27014 was patched at 2024-06-05

redhat: CVE-2024-27014 was patched at 2024-06-05

9223. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27015) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: incorrect pppoe tuple\n\npppoe traffic reaching ingress path does not match the flowtable entry\nbecause the pppoe header is expected to be at the network header offset.\nThis bug causes a mismatch in the flow table lookup, so pppoe packets\nenter the classical forwarding path.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27015 was patched at 2024-05-06, 2024-05-15

9224. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27016) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: validate pppoe header\n\nEnsure there is sufficient room to access the protocol field of the\nPPPoe header. Validate it once before the flowtable lookup, then use a\nhelper function to access protocol field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27016 was patched at 2024-05-06, 2024-05-15

9225. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27018) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: br_netfilter: skip conntrack input hook for promisc packets\n\nFor historical reasons, when bridge device is in promisc mode, packets\nthat are directed to the taps follow bridge input hook path. This patch\nadds a workaround to reset conntrack for these packets.\n\nJianbo Liu reports warning splats in their test infrastructure where\ncloned packets reach the br_netfilter input hook to confirm the\nconntrack object.\n\nScratch one bit from BR_INPUT_SKB_CB to annotate that this packet has\nreached the input hook because it is passed up to the bridge device to\nreach the taps.\n\n[ 57.571874] WARNING: CPU: 1 PID: 0 at net/bridge/br_netfilter_hooks.c:616 br_nf_local_in+0x157/0x180 [br_netfilter]\n[ 57.572749] Modules linked in: xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat xt_addrtype xt_conntrack nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_isc si ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5ctl mlx5_core\n[ 57.575158] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0+ #19\n[ 57.575700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 57.576662] RIP: 0010:br_nf_local_in+0x157/0x180 [br_netfilter]\n[ 57.577195] Code: fe ff ff 41 bd 04 00 00 00 be 04 00 00 00 e9 4a ff ff ff be 04 00 00 00 48 89 ef e8 f3 a9 3c e1 66 83 ad b4 00 00 00 04 eb 91 <0f> 0b e9 f1 fe ff ff 0f 0b e9 df fe ff ff 48 89 df e8 b3 53 47 e1\n[ 57.578722] RSP: 0018:ffff88885f845a08 EFLAGS: 00010202\n[ 57.579207] RAX: 0000000000000002 RBX: ffff88812dfe8000 RCX: 0000000000000000\n[ 57.579830] RDX: ffff88885f845a60 RSI: ffff8881022dc300 RDI: 0000000000000000\n[ 57.580454] RBP: ffff88885f845a60 R08: 0000000000000001 R09: 0000000000000003\n[ 57.581076] R10: 00000000ffff1300 R11: 0000000000000002 R12: 0000000000000000\n[ 57.581695] R13: ffff8881047ffe00 R14: ffff888108dbee00 R15: ffff88814519b800\n[ 57.582313] FS: 0000000000000000(0000) GS:ffff88885f840000(0000) knlGS:0000000000000000\n[ 57.583040] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 57.583564] CR2: 000000c4206aa000 CR3: 0000000103847001 CR4: 0000000000370eb0\n[ 57.584194] DR0: 0000000000000000 DR1: 0000000000000000 DR2:\n0000000000000000\n[ 57.584820] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:\n0000000000000400\n[ 57.585440] Call Trace:\n[ 57.585721] <IRQ>\n[ 57.585976] ? __warn+0x7d/0x130\n[ 57.586323] ? br_nf_local_in+0x157/0x180 [br_netfilter]\n[ 57.586811] ? report_bug+0xf1/0x1c0\n[ 57.587177] ? handle_bug+0x3f/0x70\n[ 57.587539] ? exc_invalid_op+0x13/0x60\n[ 57.587929] ? asm_exc_invalid_op+0x16/0x20\n[ 57.588336] ? br_nf_local_in+0x157/0x180 [br_netfilter]\n[ 57.588825] nf_hook_slow+0x3d/0xd0\n[ 57.589188] ? br_handle_vlan+0x4b/0x110\n[ 57.589579] br_pass_frame_up+0xfc/0x150\n[ 57.589970] ? br_port_flags_change+0x40/0x40\n[ 57.590396] br_handle_frame_finish+0x346/0x5e0\n[ 57.590837] ? ipt_do_table+0x32e/0x430\n[ 57.591221] ? br_handle_local_finish+0x20/0x20\n[ 57.591656] br_nf_hook_thresh+0x4b/0xf0 [br_netfilter]\n[ 57.592286] ? br_handle_local_finish+0x20/0x20\n[ 57.592802] br_nf_pre_routing_finish+0x178/0x480 [br_netfilter]\n[ 57.593348] ? br_handle_local_finish+0x20/0x20\n[ 57.593782] ? nf_nat_ipv4_pre_routing+0x25/0x60 [nf_nat]\n[ 57.594279] br_nf_pre_routing+0x24c/0x550 [br_netfilter]\n[ 57.594780] ? br_nf_hook_thresh+0xf0/0xf0 [br_netfilter]\n[ 57.595280] br_handle_frame+0x1f3/0x3d0\n[ 57.595676] ? br_handle_local_finish+0x20/0x20\n[ 57.596118] ? br_handle_frame_finish+0x5e0/0x5e0\n[ 57.596566] __netif_receive_skb_core+0x25b/0xfc0\n[ 57.597017] ? __napi_build_skb+0x37/0x40\n[ 57.597418] __netif_receive_skb_list_core+0xfb/0x220', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27018 was patched at 2024-05-06, 2024-05-15

9226. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27019) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()\n\nnft_unregister_obj() can concurrent with __nft_obj_type_get(),\nand there is not any protection when iterate over nf_tables_objects\nlist in __nft_obj_type_get(). Therefore, there is potential data-race\nof nf_tables_objects list entry.\n\nUse list_for_each_entry_rcu() to iterate over nf_tables_objects\nlist in __nft_obj_type_get(), and use rcu_read_lock() in the caller\nnft_obj_type_get() to protect the entire type query process.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27019 was patched at 2024-05-06, 2024-05-15

9227. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27020) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()\n\nnft_unregister_expr() can concurrent with __nft_expr_type_get(),\nand there is not any protection when iterate over nf_tables_expressions\nlist in __nft_expr_type_get(). Therefore, there is potential data-race\nof nf_tables_expressions list entry.\n\nUse list_for_each_entry_rcu() to iterate over nf_tables_expressions\nlist in __nft_expr_type_get(), and use rcu_read_lock() in the caller\nnft_expr_type_get() to protect the entire type query process.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27020 was patched at 2024-05-06, 2024-05-15

9228. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27022) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nfork: defer linking file vma until vma is fully initialized\n\nThorvald reported a WARNING [1]. And the root cause is below race:\n\n CPU 1\t\t\t\t\tCPU 2\n fork\t\t\t\t\thugetlbfs_fallocate\n dup_mmap\t\t\t\t hugetlbfs_punch_hole\n i_mmap_lock_write(mapping);\n vma_interval_tree_insert_after -- Child vma is visible through i_mmap tree.\n i_mmap_unlock_write(mapping);\n hugetlb_dup_vma_private -- Clear vma_lock outside i_mmap_rwsem!\n\t\t\t\t\t i_mmap_lock_write(mapping);\n \t\t\t\t\t hugetlb_vmdelete_list\n\t\t\t\t\t vma_interval_tree_foreach\n\t\t\t\t\t hugetlb_vma_trylock_write -- Vma_lock is cleared.\n tmp->vm_ops->open -- Alloc new vma_lock outside i_mmap_rwsem!\n\t\t\t\t\t hugetlb_vma_unlock_write -- Vma_lock is assigned!!!\n\t\t\t\t\t i_mmap_unlock_write(mapping);\n\nhugetlb_dup_vma_private() and hugetlb_vm_op_open() are called outside\ni_mmap_rwsem lock while vma lock can be used in the same time. Fix this\nby deferring linking file vma until vma is fully initialized. Those vmas\nshould be initialized first before they can be used.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27022 was patched at 2024-05-06, 2024-05-15

9229. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27023) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Fix missing release of 'active_io' for flush\n\nsubmit_flushes\n atomic_set(&mddev->flush_pending, 1);\n rdev_for_each_rcu(rdev, mddev)\n atomic_inc(&mddev->flush_pending);\n bi->bi_end_io = md_end_flush\n submit_bio(bi);\n /* flush io is done first */\n md_end_flush\n if (atomic_dec_and_test(&mddev->flush_pending))\n percpu_ref_put(&mddev->active_io)\n -> active_io is not released\n\n if (atomic_dec_and_test(&mddev->flush_pending))\n -> missing release of active_io\n\nFor consequence, mddev_suspend() will wait for 'active_io' to be zero\nforever.\n\nFix this problem by releasing 'active_io' in submit_flushes() if\n'flush_pending' is decreased to zero.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27023 was patched at 2024-05-15

9230. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27024) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: fix WARNING in rds_conn_connect_if_down\n\nIf connection isn't established yet, get_mr() will fail, trigger connection after\nget_mr().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27024 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-27024 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9231. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27025) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: null check for nla_nest_start\n\nnla_nest_start() may fail and return NULL. Insert a check and set errno\nbased on other call sites within the same source code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27025 was patched at 2024-05-06, 2024-05-15

9232. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27032) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid potential panic during recovery\n\nDuring recovery, if FAULT_BLOCK is on, it is possible that\nf2fs_reserve_new_block() will return -ENOSPC during recovery,\nthen it may trigger panic.\n\nAlso, if fault injection rate is 1 and only FAULT_BLOCK fault\ntype is on, it may encounter deadloop in loop of block reservation.\n\nLet's change as below to fix these issues:\n- remove bug_on() to avoid panic.\n- limit the loop count of block reservation to avoid potential\ndeadloop.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27032 was patched at 2024-05-15

ubuntu: CVE-2024-27032 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9233. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27034) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: compress: fix to cover normal cluster write with cp_rwsem\n\nWhen we overwrite compressed cluster w/ normal cluster, we should\nnot unlock cp_rwsem during f2fs_write_raw_pages(), otherwise data\nwill be corrupted if partial blocks were persisted before CP & SPOR,\ndue to cluster metadata wasn't updated atomically.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27034 was patched at 2024-05-15

ubuntu: CVE-2024-27034 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9234. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27035) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: compress: fix to guarantee persisting compressed blocks by CP\n\nIf data block in compressed cluster is not persisted with metadata\nduring checkpoint, after SPOR, the data may be corrupted, let's\nguarantee to write compressed page by checkpoint.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27035 was patched at 2024-05-15

ubuntu: CVE-2024-27035 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9235. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27037) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nclk: zynq: Prevent null pointer dereference caused by kmalloc failure\n\nThe kmalloc() in zynq_clk_setup() will return null if the\nphysical memory has run out. As a result, if we use snprintf()\nto write data to the null address, the null pointer dereference\nbug will happen.\n\nThis patch uses a stack variable to replace the kmalloc().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27037 was patched at 2024-05-15

ubuntu: CVE-2024-27037 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9236. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27038) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nclk: Fix clk_core_get NULL dereference\n\nIt is possible for clk_core_get to dereference a NULL in the following\nsequence:\n\nclk_core_get()\n of_clk_get_hw_from_clkspec()\n __of_clk_get_hw_from_provider()\n __clk_get_hw()\n\n__clk_get_hw() can return NULL which is dereferenced by clk_core_get() at\nhw->core.\n\nPrior to commit dde4eff47c82 ("clk: Look for parents with clkdev based\nclk_lookups") the check IS_ERR_OR_NULL() was performed which would have\ncaught the NULL.\n\nReading the description of this function it talks about returning NULL but\nthat cannot be so at the moment.\n\nUpdate the function to check for hw before dereferencing it and return NULL\nif hw is NULL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27038 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-27038 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9237. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27039) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nclk: hisilicon: hi3559a: Fix an erroneous devm_kfree()\n\n'p_clk' is an array allocated just before the for loop for all clk that\nneed to be registered.\nIt is incremented at each loop iteration.\n\nIf a clk_register() call fails, 'p_clk' may point to something different\nfrom what should be freed.\n\nThe best we can do, is to avoid this wrong release of memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27039 was patched at 2024-05-15

ubuntu: CVE-2024-27039 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9238. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27041) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()\n\nSince 'adev->dm.dc' in amdgpu_dm_fini() might turn out to be NULL\nbefore the call to dc_enable_dmub_notifications(), check\nbeforehand to ensure there will not be a possible NULL-ptr-deref\nthere.\n\nAlso, since commit 1e88eb1b2c25 ("drm/amd/display: Drop\nCONFIG_DRM_AMD_DC_HDCP") there are two separate checks for NULL in\n'adev->dm.dc' before dc_deinit_callbacks() and dc_dmub_srv_destroy().\nClean up by combining them all under one 'if'.\n\nFound by Linux Verification Center (linuxtesting.org) with static\nanalysis tool SVACE.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27041 was patched at 2024-05-15

ubuntu: CVE-2024-27041 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9239. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27042) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()'\n\nThe issue arises when the array 'adev->vcn.vcn_config' is accessed\nbefore checking if the index 'adev->vcn.num_vcn_inst' is within the\nbounds of the array.\n\nThe fix involves moving the bounds check before the array access. This\nensures that 'adev->vcn.num_vcn_inst' is within the bounds of the array\nbefore it is used as an index.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c:1289 amdgpu_discovery_reg_base_init() error: testing array offset 'adev->vcn.num_vcn_inst' after use.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27042 was patched at 2024-05-15

ubuntu: CVE-2024-27042 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9240. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27044) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()'\n\nThe 'stream' pointer is used in dcn10_set_output_transfer_func() before\nthe check if 'stream' is NULL.\n\nFixes the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn10/dcn10_hwseq.c:1892 dcn10_set_output_transfer_func() warn: variable dereferenced before check 'stream' (see line 1875)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27044 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-27044 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9241. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27046) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnfp: flower: handle acti_netdevs allocation failure\n\nThe kmalloc_array() in nfp_fl_lag_do_work() will return null, if\nthe physical memory has run out. As a result, if we dereference\nthe acti_netdevs, the null pointer dereference bugs will happen.\n\nThis patch adds a check to judge whether allocation failure occurs.\nIf it happens, the delayed work will be rescheduled and try again.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27046 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-27046 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9242. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27047) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnet: phy: fix phy_get_internal_delay accessing an empty array\n\nThe phy_get_internal_delay function could try to access to an empty\narray in the case that the driver is calling phy_get_internal_delay\nwithout defining delay_values and rx-internal-delay-ps or\ntx-internal-delay-ps is defined to 0 in the device-tree.\nThis will lead to "unable to handle kernel NULL pointer dereference at\nvirtual address 0". To avoid this kernel oops, the test should be delay\n>= 0. As there is already delay < 0 test just before, the test could\nonly be size == 0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27047 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-27047 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9243. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27051) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ncpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value\n\ncpufreq_cpu_get may return NULL. To avoid NULL-dereference check it\nand return 0 in case of error.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27051 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-27051 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9244. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27053) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: fix RCU usage in connect path\n\nWith lockdep enabled, calls to the connect function from cfg802.11 layer\nlead to the following warning:\n\n=============================\nWARNING: suspicious RCU usage\n6.7.0-rc1-wt+ #333 Not tainted\n-----------------------------\ndrivers/net/wireless/microchip/wilc1000/hif.c:386\nsuspicious rcu_dereference_check() usage!\n[...]\nstack backtrace:\nCPU: 0 PID: 100 Comm: wpa_supplicant Not tainted 6.7.0-rc1-wt+ #333\nHardware name: Atmel SAMA5\n unwind_backtrace from show_stack+0x18/0x1c\n show_stack from dump_stack_lvl+0x34/0x48\n dump_stack_lvl from wilc_parse_join_bss_param+0x7dc/0x7f4\n wilc_parse_join_bss_param from connect+0x2c4/0x648\n connect from cfg80211_connect+0x30c/0xb74\n cfg80211_connect from nl80211_connect+0x860/0xa94\n nl80211_connect from genl_rcv_msg+0x3fc/0x59c\n genl_rcv_msg from netlink_rcv_skb+0xd0/0x1f8\n netlink_rcv_skb from genl_rcv+0x2c/0x3c\n genl_rcv from netlink_unicast+0x3b0/0x550\n netlink_unicast from netlink_sendmsg+0x368/0x688\n netlink_sendmsg from ____sys_sendmsg+0x190/0x430\n ____sys_sendmsg from ___sys_sendmsg+0x110/0x158\n ___sys_sendmsg from sys_sendmsg+0xe8/0x150\n sys_sendmsg from ret_fast_syscall+0x0/0x1c\n\nThis warning is emitted because in the connect path, when trying to parse\ntarget BSS parameters, we dereference a RCU pointer whithout being in RCU\ncritical section.\nFix RCU dereference usage by moving it to a RCU read critical section. To\navoid wrapping the whole wilc_parse_join_bss_param under the critical\nsection, just use the critical section to copy ies data', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27053 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-27053 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9245. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27054) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\ns390/dasd: fix double module refcount decrement\n\nOnce the discipline is associated with the device, deleting the device\ntakes care of decrementing the module's refcount. Doing it manually on\nthis error path causes refcount to artificially decrease on each error\nwhile it should just stay the same.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27054 was patched at 2024-05-15

ubuntu: CVE-2024-27054 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9246. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27056) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: ensure offloading TID queue exists\n\nThe resume code path assumes that the TX queue for the offloading TID\nhas been configured. At resume time it then tries to sync the write\npointer as it may have been updated by the firmware.\n\nIn the unusual event that no packets have been send on TID 0, the queue\nwill not have been allocated and this causes a crash. Fix this by\nensuring the queue exist at suspend time.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-27056 was patched at 2024-06-05

debian: CVE-2024-27056 was patched at 2024-05-15

oraclelinux: CVE-2024-27056 was patched at 2024-06-05

redhat: CVE-2024-27056 was patched at 2024-06-05

9247. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27057) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend\n\nWhen the system is suspended while audio is active, the\nsof_ipc4_pcm_hw_free() is invoked to reset the pipelines since during\nsuspend the DSP is turned off, streams will be re-started after resume.\n\nIf the firmware crashes during while audio is running (or when we reset\nthe stream before suspend) then the sof_ipc4_set_multi_pipeline_state()\nwill fail with IPC error and the state change is interrupted.\nThis will cause misalignment between the kernel and firmware state on next\nDSP boot resulting errors returned by firmware for IPC messages, eventually\nfailing the audio resume.\nOn stream close the errors are ignored so the kernel state will be\ncorrected on the next DSP boot, so the second boot after the DSP panic.\n\nIf sof_ipc4_trigger_pipelines() is called from sof_ipc4_pcm_hw_free() then\nstate parameter is SOF_IPC4_PIPE_RESET and only in this case.\n\nTreat a forced pipeline reset similarly to how we treat a pcm_free by\nignoring error on state sending to allow the kernel's state to be\nconsistent with the state the firmware will have after the next boot.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27057 was patched at 2024-05-15

9248. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27062) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau: lock the client object tree.\n\nIt appears the client object tree has no locking unless I've missed\nsomething else. Fix races around adding/removing client objects,\nmostly vram bar mappings.\n\n 4562.099306] general protection fault, probably for non-canonical address 0x6677ed422bceb80c: 0000 [#1] PREEMPT SMP PTI\n[ 4562.099314] CPU: 2 PID: 23171 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27\n[ 4562.099324] Hardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS PRO WIFI/Z390 I AORUS PRO WIFI-CF, BIOS F8 11/05/2021\n[ 4562.099330] RIP: 0010:nvkm_object_search+0x1d/0x70 [nouveau]\n[ 4562.099503] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 48 89 f8 48 85 f6 74 39 48 8b 87 a0 00 00 00 48 85 c0 74 12 <48> 8b 48 f8 48 39 ce 73 15 48 8b 40 10 48 85 c0 75 ee 48 c7 c0 fe\n[ 4562.099506] RSP: 0000:ffffa94cc420bbf8 EFLAGS: 00010206\n[ 4562.099512] RAX: 6677ed422bceb814 RBX: ffff98108791f400 RCX: ffff9810f26b8f58\n[ 4562.099517] RDX: 0000000000000000 RSI: ffff9810f26b9158 RDI: ffff98108791f400\n[ 4562.099519] RBP: ffff9810f26b9158 R08: 0000000000000000 R09: 0000000000000000\n[ 4562.099521] R10: ffffa94cc420bc48 R11: 0000000000000001 R12: ffff9810f02a7cc0\n[ 4562.099526] R13: 0000000000000000 R14: 00000000000000ff R15: 0000000000000007\n[ 4562.099528] FS: 00007f629c5017c0(0000) GS:ffff98142c700000(0000) knlGS:0000000000000000\n[ 4562.099534] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4562.099536] CR2: 00007f629a882000 CR3: 000000017019e004 CR4: 00000000003706f0\n[ 4562.099541] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4562.099542] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 4562.099544] Call Trace:\n[ 4562.099555] <TASK>\n[ 4562.099573] ? die_addr+0x36/0x90\n[ 4562.099583] ? exc_general_protection+0x246/0x4a0\n[ 4562.099593] ? asm_exc_general_protection+0x26/0x30\n[ 4562.099600] ? nvkm_object_search+0x1d/0x70 [nouveau]\n[ 4562.099730] nvkm_ioctl+0xa1/0x250 [nouveau]\n[ 4562.099861] nvif_object_map_handle+0xc8/0x180 [nouveau]\n[ 4562.099986] nouveau_ttm_io_mem_reserve+0x122/0x270 [nouveau]\n[ 4562.100156] ? dma_resv_test_signaled+0x26/0xb0\n[ 4562.100163] ttm_bo_vm_fault_reserved+0x97/0x3c0 [ttm]\n[ 4562.100182] ? __mutex_unlock_slowpath+0x2a/0x270\n[ 4562.100189] nouveau_ttm_fault+0x69/0xb0 [nouveau]\n[ 4562.100356] __do_fault+0x32/0x150\n[ 4562.100362] do_fault+0x7c/0x560\n[ 4562.100369] __handle_mm_fault+0x800/0xc10\n[ 4562.100382] handle_mm_fault+0x17c/0x3e0\n[ 4562.100388] do_user_addr_fault+0x208/0x860\n[ 4562.100395] exc_page_fault+0x7f/0x200\n[ 4562.100402] asm_exc_page_fault+0x26/0x30\n[ 4562.100412] RIP: 0033:0x9b9870\n[ 4562.100419] Code: 85 a8 f7 ff ff 8b 8d 80 f7 ff ff 89 08 e9 18 f2 ff ff 0f 1f 84 00 00 00 00 00 44 89 32 e9 90 fa ff ff 0f 1f 84 00 00 00 00 00 <44> 89 32 e9 f8 f1 ff ff 0f 1f 84 00 00 00 00 00 66 44 89 32 e9 e7\n[ 4562.100422] RSP: 002b:00007fff9ba2dc70 EFLAGS: 00010246\n[ 4562.100426] RAX: 0000000000000004 RBX: 000000000dd65e10 RCX: 000000fff0000000\n[ 4562.100428] RDX: 00007f629a882000 RSI: 00007f629a882000 RDI: 0000000000000066\n[ 4562.100432] RBP: 00007fff9ba2e570 R08: 0000000000000000 R09: 0000000123ddf000\n[ 4562.100434] R10: 0000000000000001 R11: 0000000000000246 R12: 000000007fffffff\n[ 4562.100436] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[ 4562.100446] </TASK>\n[ 4562.100448] Modules linked in: nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink cmac bnep sunrpc iwlmvm intel_rapl_msr intel_rapl_common snd_sof_pci_intel_cnl x86_pkg_temp_thermal intel_powerclamp snd_sof_intel_hda_common mac80211 coretemp snd_soc_acpi_intel_match kvm_intel snd_soc_acpi snd_soc_hdac_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof_intel_hda_mlink \n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27062 was patched at 2024-05-15

9249. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27065) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: do not compare internal table flags on updates\n\nRestore skipping transaction if table update does not modify flags.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27065 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-27065 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9250. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27072) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: usbtv: Remove useless locks in usbtv_video_free()\n\nRemove locks calls in usbtv_video_free() because\nare useless and may led to a deadlock as reported here:\nhttps://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000\nAlso remove usbtv_stop() call since it will be called when\nunregistering the device.\n\nBefore 'c838530d230b' this issue would only be noticed if you\ndisconnect while streaming and now it is noticeable even when\ndisconnecting while not streaming.\n\n\n[hverkuil: fix minor spelling mistake in log message]', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27072 was patched at 2024-05-15

ubuntu: CVE-2024-27072 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9251. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27073) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: ttpci: fix two memleaks in budget_av_attach\n\nWhen saa7146_register_device and saa7146_vv_init fails, budget_av_attach\nshould free the resources it allocates, like the error-handling of\nttpci_budget_init does. Besides, there are two fixme comment refers to\nsuch deallocations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27073 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-27073 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9252. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27074) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: go7007: fix a memleak in go7007_load_encoder\n\nIn go7007_load_encoder, bounce(i.e. go->boot_fw), is allocated without\na deallocation thereafter. After the following call chain:\n\nsaa7134_go7007_init\n |-> go7007_boot_encoder\n |-> go7007_load_encoder\n |-> kfree(go)\n\ngo is freed and thus bounce is leaked.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27074 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-27074 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9253. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27075) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-frontends: avoid stack overflow warnings with clang\n\nA previous patch worked around a KASAN issue in stv0367, now a similar\nproblem showed up with clang:\n\ndrivers/media/dvb-frontends/stv0367.c:1222:12: error: stack frame size (3624) exceeds limit (2048) in 'stv0367ter_set_frontend' [-Werror,-Wframe-larger-than]\n 1214 | static int stv0367ter_set_frontend(struct dvb_frontend *fe)\n\nRework the stv0367_writereg() function to be simpler and mark both\nregister access functions as noinline_for_stack so the temporary\ni2c_msg structures do not get duplicated on the stack when KASAN_STACK\nis enabled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27075 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-27075 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9254. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27077) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity\n\nThe entity->name (i.e. name) is allocated in v4l2_m2m_register_entity\nbut isn't freed in its following error-handling paths. This patch\nadds such deallocation to prevent memleak of entity->name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27077 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-27077 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9255. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27078) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-tpg: fix some memleaks in tpg_alloc\n\nIn tpg_alloc, resources should be deallocated in each and every\nerror-handling paths, since they are allocated in for statements.\nOtherwise there would be memleaks because tpg_free is called only when\ntpg_alloc return 0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27078 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-27078 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9256. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27388) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: fix some memleaks in gssx_dec_option_array\n\nThe creds and oa->data need to be freed in the error-handling paths after\ntheir allocation. So this patch add these deallocations in the\ncorresponding paths.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27388 was patched at 2024-05-06, 2024-05-15

ubuntu: CVE-2024-27388 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9257. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27390) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()\n\nAs discussed in the past (commit 2d3916f31891 ("ipv6: fix skb drops\nin igmp6_event_query() and igmp6_event_report()")) I think the\nsynchronize_net() call in ipv6_mc_down() is not needed.\n\nUnder load, synchronize_net() can last between 200 usec and 5 ms.\n\nKASAN seems to agree as well.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27390 was patched at 2024-05-15

ubuntu: CVE-2024-27390 was patched at 2024-06-07, 2024-06-10, 2024-06-11, 2024-06-14

9258. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27391) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: wilc1000: do not realloc workqueue everytime an interface is added\n\nCommit 09ed8bfc5215 ("wilc1000: Rename workqueue from "WILC_wq" to\n"NETDEV-wq"") moved workqueue creation in wilc_netdev_ifc_init in order to\nset the interface name in the workqueue name. However, while the driver\nneeds only one workqueue, the wilc_netdev_ifc_init is called each time we\nadd an interface over a phy, which in turns overwrite the workqueue with a\nnew one. This can be observed with the following commands:\n\nfor i in $(seq 0 10)\ndo\n iw phy phy0 interface add wlan1 type managed\n iw dev wlan1 del\ndone\nps -eo pid,comm|grep wlan\n\n 39 kworker/R-wlan0\n 98 kworker/R-wlan1\n102 kworker/R-wlan1\n105 kworker/R-wlan1\n108 kworker/R-wlan1\n111 kworker/R-wlan1\n114 kworker/R-wlan1\n117 kworker/R-wlan1\n120 kworker/R-wlan1\n123 kworker/R-wlan1\n126 kworker/R-wlan1\n129 kworker/R-wlan1\n\nFix this leakage by putting back hif_workqueue allocation in\nwilc_cfg80211_init. Regarding the workqueue name, it is indeed relevant to\nset it lowercase, however it is not attached to a specific netdev, so\nenforcing netdev name in the name is not so relevant. Still, enrich the\nname with the wiphy name to make it clear which phy is using the workqueue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27391 was patched at 2024-05-15

ubuntu: CVE-2024-27391 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9259. Unknown Vulnerability Type - Linux Kernel (CVE-2024-27397) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: use timestamp to check for set element timeout\n\nAdd a timestamp field at the beginning of the transaction, store it\nin the nftables per-netns area.\n\nUpdate set backend .insert, .deactivate and sync gc path to use the\ntimestamp, this avoids that an element expires while control plane\ntransaction is still unfinished.\n\n.lookup and .update, which are used from packet path, still use the\ncurrent time to check if the element has expired. And .get path and dump\nalso since this runs lockless under rcu read size lock. Then, there is\nasync gc which also needs to check the current time since it runs\nasynchronously from a workqueue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914The Linux kernel is a free and open-source, monolithic, modular, multitasking, Unix-like operating system kernel
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27397 was patched at 2024-05-15

9260. Unknown Vulnerability Type - Windows Encrypting File System (CVE-2021-46981) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: Fix NULL pointer in flush_workqueue\n\nOpen /dev/nbdX first, the config_refs will be 1 and\nthe pointers in nbd_device are still null. Disconnect\n/dev/nbdX, then reference a null recv_workq. The\nprotection by config_refs in nbd_genl_disconnect is useless.\n\n[ 656.366194] BUG: kernel NULL pointer dereference, address: 0000000000000020\n[ 656.368943] #PF: supervisor write access in kernel mode\n[ 656.369844] #PF: error_code(0x0002) - not-present page\n[ 656.370717] PGD 10cc87067 P4D 10cc87067 PUD 1074b4067 PMD 0\n[ 656.371693] Oops: 0002 [#1] SMP\n[ 656.372242] CPU: 5 PID: 7977 Comm: nbd-client Not tainted 5.11.0-rc5-00040-g76c057c84d28 #1\n[ 656.373661] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014\n[ 656.375904] RIP: 0010:mutex_lock+0x29/0x60\n[ 656.376627] Code: 00 0f 1f 44 00 00 55 48 89 fd 48 83 05 6f d7 fe 08 01 e8 7a c3 ff ff 48 83 05 6a d7 fe 08 01 31 c0 65 48 8b 14 25 00 6d 01 00 <f0> 48 0f b1 55 d\n[ 656.378934] RSP: 0018:ffffc900005eb9b0 EFLAGS: 00010246\n[ 656.379350] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000\n[ 656.379915] RDX: ffff888104cf2600 RSI: ffffffffaae8f452 RDI: 0000000000000020\n[ 656.380473] RBP: 0000000000000020 R08: 0000000000000000 R09: ffff88813bd6b318\n[ 656.381039] R10: 00000000000000c7 R11: fefefefefefefeff R12: ffff888102710b40\n[ 656.381599] R13: ffffc900005eb9e0 R14: ffffffffb2930680 R15: ffff88810770ef00\n[ 656.382166] FS: 00007fdf117ebb40(0000) GS:ffff88813bd40000(0000) knlGS:0000000000000000\n[ 656.382806] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 656.383261] CR2: 0000000000000020 CR3: 0000000100c84000 CR4: 00000000000006e0\n[ 656.383819] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 656.384370] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 656.384927] Call Trace:\n[ 656.385111] flush_workqueue+0x92/0x6c0\n[ 656.385395] nbd_disconnect_and_put+0x81/0xd0\n[ 656.385716] nbd_genl_disconnect+0x125/0x2a0\n[ 656.386034] genl_family_rcv_msg_doit.isra.0+0x102/0x1b0\n[ 656.386422] genl_rcv_msg+0xfc/0x2b0\n[ 656.386685] ? nbd_ioctl+0x490/0x490\n[ 656.386954] ? genl_family_rcv_msg_doit.isra.0+0x1b0/0x1b0\n[ 656.387354] netlink_rcv_skb+0x62/0x180\n[ 656.387638] genl_rcv+0x34/0x60\n[ 656.387874] netlink_unicast+0x26d/0x590\n[ 656.388162] netlink_sendmsg+0x398/0x6c0\n[ 656.388451] ? netlink_rcv_skb+0x180/0x180\n[ 656.388750] ____sys_sendmsg+0x1da/0x320\n[ 656.389038] ? ____sys_recvmsg+0x130/0x220\n[ 656.389334] ___sys_sendmsg+0x8e/0xf0\n[ 656.389605] ? ___sys_recvmsg+0xa2/0xf0\n[ 656.389889] ? handle_mm_fault+0x1671/0x21d0\n[ 656.390201] __sys_sendmsg+0x6d/0xe0\n[ 656.390464] __x64_sys_sendmsg+0x23/0x30\n[ 656.390751] do_syscall_64+0x45/0x70\n[ 656.391017] entry_SYSCALL_64_after_hwframe+0x44/0xa9\n\nTo fix it, just add if (nbd->recv_workq) to nbd_disconnect_and_put().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46981 was patched at 2024-05-15

ubuntu: CVE-2021-46981 was patched at 2024-05-16, 2024-05-20, 2024-05-21, 2024-05-23

9261. Unknown Vulnerability Type - Windows Encrypting File System (CVE-2021-47124) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: fix link timeout refs\n\nWARNING: CPU: 0 PID: 10242 at lib/refcount.c:28 refcount_warn_saturate+0x15b/0x1a0 lib/refcount.c:28\nRIP: 0010:refcount_warn_saturate+0x15b/0x1a0 lib/refcount.c:28\nCall Trace:\n __refcount_sub_and_test include/linux/refcount.h:283 [inline]\n __refcount_dec_and_test include/linux/refcount.h:315 [inline]\n refcount_dec_and_test include/linux/refcount.h:333 [inline]\n io_put_req fs/io_uring.c:2140 [inline]\n io_queue_linked_timeout fs/io_uring.c:6300 [inline]\n __io_queue_sqe+0xbef/0xec0 fs/io_uring.c:6354\n io_submit_sqe fs/io_uring.c:6534 [inline]\n io_submit_sqes+0x2bbd/0x7c50 fs/io_uring.c:6660\n __do_sys_io_uring_enter fs/io_uring.c:9240 [inline]\n __se_sys_io_uring_enter+0x256/0x1d60 fs/io_uring.c:9182\n\nio_link_timeout_fn() should put only one reference of the linked timeout\nrequest, however in case of racing with the master request's completion\nfirst io_req_complete() puts one and then io_put_req_deferred() is\ncalled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47124 was patched at 2024-05-15

9262. Unknown Vulnerability Type - Windows Encrypting File System (CVE-2024-26658) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\nbcachefs: grab s_umount only if snapshotting\n\nWhen I was testing mongodb over bcachefs with compression,\nthere is a lockdep warning when snapshotting mongodb data volume.\n\n$ cat test.sh\nprog=bcachefs\n\n$prog subvolume create /mnt/data\n$prog subvolume create /mnt/data/snapshots\n\nwhile true;do\n $prog subvolume snapshot /mnt/data /mnt/data/snapshots/$(date +%s)\n sleep 1s\ndone\n\n$ cat /etc/mongodb.conf\nsystemLog:\n destination: file\n logAppend: true\n path: /mnt/data/mongod.log\n\nstorage:\n dbPath: /mnt/data/\n\nlockdep reports:\n[ 3437.452330] ======================================================\n[ 3437.452750] WARNING: possible circular locking dependency detected\n[ 3437.453168] 6.7.0-rc7-custom+ #85 Tainted: G E\n[ 3437.453562] ------------------------------------------------------\n[ 3437.453981] bcachefs/35533 is trying to acquire lock:\n[ 3437.454325] ffffa0a02b2b1418 (sb_writers#10){.+.+}-{0:0}, at: filename_create+0x62/0x190\n[ 3437.454875]\n but task is already holding lock:\n[ 3437.455268] ffffa0a02b2b10e0 (&type->s_umount_key#48){.+.+}-{3:3}, at: bch2_fs_file_ioctl+0x232/0xc90 [bcachefs]\n[ 3437.456009]\n which lock already depends on the new lock.\n\n[ 3437.456553]\n the existing dependency chain (in reverse order) is:\n[ 3437.457054]\n -> #3 (&type->s_umount_key#48){.+.+}-{3:3}:\n[ 3437.457507] down_read+0x3e/0x170\n[ 3437.457772] bch2_fs_file_ioctl+0x232/0xc90 [bcachefs]\n[ 3437.458206] __x64_sys_ioctl+0x93/0xd0\n[ 3437.458498] do_syscall_64+0x42/0xf0\n[ 3437.458779] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 3437.459155]\n -> #2 (&c->snapshot_create_lock){++++}-{3:3}:\n[ 3437.459615] down_read+0x3e/0x170\n[ 3437.459878] bch2_truncate+0x82/0x110 [bcachefs]\n[ 3437.460276] bchfs_truncate+0x254/0x3c0 [bcachefs]\n[ 3437.460686] notify_change+0x1f1/0x4a0\n[ 3437.461283] do_truncate+0x7f/0xd0\n[ 3437.461555] path_openat+0xa57/0xce0\n[ 3437.461836] do_filp_open+0xb4/0x160\n[ 3437.462116] do_sys_openat2+0x91/0xc0\n[ 3437.462402] __x64_sys_openat+0x53/0xa0\n[ 3437.462701] do_syscall_64+0x42/0xf0\n[ 3437.462982] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 3437.463359]\n -> #1 (&sb->s_type->i_mutex_key#15){+.+.}-{3:3}:\n[ 3437.463843] down_write+0x3b/0xc0\n[ 3437.464223] bch2_write_iter+0x5b/0xcc0 [bcachefs]\n[ 3437.464493] vfs_write+0x21b/0x4c0\n[ 3437.464653] ksys_write+0x69/0xf0\n[ 3437.464839] do_syscall_64+0x42/0xf0\n[ 3437.465009] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 3437.465231]\n -> #0 (sb_writers#10){.+.+}-{0:0}:\n[ 3437.465471] __lock_acquire+0x1455/0x21b0\n[ 3437.465656] lock_acquire+0xc6/0x2b0\n[ 3437.465822] mnt_want_write+0x46/0x1a0\n[ 3437.465996] filename_create+0x62/0x190\n[ 3437.466175] user_path_create+0x2d/0x50\n[ 3437.466352] bch2_fs_file_ioctl+0x2ec/0xc90 [bcachefs]\n[ 3437.466617] __x64_sys_ioctl+0x93/0xd0\n[ 3437.466791] do_syscall_64+0x42/0xf0\n[ 3437.466957] entry_SYSCALL_64_after_hwframe+0x6e/0x76\n[ 3437.467180]\n other info that might help us debug this:\n\n[ 3437.469670] 2 locks held by bcachefs/35533:\n other info that might help us debug this:\n\n[ 3437.467507] Chain exists of:\n sb_writers#10 --> &c->snapshot_create_lock --> &type->s_umount_key#48\n\n[ 3437.467979] Possible unsafe locking scenario:\n\n[ 3437.468223] CPU0 CPU1\n[ 3437.468405] ---- ----\n[ 3437.468585] rlock(&type->s_umount_key#48);\n[ 3437.468758] lock(&c->snapshot_create_lock);\n[ 3437.469030] lock(&type->s_umount_key#48);\n[ 3437.469291] rlock(sb_writers#10);\n[ 3437.469434]\n *** DEADLOCK ***\n\n[ 3437.469\n---truncated---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26658 was patched at 2024-05-15

9263. Unknown Vulnerability Type - Windows Encrypting File System (CVE-2024-26923) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix garbage collector racing against connect()\n\nGarbage collector does not take into account the risk of embryo getting\nenqueued during the garbage collection. If such embryo has a peer that\ncarries SCM_RIGHTS, two consecutive passes of scan_children() may see a\ndifferent set of children. Leading to an incorrectly elevated inflight\ncount, and then a dangling pointer within the gc_inflight_list.\n\nsockets are AF_UNIX/SOCK_STREAM\nS is an unconnected socket\nL is a listening in-flight socket bound to addr, not in fdtable\nV's fd will be passed via sendmsg(), gets inflight count bumped\n\nconnect(S, addr)\tsendmsg(S, [V]); close(V)\t__unix_gc()\n----------------\t-------------------------\t-----------\n\nNS = unix_create1()\nskb1 = sock_wmalloc(NS)\nL = unix_find_other(addr)\nunix_state_lock(L)\nunix_peer(S) = NS\n\t\t\t// V count=1 inflight=0\n\n \t\t\tNS = unix_peer(S)\n \t\t\tskb2 = sock_alloc()\n\t\t\tskb_queue_tail(NS, skb2[V])\n\n\t\t\t// V became in-flight\n\t\t\t// V count=2 inflight=1\n\n\t\t\tclose(V)\n\n\t\t\t// V count=1 inflight=1\n\t\t\t// GC candidate condition met\n\n\t\t\t\t\t\tfor u in gc_inflight_list:\n\t\t\t\t\t\t if (total_refs == inflight_refs)\n\t\t\t\t\t\t add u to gc_candidates\n\n\t\t\t\t\t\t// gc_candidates={L, V}\n\n\t\t\t\t\t\tfor u in gc_candidates:\n\t\t\t\t\t\t scan_children(u, dec_inflight)\n\n\t\t\t\t\t\t// embryo (skb1) was not\n\t\t\t\t\t\t// reachable from L yet, so V's\n\t\t\t\t\t\t// inflight remains unchanged\n__skb_queue_tail(L, skb1)\nunix_state_unlock(L)\n\t\t\t\t\t\tfor u in gc_candidates:\n\t\t\t\t\t\t if (u.inflight)\n\t\t\t\t\t\t scan_children(u, inc_inflight_move_tail)\n\n\t\t\t\t\t\t// V count=1 inflight=2 (!)\n\nIf there is a GC-candidate listening socket, lock/unlock its state. This\nmakes GC wait until the end of any ongoing connect() to that socket. After\nflipping the lock, a possibly SCM-laden embryo is already enqueued. And if\nthere is another embryo coming, it can not possibly carry SCM_RIGHTS. At\nthis point, unix_inflight() can not happen because unix_gc_lock is already\ntaken. Inflight graph remains unaffected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26923 was patched at 2024-05-06, 2024-05-15

9264. Unknown Vulnerability Type - Windows Encrypting File System (CVE-2024-27389) - Low [150]

Description: {'vulners_cve_data_all': 'In the Linux kernel, the following vulnerability has been resolved:\n\npstore: inode: Only d_invalidate() is needed\n\nUnloading a modular pstore backend with records in pstorefs would\ntrigger the dput() double-drop warning:\n\n WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410\n\nUsing the combo of d_drop()/dput() (as mentioned in\nDocumentation/filesystems/vfs.rst) isn't the right approach here, and\nleads to the reference counting problem seen above. Use d_invalidate()\nand update the code to not bother checking for error codes that can\nnever happen.\n\n---', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.914Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27389 was patched at 2024-05-15

ubuntu: CVE-2024-27389 was patched at 2024-06-07, 2024-06-11, 2024-06-14

9265. Denial of Service - Unknown Product (CVE-2002-0871) - Low [148]

Description: {'vulners_cve_data_all': 'xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0871 was patched at 2024-05-15

9266. Denial of Service - Unknown Product (CVE-2002-1313) - Low [148]

Description: {'vulners_cve_data_all': 'nullmailer 1.00RC5 and earlier allows local users to cause a denial of service via an email to a local user that does not exist, which generates an error that causes nullmailer to stop sending mail to all users.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1313 was patched at 2024-05-15

9267. Denial of Service - Unknown Product (CVE-2002-1827) - Low [148]

Description: {'vulners_cve_data_all': 'Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1827 was patched at 2024-05-15

9268. Denial of Service - Unknown Product (CVE-2003-0858) - Low [148]

Description: {'vulners_cve_data_all': 'Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0858 was patched at 2024-05-15

9269. Denial of Service - Unknown Product (CVE-2003-1295) - Low [148]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-1295 was patched at 2024-05-15

9270. Denial of Service - Unknown Product (CVE-2004-0797) - Low [148]

Description: {'vulners_cve_data_all': 'The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0797 was patched at 2024-05-15

9271. Denial of Service - Unknown Product (CVE-2004-1204) - Low [148]

Description: {'vulners_cve_data_all': 'FluxBox 0.9.10 and earlier versions allows local users to cause a denial of service (application crash) by calling Xman with a long -title value, possibly triggering a buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1204 was patched at 2024-05-15

9272. Denial of Service - Unknown Product (CVE-2004-2410) - Low [148]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2.0.1 might allow attackers to cause a denial of service (null pointer dereference).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2410 was patched at 2024-05-15

9273. Denial of Service - Unknown Product (CVE-2005-2533) - Low [148]

Description: {'vulners_cve_data_all': 'OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2533 was patched at 2024-05-15

9274. Denial of Service - Unknown Product (CVE-2005-2656) - Low [148]

Description: {'vulners_cve_data_all': 'Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service (disk consumption) and possibly perform other unauthorized activities.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2656 was patched at 2024-05-15

9275. Denial of Service - Unknown Product (CVE-2006-1376) - Low [148]

Description: {'vulners_cve_data_all': 'The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1376 was patched at 2024-05-15

9276. Denial of Service - Unknown Product (CVE-2006-1526) - Low [148]

Description: {'vulners_cve_data_all': 'Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1526 was patched at 2024-05-15

9277. Denial of Service - Unknown Product (CVE-2006-2120) - Low [148]

Description: {'vulners_cve_data_all': 'The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2120 was patched at 2024-05-15

9278. Denial of Service - Unknown Product (CVE-2006-3815) - Low [148]

Description: {'vulners_cve_data_all': 'heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3815 was patched at 2024-05-15

9279. Denial of Service - Unknown Product (CVE-2006-6107) - Low [148]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6107 was patched at 2024-05-15

9280. Denial of Service - Unknown Product (CVE-2007-0010) - Low [148]

Description: {'vulners_cve_data_all': 'The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0010 was patched at 2024-05-15

9281. Denial of Service - Unknown Product (CVE-2007-2894) - Low [148]

Description: {'vulners_cve_data_all': 'The emulated floppy disk controller in Bochs 2.3 allows local users of the guest operating system to cause a denial of service (virtual machine crash) via unspecified vectors, resulting in a divide-by-zero error.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2894 was patched at 2024-05-15

9282. Denial of Service - Unknown Product (CVE-2007-3372) - Low [148]

Description: {'vulners_cve_data_all': 'The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3372 was patched at 2024-05-15

9283. Denial of Service - Unknown Product (CVE-2008-5298) - Low [148]

Description: {'vulners_cve_data_all': 'chm2pdf 0.9 uses temporary files in directories with fixed names, which allows local users to cause a denial of service (chm2pdf failure) of other users by creating those directories ahead of time.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5298 was patched at 2024-05-15

9284. Denial of Service - Unknown Product (CVE-2008-7258) - Low [148]

Description: {'vulners_cve_data_all': 'The standardise function in Anibal Monsalve Salazar sSMTP 2.61 and 2.62 allows local users to cause a denial of service (application exit) via an e-mail message containing a long line that begins with a . (dot) character. NOTE: CVE disputes this issue because it is solely a usability problem for senders of messages with certain long lines, and has no security impact', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7258 was patched at 2024-05-15

9285. Denial of Service - Unknown Product (CVE-2010-2539) - Low [148]

Description: {'vulners_cve_data_all': 'Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2539 was patched at 2024-05-15

9286. Denial of Service - Unknown Product (CVE-2012-3494) - Low [148]

Description: {'vulners_cve_data_all': 'The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3494 was patched at 2024-05-15

9287. Denial of Service - Unknown Product (CVE-2012-4536) - Low [148]

Description: {'vulners_cve_data_all': 'The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in Xen 2.2 allows local guest OS administrators to cause a denial of service (Xen crash) via a crafted pirq value that triggers an out-of-bounds read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4536 was patched at 2024-05-15

9288. Denial of Service - Unknown Product (CVE-2012-4539) - Low [148]

Description: {'vulners_cve_data_all': 'Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit hypervisors, allows local guest OS administrators to cause a denial of service (infinite loop and hang or crash) via invalid arguments to GNTTABOP_get_status_frames, aka "Grant table hypercall infinite loop DoS vulnerability."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4539 was patched at 2024-05-15

9289. Denial of Service - Unknown Product (CVE-2013-0179) - Low [148]

Description: {'vulners_cve_data_all': 'The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0179 was patched at 2024-05-15

9290. Denial of Service - Unknown Product (CVE-2013-2096) - Low [148]

Description: {'vulners_cve_data_all': 'OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by creating an image with a large virtual size that does not contain a large amount of data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2096 was patched at 2024-05-15

9291. Denial of Service - Unknown Product (CVE-2013-4369) - Low [148]

Description: {'vulners_cve_data_all': 'The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and 4.3.x allows local users to cause a denial of service (NULL pointer dereference) by using the "@" character as the VIF rate configuration.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4369 was patched at 2024-05-15

9292. Denial of Service - Unknown Product (CVE-2013-4377) - Low [148]

Description: {'vulners_cve_data_all': 'Use-after-free vulnerability in the virtio-pci implementation in Qemu 1.4.0 through 1.6.0 allows local users to cause a denial of service (daemon crash) by "hot-unplugging" a virtio device.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4377 was patched at 2024-05-15

9293. Denial of Service - Unknown Product (CVE-2013-4393) - Low [148]

Description: {'vulners_cve_data_all': 'journald in systemd, when the origin of native messages is set to file, allows local users to cause a denial of service (logging service blocking) via a crafted file descriptor.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4393 was patched at 2024-05-15

9294. Denial of Service - Unknown Product (CVE-2013-7290) - Low [148]

Description: {'vulners_cve_data_all': 'The do_item_get function in items.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr, a different vulnerability than CVE-2013-0179.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7290 was patched at 2024-05-15

9295. Denial of Service - Unknown Product (CVE-2014-8135) - Low [148]

Description: {'vulners_cve_data_all': 'The storageVolUpload function in storage/storage_driver.c in libvirt before 1.2.11 does not check a certain return value, which allows local users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted offset value in a "virsh vol-upload" command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8135 was patched at 2024-05-15

9296. Denial of Service - Unknown Product (CVE-2014-8991) - Low [148]

Description: {'vulners_cve_data_all': 'pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8991 was patched at 2024-05-15

9297. Denial of Service - Unknown Product (CVE-2015-1563) - Low [148]

Description: {'vulners_cve_data_all': 'The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1563 was patched at 2024-05-15

9298. Denial of Service - Unknown Product (CVE-2015-5218) - Low [148]

Description: {'vulners_cve_data_all': 'Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5218 was patched at 2024-05-15

9299. Incorrect Calculation - Unknown Product (CVE-2004-0417) - Low [148]

Description: {'vulners_cve_data_all': 'Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0417 was patched at 2024-05-15

9300. Incorrect Calculation - Unknown Product (CVE-2004-0657) - Low [148]

Description: {'vulners_cve_data_all': 'Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0657 was patched at 2024-05-15

9301. Incorrect Calculation - Unknown Product (CVE-2005-3624) - Low [148]

Description: {'vulners_cve_data_all': 'The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3624 was patched at 2024-05-15

9302. Incorrect Calculation - Unknown Product (CVE-2005-4895) - Low [148]

Description: {'vulners_cve_data_all': 'Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools before 0.4 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4895 was patched at 2024-05-15

9303. Incorrect Calculation - Unknown Product (CVE-2006-0635) - Low [148]

Description: {'vulners_cve_data_all': 'Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0635 was patched at 2024-05-15

9304. Incorrect Calculation - Unknown Product (CVE-2015-0886) - Low [148]

Description: {'vulners_cve_data_all': 'Integer overflow in the crypt_raw method in the key-stretching implementation in jBCrypt before 0.4 makes it easier for remote attackers to determine cleartext values of password hashes via a brute-force attack against hashes associated with the maximum exponent.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0886 was patched at 2024-05-15

9305. Information Disclosure - Unknown Product (CVE-2023-45289) - Low [148]

Description: {'vulners_cve_data_all': 'When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-45289 was patched at 2024-04-30, 2024-05-07, 2024-05-22, 2024-05-23

debian: CVE-2023-45289 was patched at 2024-05-15

oraclelinux: CVE-2023-45289 was patched at 2024-05-07, 2024-05-29

redhat: CVE-2023-45289 was patched at 2024-04-30, 2024-05-07, 2024-05-22, 2024-05-23

redos: CVE-2023-45289 was patched at 2024-04-22

9306. Information Disclosure - Unknown Product (CVE-2024-30916) - Low [148]

Description: {'vulners_cve_data_all': 'An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted max_samples parameter in DurabilityService QoS component.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-30916 was patched at 2024-05-15

9307. Information Disclosure - Unknown Product (CVE-2024-30917) - Low [148]

Description: {'vulners_cve_data_all': 'An issue was discovered in eProsima FastDDS v.2.14.0 and before, allows a local attacker to cause a denial of service (DoS) and obtain sensitive information via a crafted history_depth parameter in DurabilityService QoS component.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-30917 was patched at 2024-05-15

9308. Information Disclosure - Unknown Product (CVE-2024-31636) - Low [148]

Description: {'vulners_cve_data_all': 'An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.8315Information Disclosure
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31636 was patched at 2024-05-15

9309. Memory Corruption - Unknown Product (CVE-2003-0612) - Low [148]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in main.c for Crafty 19.3 allow local users to gain group "games" privileges via long command line arguments to crafty.bin.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0612 was patched at 2024-05-15

9310. Memory Corruption - Unknown Product (CVE-2003-0620) - Low [148]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0620 was patched at 2024-05-15

9311. Memory Corruption - Unknown Product (CVE-2009-3826) - Low [148]

Description: {'vulners_cve_data_all': 'Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3826 was patched at 2024-05-15

9312. Memory Corruption - Unknown Product (CVE-2012-0952) - Low [148]

Description: {'vulners_cve_data_all': 'A heap buffer overflow was discovered in the device control ioctl in the Linux driver for Nvidia graphics cards, which may allow an attacker to overflow 49 bytes. This issue was fixed in version 295.53.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0952 was patched at 2024-05-15

9313. Memory Corruption - Unknown Product (CVE-2012-0953) - Low [148]

Description: {'vulners_cve_data_all': 'A race condition was discovered in the Linux drivers for Nvidia graphics which allowed an attacker to exfiltrate kernel memory to userspace. This issue was fixed in version 295.53.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0953 was patched at 2024-05-15

9314. Memory Corruption - Unknown Product (CVE-2016-9798) - Low [148]

Description: {'vulners_cve_data_all': 'In BlueZ 5.42, a use-after-free was identified in "conf_opt" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9798 was patched at 2024-05-15

9315. Memory Corruption - Unknown Product (CVE-2016-9799) - Low [148]

Description: {'vulners_cve_data_all': 'In BlueZ 5.42, a buffer overflow was observed in "pklg_read_hci" function in "btsnoop.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9799 was patched at 2024-05-15

9316. Memory Corruption - Unknown Product (CVE-2016-9800) - Low [148]

Description: {'vulners_cve_data_all': 'In BlueZ 5.42, a buffer overflow was observed in "pin_code_reply_dump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pin_code_reply_cp *cp" parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9800 was patched at 2024-05-15

9317. Memory Corruption - Unknown Product (CVE-2016-9801) - Low [148]

Description: {'vulners_cve_data_all': 'In BlueZ 5.42, a buffer overflow was observed in "set_ext_ctrl" function in "tools/parser/l2cap.c" source file when processing corrupted dump file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9801 was patched at 2024-05-15

9318. Memory Corruption - Unknown Product (CVE-2016-9803) - Low [148]

Description: {'vulners_cve_data_all': 'In BlueZ 5.42, an out-of-bounds read was observed in "le_meta_ev_dump" function in "tools/parser/hci.c" source file. This issue exists because 'subevent' (which is used to read correct element from 'ev_le_meta_str' array) is overflowed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9803 was patched at 2024-05-15

9319. Memory Corruption - Unknown Product (CVE-2016-9804) - Low [148]

Description: {'vulners_cve_data_all': 'In BlueZ 5.42, a buffer overflow was observed in "commands_dump" function in "tools/parser/csr.c" source file. The issue exists because "commands" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "frm->ptr" parameter. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9804 was patched at 2024-05-15

9320. Memory Corruption - Unknown Product (CVE-2017-18018) - Low [148]

Description: {'vulners_cve_data_all': 'In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-18018 was patched at 2024-05-15

9321. Memory Corruption - Unknown Product (CVE-2018-18398) - Low [148]

Description: {'vulners_cve_data_all': 'Xfce Thunar 1.6.15, when Xfce 4.12 is used, mishandles the IBus-Unikey input method for file searches within File Manager, leading to an out-of-bounds read and SEGV. This could potentially be exploited by an arbitrary local user who creates files in /tmp before the victim uses this input method.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18398 was patched at 2024-05-15

9322. Memory Corruption - Unknown Product (CVE-2020-10577) - Low [148]

Description: {'vulners_cve_data_all': 'An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10577 was patched at 2024-05-15

9323. Memory Corruption - Unknown Product (CVE-2023-26916) - Low [148]

Description: {'vulners_cve_data_all': 'libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26916 was patched at 2024-05-15

redos: CVE-2023-26916 was patched at 2024-05-21

9324. Memory Corruption - Unknown Product (CVE-2023-29132) - Low [148]

Description: {'vulners_cve_data_all': 'Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29132 was patched at 2024-05-15

9325. Memory Corruption - Unknown Product (CVE-2023-46836) - Low [148]

Description: {'vulners_cve_data_all': 'The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative\nReturn Stack Overflow) are not IRQ-safe. It was believed that the\nmitigations always operated in contexts with IRQs disabled.\n\nHowever, the original XSA-254 fix for Meltdown (XPTI) deliberately left\ninterrupts enabled on two entry paths; one unconditionally, and one\nconditionally on whether XPTI was active.\n\nAs BTC/SRSO and Meltdown affect different CPU vendors, the mitigations\nare not active together by default. Therefore, there is a race\ncondition whereby a malicious PV guest can bypass BTC/SRSO protections\nand launch a BTC/SRSO attack against Xen.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46836 was patched at 2024-05-15

9326. Memory Corruption - Unknown Product (CVE-2023-51074) - Low [148]

Description: {'vulners_cve_data_all': 'json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51074 was patched at 2024-05-15

9327. Memory Corruption - Unknown Product (CVE-2024-3024) - Low [148]

Description: {'vulners_cve_data_all': 'A vulnerability was found in appneta tcpreplay up to 4.4.4. It has been classified as problematic. This affects the function get_layer4_v6 of the file /tcpreplay/src/common/get.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-258333 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3024 was patched at 2024-05-15

9328. Memory Corruption - Unknown Product (CVE-2024-32664) - Low [148]

Description: {'vulners_cve_data_all': 'Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, specially crafted traffic or datasets can cause a limited buffer overflow. This vulnerability is fixed in 7.0.5 and 6.0.19. Workarounds include not use rules with `base64_decode` keyword with `bytes` option with value 1, 2 or 5 and for 7.0.x, setting `app-layer.protocols.smtp.mime.body-md5` to false.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32664 was patched at 2024-05-15

9329. Unknown Vulnerability Type - Bouncy Castle (CVE-2013-1624) - Low [147]

Description: {'vulners_cve_data_all': 'The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Bouncy Castle is a collection of APIs used in cryptography
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1624 was patched at 2024-05-15

9330. Unknown Vulnerability Type - Oracle Java SE (CVE-2018-3157) - Low [147]

Description: {'vulners_cve_data_all': 'Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Sound). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Oracle Java SE
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-3157 was patched at 2024-05-15

9331. Unknown Vulnerability Type - Oracle Java SE (CVE-2024-21012) - Low [147]

Description: {'vulners_cve_data_all': 'Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Oracle Java SE
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-21012 was patched at 2024-04-18, 2024-04-22

debian: CVE-2024-21012 was patched at 2024-04-22, 2024-05-15

oraclelinux: CVE-2024-21012 was patched at 2024-04-22, 2024-04-23

redhat: CVE-2024-21012 was patched at 2024-04-18, 2024-04-22

ubuntu: CVE-2024-21012 was patched at 2024-06-06

9332. Unknown Vulnerability Type - Perl (CVE-2010-1224) - Low [147]

Description: {'vulners_cve_data_all': 'main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1224 was patched at 2024-05-15

9333. Unknown Vulnerability Type - Perl (CVE-2010-4334) - Low [147]

Description: {'vulners_cve_data_all': 'The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4334 was patched at 2024-05-15

9334. Unknown Vulnerability Type - Perl (CVE-2010-4761) - Low [147]

Description: {'vulners_cve_data_all': 'The customer-interface ticket-print dialog in Open Ticket Request System (OTRS) before 3.0.0-beta3 does not properly restrict customer-visible data, which allows remote authenticated users to obtain potentially sensitive information from the (1) responsible, (2) owner, (3) accounted time, (4) pending until, and (5) lock fields by reading this dialog.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4761 was patched at 2024-05-15

9335. Unknown Vulnerability Type - Perl (CVE-2010-4766) - Low [147]

Description: {'vulners_cve_data_all': 'The AgentTicketForward feature in Open Ticket Request System (OTRS) before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a standard e-mail client.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4766 was patched at 2024-05-15

9336. Unknown Vulnerability Type - Perl (CVE-2011-2201) - Low [147]

Description: {'vulners_cve_data_all': 'The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2201 was patched at 2024-05-15

9337. Unknown Vulnerability Type - Perl (CVE-2011-4406) - Low [147]

Description: {'vulners_cve_data_all': 'The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4406 was patched at 2024-05-15

9338. Unknown Vulnerability Type - Perl (CVE-2012-2654) - Low [147]

Description: {'vulners_cve_data_all': 'The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protocol is not specified entirely in lowercase, which allows remote attackers to bypass intended access restrictions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2654 was patched at 2024-05-15

9339. Unknown Vulnerability Type - Perl (CVE-2012-3867) - Low [147]

Description: {'vulners_cve_data_all': 'lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3867 was patched at 2024-05-15

9340. Unknown Vulnerability Type - Perl (CVE-2012-4430) - Low [147]

Description: {'vulners_cve_data_all': 'The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4430 was patched at 2024-05-15

9341. Unknown Vulnerability Type - Perl (CVE-2012-4457) - Low [147]

Description: {'vulners_cve_data_all': 'OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4457 was patched at 2024-05-15

9342. Unknown Vulnerability Type - Perl (CVE-2012-4731) - Low [147]

Description: {'vulners_cve_data_all': 'FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4731 was patched at 2024-05-15

9343. Unknown Vulnerability Type - Perl (CVE-2012-6033) - Low [147]

Description: {'vulners_cve_data_all': 'The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6033 was patched at 2024-05-15

9344. Unknown Vulnerability Type - Perl (CVE-2014-0012) - Low [147]

Description: {'vulners_cve_data_all': 'FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0012 was patched at 2024-05-15

9345. Unknown Vulnerability Type - Perl (CVE-2020-13131) - Low [147]

Description: {'vulners_cve_data_all': 'An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in this library (which is included in yubico-piv-tool) does not properly check embedded length fields during device communication. A malicious PIV token can misreport the returned length fields during RSA key generation. This will cause stack memory to be copied into heap allocated memory that gets returned to the caller. The leaked memory could include PINs, passwords, key material, and other sensitive information depending on the integration. During further processing by the caller, this information could leak across trust boundaries. Note that RSA key generation is triggered by the host and cannot directly be triggered by the token.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13131 was patched at 2024-05-15

9346. Unknown Vulnerability Type - Perl (CVE-2021-21416) - Low [147]

Description: {'vulners_cve_data_all': 'django-registration is a user registration package for Django. The django-registration package provides tools for implementing user-account registration flows in the Django web framework. In django-registration prior to 3.1.2, the base user-account registration view did not properly apply filters to sensitive data, with the result that sensitive data could be included in error reports rather than removed automatically by Django. Triggering this requires: A site is using django-registration < 3.1.2, The site has detailed error reports (such as Django's emailed error reports to site staff/developers) enabled and a server-side error (HTTP 5xx) occurs during an attempt by a user to register an account. Under these conditions, recipients of the detailed error report will see all submitted data from the account-registration attempt, which may include the user's proposed credentials (such as a password).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-21416 was patched at 2024-05-15

9347. Unknown Vulnerability Type - Perl (CVE-2023-29401) - Low [147]

Description: {'vulners_cve_data_all': 'The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of "setup.bat&quot;;x=.txt" will be sent as a file named "setup.bat". If the FileAttachment function is called with names provided by an untrusted source, this may permit an attacker to cause a file to be served with a name different than provided. Maliciously crafted attachment file name can modify the Content-Disposition header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29401 was patched at 2024-05-15

9348. Unknown Vulnerability Type - Roundcube (CVE-2019-10740) - Low [147]

Description: {'vulners_cve_data_all': 'In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Roundcube is a web-based IMAP email client
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10740 was patched at 2024-05-15

9349. Unknown Vulnerability Type - OpenSSH (CVE-2005-2666) - Low [145]

Description: {'vulners_cve_data_all': 'SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2666 was patched at 2024-05-15

9350. Unknown Vulnerability Type - Samba (CVE-2006-1059) - Low [145]

Description: {'vulners_cve_data_all': 'The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Samba is a free software re-implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1059 was patched at 2024-05-15

9351. Cross Site Scripting - Unknown Product (CVE-2024-34462) - Low [142]

Description: {'vulners_cve_data_all': 'Alinto SOGo through 5.10.0 allows XSS during attachment preview.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.815Cross Site Scripting
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-34462 was patched at 2024-05-15

9352. Spoofing - Unknown Product (CVE-2005-1519) - Low [142]

Description: {'vulners_cve_data_all': 'Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.415Spoofing
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1519 was patched at 2024-05-15

9353. Unknown Vulnerability Type - Cacti (CVE-2002-1479) - Low [142]

Description: {'vulners_cve_data_all': 'Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1479 was patched at 2024-05-15

9354. Unknown Vulnerability Type - Cacti (CVE-2004-1736) - Low [142]

Description: {'vulners_cve_data_all': 'Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1736 was patched at 2024-05-15

9355. Unknown Vulnerability Type - Cacti (CVE-2005-1524) - Low [142]

Description: {'vulners_cve_data_all': 'PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1524 was patched at 2024-05-15

9356. Unknown Vulnerability Type - Cacti (CVE-2008-0784) - Low [142]

Description: {'vulners_cve_data_all': 'graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows remote attackers to obtain the full path via an invalid local_graph_id parameter and other unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0784 was patched at 2024-05-15

9357. Unknown Vulnerability Type - Cacti (CVE-2021-3816) - Low [142]

Description: {'vulners_cve_data_all': 'Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3816 was patched at 2024-05-15

9358. Unknown Vulnerability Type - Cacti (CVE-2024-29894) - Low [142]

Description: {'vulners_cve_data_all': 'Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out of unescaped PHP variables `$title` and `$header`. If those variables contain single quotes, they can be used to inject JavaScript code. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. Version 1.2.27 fixes this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29894 was patched at 2024-05-15

9359. Unknown Vulnerability Type - Cacti (CVE-2024-31444) - Low [142]

Description: {'vulners_cve_data_all': 'Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, some of the data stored in `automation_tree_rules_form_save()` function in `automation_tree_rules.php` is not thoroughly checked and is used to concatenate the HTML statement in `form_confirm()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31444 was patched at 2024-05-15

9360. Unknown Vulnerability Type - Docker (CVE-2014-5277) - Low [142]

Description: {'vulners_cve_data_all': 'Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Docker
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5277 was patched at 2024-05-15

9361. Unknown Vulnerability Type - Docker (CVE-2014-5278) - Low [142]

Description: {'vulners_cve_data_all': 'A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Docker
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5278 was patched at 2024-05-15

9362. Unknown Vulnerability Type - Flask (CVE-2024-1681) - Low [142]

Description: {'vulners_cve_data_all': 'corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, potentially covering tracks of other attacks, confusing log post-processing tools, and forging log entries. The issue is due to improper output neutralization for logs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Flask is a lightweight WSGI web application framework
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-1681 was patched at 2024-05-15

9363. Unknown Vulnerability Type - HID (CVE-2006-0414) - Low [142]

Description: {'vulners_cve_data_all': 'Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514HID
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0414 was patched at 2024-05-15

9364. Unknown Vulnerability Type - HID (CVE-2006-6893) - Low [142]

Description: {'vulners_cve_data_all': 'Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through (1) ICMP timestamps, (2) TCP sequence numbers, and (3) TCP timestamps, a different vulnerability than CVE-2006-0414. NOTE: it could be argued that this is a laws-of-physics vulnerability that is a fundamental design limitation of certain hardware implementations, so perhaps this issue should not be included in CVE.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514HID
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6893 was patched at 2024-05-15

9365. Unknown Vulnerability Type - HID (CVE-2008-5076) - Low [142]

Description: {'vulners_cve_data_all': 'htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with "crazy control strings."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514HID
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5076 was patched at 2024-05-15

9366. Unknown Vulnerability Type - LNK (CVE-2008-2285) - Low [142]

Description: {'vulners_cve_data_all': 'The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote attackers to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514LNK
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2285 was patched at 2024-05-15

9367. Unknown Vulnerability Type - Scripting Engine (CVE-2005-0508) - Low [142]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attackers to bypass certain access controls via certain features of the Rhino scripting engine due to a "script security issue."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Scripting Engine
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0508 was patched at 2024-05-15

9368. Unknown Vulnerability Type - TLS (CVE-2014-8760) - Low [142]

Description: {'vulners_cve_data_all': 'ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8760 was patched at 2024-05-15

9369. Unknown Vulnerability Type - TLS (CVE-2020-24585) - Low [142]

Description: {'vulners_cve_data_all': 'An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24585 was patched at 2024-05-15

9370. Unknown Vulnerability Type - TLS (CVE-2020-28327) - Low [142]

Description: {'vulners_cve_data_all': 'A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending on some off-nominal circumstances and timing, it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client must be authenticated, or Asterisk must be configured for anonymous calling.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28327 was patched at 2024-05-15

9371. Unknown Vulnerability Type - TLS (CVE-2021-38373) - Low [142]

Description: {'vulners_cve_data_all': 'In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38373 was patched at 2024-05-15

9372. Unknown Vulnerability Type - TLS (CVE-2022-29189) - Low [142]

Description: {'vulners_cve_data_all': 'Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could exploit this to cause excessive memory usage. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29189 was patched at 2024-05-15

9373. Unknown Vulnerability Type - TLS (CVE-2022-39334) - Low [142]

Description: {'vulners_cve_data_all': 'Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd prior to 3.6.1 would incorrectly trust invalid TLS certificates, which may enable a Man-in-the-middle attack that exposes sensitive data or credentials to a network attacker. This affects the CLI only. It does not affect the standard GUI desktop Nextcloud clients, and it does not affect the Nextcloud server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-39334 was patched at 2024-05-15

9374. Unknown Vulnerability Type - TLS (CVE-2022-42961) - Low [142]

Description: {'vulners_cve_data_all': 'An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-42961 was patched at 2024-05-15

9375. Unknown Vulnerability Type - TLS (CVE-2022-46392) - Low [142]

Description: {'vulners_cve_data_all': 'An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically, an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation, if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-46392 was patched at 2024-05-15

9376. Unknown Vulnerability Type - TLS (CVE-2023-6936) - Low [142]

Description: {'vulners_cve_data_all': 'In wolfSSL prior to 5.6.6, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS client or network attacker can trigger a buffer over-read on the heap of 5 bytes (WOLFSSL_CALLBACKS is only intended for debugging).\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-6936 was patched at 2024-05-15

9377. Unknown Vulnerability Type - TLS (CVE-2023-6937) - Low [142]

Description: {'vulners_cve_data_all': 'wolfSSL prior to 5.6.6 did not check that messages in one (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-6937 was patched at 2024-05-15

9378. Unknown Vulnerability Type - TLS/SSL (CVE-2009-3026) - Low [142]

Description: {'vulners_cve_data_all': 'protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS/SSL
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3026 was patched at 2024-05-15

9379. Unknown Vulnerability Type - ESXi (CVE-2011-2146) - Low [140]

Description: {'vulners_cve_data_all': 'mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1 allows guest OS users to determine the existence of host OS files and directories via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714VMware ESXi (formerly ESX) is an enterprise-class, type-1 hypervisor developed by VMware for deploying and serving virtual computers
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2146 was patched at 2024-05-15

9380. Unknown Vulnerability Type - QEMU (CVE-2007-1322) - Low [140]

Description: {'vulners_cve_data_all': 'QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1322 was patched at 2024-05-15

9381. Unknown Vulnerability Type - QEMU (CVE-2015-2152) - Low [140]

Description: {'vulners_cve_data_all': 'Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714QEMU is a generic and open source machine & userspace emulator and virtualizer
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2152 was patched at 2024-05-15

9382. Unknown Vulnerability Type - SQLite (CVE-2012-0863) - Low [140]

Description: {'vulners_cve_data_all': 'Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714SQLite is a database engine written in the C programming language
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0863 was patched at 2024-05-15

9383. Unknown Vulnerability Type - GPAC (CVE-2020-6630) - Low [138]

Description: {'vulners_cve_data_all': 'An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_isom_get_media_data_size() in isomedia/isom_read.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-6630 was patched at 2024-05-15

9384. Unknown Vulnerability Type - GPAC (CVE-2020-6631) - Low [138]

Description: {'vulners_cve_data_all': 'An issue was discovered in GPAC version 0.8.0. There is a NULL pointer dereference in the function gf_m2ts_stream_process_pmt() in media_tools/m2ts_mux.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-6631 was patched at 2024-05-15

9385. Unknown Vulnerability Type - GPAC (CVE-2021-30015) - Low [138]

Description: {'vulners_cve_data_all': 'There is a Null Pointer Dereference in function filter_core/filter_pck.c:gf_filter_pck_new_alloc_internal in GPAC 1.0.1. The pid comes from function av1dmx_parse_flush_sample, the ctx.opid maybe NULL. The result is a crash in gf_filter_pck_new_alloc_internal.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30015 was patched at 2024-05-15

9386. Unknown Vulnerability Type - GPAC (CVE-2021-30019) - Low [138]

Description: {'vulners_cve_data_all': 'In the adts_dmx_process function in filters/reframe_adts.c in GPAC 1.0.1, a crafted file may cause ctx->hdr.frame_size to be smaller than ctx->hdr.hdr_size, resulting in size to be a negative number and a heap overflow in the memcpy.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30019 was patched at 2024-05-15

9387. Unknown Vulnerability Type - GPAC (CVE-2021-30020) - Low [138]

Description: {'vulners_cve_data_all': 'In the function gf_hevc_read_pps_bs_internal function in media_tools/av_parsers.c in GPAC 1.0.1 there is a loop, which with crafted file, pps->num_tile_columns may be larger than sizeof(pps->column_width), which results in a heap overflow in the loop.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30020 was patched at 2024-05-15

9388. Unknown Vulnerability Type - GPAC (CVE-2021-30199) - Low [138]

Description: {'vulners_cve_data_all': 'In filters/reframe_latm.c in GPAC 1.0.1 there is a Null Pointer Dereference, when gf_filter_pck_get_data is called. The first arg pck may be null with a crafted mp4 file,which results in a crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30199 was patched at 2024-05-15

9389. Unknown Vulnerability Type - GPAC (CVE-2021-31256) - Low [138]

Description: {'vulners_cve_data_all': 'Memory leak in the stbl_GetSampleInfos function in MP4Box in GPAC 1.0.1 allows attackers to read memory via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31256 was patched at 2024-05-15

9390. Unknown Vulnerability Type - GPAC (CVE-2021-31261) - Low [138]

Description: {'vulners_cve_data_all': 'The gf_hinter_track_new function in GPAC 1.0.1 allows attackers to read memory via a crafted file in the MP4Box command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31261 was patched at 2024-05-15

9391. Unknown Vulnerability Type - GPAC (CVE-2021-45288) - Low [138]

Description: {'vulners_cve_data_all': 'A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45288 was patched at 2024-05-15

9392. Unknown Vulnerability Type - GPAC (CVE-2022-2549) - Low [138]

Description: {'vulners_cve_data_all': 'NULL Pointer Dereference in GitHub repository gpac/gpac prior to v2.1.0-DEV.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2549 was patched at 2024-05-15

9393. Unknown Vulnerability Type - GPAC (CVE-2022-43043) - Low [138]

Description: {'vulners_cve_data_all': 'GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-43043 was patched at 2024-05-15

9394. Unknown Vulnerability Type - GPAC (CVE-2022-43044) - Low [138]

Description: {'vulners_cve_data_all': 'GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-43044 was patched at 2024-05-15

9395. Unknown Vulnerability Type - GPAC (CVE-2022-43045) - Low [138]

Description: {'vulners_cve_data_all': 'GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-43045 was patched at 2024-05-15

9396. Unknown Vulnerability Type - GPAC (CVE-2023-37174) - Low [138]

Description: {'vulners_cve_data_all': 'GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-37174 was patched at 2024-05-15

9397. Unknown Vulnerability Type - GPAC (CVE-2023-37765) - Low [138]

Description: {'vulners_cve_data_all': 'GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-37765 was patched at 2024-05-15

9398. Unknown Vulnerability Type - GPAC (CVE-2023-37766) - Low [138]

Description: {'vulners_cve_data_all': 'GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-37766 was patched at 2024-05-15

9399. Unknown Vulnerability Type - GPAC (CVE-2023-37767) - Low [138]

Description: {'vulners_cve_data_all': 'GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-37767 was patched at 2024-05-15

9400. Unknown Vulnerability Type - GPAC (CVE-2023-4678) - Low [138]

Description: {'vulners_cve_data_all': 'Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-4678 was patched at 2024-05-15

9401. Unknown Vulnerability Type - GPAC (CVE-2023-4681) - Low [138]

Description: {'vulners_cve_data_all': 'NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-4681 was patched at 2024-05-15

9402. Unknown Vulnerability Type - GPAC (CVE-2023-46931) - Low [138]

Description: {'vulners_cve_data_all': 'GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46931 was patched at 2024-05-15

9403. Unknown Vulnerability Type - GPAC (CVE-2023-4720) - Low [138]

Description: {'vulners_cve_data_all': 'Floating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-4720 was patched at 2024-05-15

9404. Unknown Vulnerability Type - Git (CVE-2016-10130) - Low [138]

Description: {'vulners_cve_data_all': 'The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10130 was patched at 2024-05-15

9405. Unknown Vulnerability Type - Git (CVE-2018-20200) - Low [138]

Description: {'vulners_cve_data_all': 'CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20200 was patched at 2024-05-15

9406. Unknown Vulnerability Type - Git (CVE-2022-0890) - Low [138]

Description: {'vulners_cve_data_all': 'NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-0890 was patched at 2024-05-15

9407. Unknown Vulnerability Type - Git (CVE-2022-2279) - Low [138]

Description: {'vulners_cve_data_all': 'NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2279 was patched at 2024-05-15

9408. Unknown Vulnerability Type - Git (CVE-2022-2301) - Low [138]

Description: {'vulners_cve_data_all': 'Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2301 was patched at 2024-05-15

9409. Unknown Vulnerability Type - Git (CVE-2023-39128) - Low [138]

Description: {'vulners_cve_data_all': 'GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39128 was patched at 2024-05-15

9410. Unknown Vulnerability Type - Git (CVE-2023-39129) - Low [138]

Description: {'vulners_cve_data_all': 'GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39129 was patched at 2024-05-15

9411. Denial of Service - Unknown Product (CVE-2002-1563) - Low [136]

Description: {'vulners_cve_data_all': 'stunnel 4.0.3 and earlier allows attackers to cause a denial of service (crash) via SIGCHLD signal handler race conditions that cause an inconsistency in the child counter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1563 was patched at 2024-05-15

9412. Memory Corruption - Unknown Product (CVE-2013-0722) - Low [136]

Description: {'vulners_cve_data_all': 'Stack-based buffer overflow in the scan_load_hosts function in ec_scan.c in Ettercap 0.7.5.1 and earlier might allow local users to gain privileges via a Trojan horse hosts list containing a long line.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0722 was patched at 2024-05-15

9413. Memory Corruption - Unknown Product (CVE-2018-18443) - Low [136]

Description: {'vulners_cve_data_all': 'OpenEXR 2.3.0 has a memory leak in ThreadPool in IlmBase/IlmThread/IlmThreadPool.cpp, as demonstrated by exrmultiview.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18443 was patched at 2024-05-15

9414. Memory Corruption - Unknown Product (CVE-2020-10575) - Low [136]

Description: {'vulners_cve_data_all': 'An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10575 was patched at 2024-05-15

9415. Unknown Vulnerability Type - Perl (CVE-2004-0452) - Low [135]

Description: {'vulners_cve_data_all': 'Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0452 was patched at 2024-05-15

9416. Unknown Vulnerability Type - Perl (CVE-2006-0898) - Low [135]

Description: {'vulners_cve_data_all': 'Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0898 was patched at 2024-05-15

9417. Unknown Vulnerability Type - Perl (CVE-2011-4114) - Low [135]

Description: {'vulners_cve_data_all': 'The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4114 was patched at 2024-05-15

9418. Unknown Vulnerability Type - Perl (CVE-2011-4459) - Low [135]

Description: {'vulners_cve_data_all': 'Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4459 was patched at 2024-05-15

9419. Unknown Vulnerability Type - Perl (CVE-2011-5060) - Low [135]

Description: {'vulners_cve_data_all': 'The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-5060 was patched at 2024-05-15

9420. Unknown Vulnerability Type - Perl (CVE-2012-5571) - Low [135]

Description: {'vulners_cve_data_all': 'OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5571 was patched at 2024-05-15

9421. Unknown Vulnerability Type - Perl (CVE-2013-4428) - Low [135]

Description: {'vulners_cve_data_all': 'OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4428 was patched at 2024-05-15

9422. Unknown Vulnerability Type - Perl (CVE-2017-1088) - Low [135]

Description: {'vulners_cve_data_all': 'In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, the kernel does not properly clear the memory of the kld_file_stat structure before filling the data. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information from the kernel stack is possible. As a result, some bytes from the kernel stack can be observed in userspace.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1088 was patched at 2024-05-15

9423. Unknown Vulnerability Type - Python (CVE-2014-1934) - Low [135]

Description: {'vulners_cve_data_all': 'tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1934 was patched at 2024-05-15

9424. Unknown Vulnerability Type - GNOME desktop (CVE-2024-34397) - Low [133]

Description: {'vulners_cve_data_all': 'An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This could lead to the GDBus-based client behaving incorrectly, with an application-dependent impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814GNOME originally an acronym for GNU Network Object Model Environment, is a free and open-source desktop environment for Linux and other Unix-like operating systems
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-34397 was patched at 2024-05-07, 2024-05-15

redos: CVE-2024-34397 was patched at 2024-06-06

ubuntu: CVE-2024-34397 was patched at 2024-05-09

9425. Unknown Vulnerability Type - Mozilla Firefox (CVE-2024-4767) - Low [133]

Description: {'vulners_cve_data_all': 'If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-4767 was patched at 2024-05-16

debian: CVE-2024-4767 was patched at 2024-05-15, 2024-05-17

oraclelinux: CVE-2024-4767 was patched at 2024-05-16, 2024-05-20, 2024-06-11

redhat: CVE-2024-4767 was patched at 2024-05-16, 2024-05-20, 2024-05-23

ubuntu: CVE-2024-4767 was patched at 2024-05-21, 2024-05-22

9426. Unknown Vulnerability Type - Mozilla Firefox (CVE-2024-4769) - Low [133]

Description: {'vulners_cve_data_all': 'When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-4769 was patched at 2024-05-16

debian: CVE-2024-4769 was patched at 2024-05-15, 2024-05-17

oraclelinux: CVE-2024-4769 was patched at 2024-05-16, 2024-05-20, 2024-06-11

redhat: CVE-2024-4769 was patched at 2024-05-16, 2024-05-20, 2024-05-23

ubuntu: CVE-2024-4769 was patched at 2024-05-21, 2024-05-22

9427. Unknown Vulnerability Type - Node.js (CVE-2024-33883) - Low [133]

Description: {'vulners_cve_data_all': 'The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814Node.js is a cross-platform, open-source server environment that can run on Windows, Linux, Unix, macOS, and more
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-33883 was patched at 2024-05-15

9428. Unknown Vulnerability Type - OpenSSH (CVE-2024-33663) - Low [133]

Description: {'vulners_cve_data_all': 'python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814OpenSSH is a suite of secure networking utilities based on the Secure Shell protocol, which provides a secure channel over an unsecured network in a client–server architecture
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-33663 was patched at 2024-05-15

9429. Unknown Vulnerability Type - OpenSSL (CVE-2024-26306) - Low [133]

Description: {'vulners_cve_data_all': 'iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.814A software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26306 was patched at 2024-05-15

redos: CVE-2024-26306 was patched at 2024-06-11

9430. Unknown Vulnerability Type - Cacti (CVE-2008-0786) - Low [130]

Description: {'vulners_cve_data_all': 'CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0786 was patched at 2024-05-15

9431. Unknown Vulnerability Type - Cacti (CVE-2011-5223) - Low [130]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-5223 was patched at 2024-05-15

9432. Unknown Vulnerability Type - Cacti (CVE-2019-16723) - Low [130]

Description: {'vulners_cve_data_all': 'In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Cacti is an open source operational monitoring and fault management framework
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16723 was patched at 2024-05-15

9433. Unknown Vulnerability Type - DNSSEC (CVE-2018-1000002) - Low [130]

Description: {'vulners_cve_data_all': 'Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000002 was patched at 2024-05-15

9434. Unknown Vulnerability Type - DNSSEC (CVE-2018-1000003) - Low [130]

Description: {'vulners_cve_data_all': 'Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514The Domain Name System Security Extensions (DNSSEC) is a feature of the Domain Name System (DNS) that authenticates responses to domain name lookups
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000003 was patched at 2024-05-15

9435. Unknown Vulnerability Type - Docker (CVE-2016-8579) - Low [130]

Description: {'vulners_cve_data_all': 'docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Docker
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-8579 was patched at 2024-05-15

9436. Unknown Vulnerability Type - HID (CVE-2007-4411) - Low [130]

Description: {'vulners_cve_data_all': 'ircu 2.10.12.05 and earlier allows remote attackers to discover the hidden IP address of arbitrary +x users via a series of /silence commands with (1) CIDR mask arguments or (2) certain other arguments that represent groups of IP addresses, then monitoring CTCP ping replies.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514HID
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4411 was patched at 2024-05-15

9437. Unknown Vulnerability Type - HID (CVE-2008-1291) - Low [130]

Description: {'vulners_cve_data_all': 'ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514HID
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1291 was patched at 2024-05-15

9438. Unknown Vulnerability Type - HID (CVE-2019-10735) - Low [130]

Description: {'vulners_cve_data_all': 'In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514HID
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10735 was patched at 2024-05-15

9439. Unknown Vulnerability Type - TLS (CVE-2011-4894) - Low [130]

Description: {'vulners_cve_data_all': 'Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort access instead of a Tor TLS connection for a directory fetch, which makes it easier for remote attackers to enumerate bridges by observing DirPort connections.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4894 was patched at 2024-05-15

9440. Unknown Vulnerability Type - TLS (CVE-2012-0390) - Low [130]

Description: {'vulners_cve_data_all': 'The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0390 was patched at 2024-05-15

9441. Unknown Vulnerability Type - TLS (CVE-2014-5444) - Low [130]

Description: {'vulners_cve_data_all': 'Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5444 was patched at 2024-05-15

9442. Unknown Vulnerability Type - TLS (CVE-2021-37845) - Low [130]

Description: {'vulners_cve_data_all': 'An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595). This potentially allows an attacker to cause a victim's e-mail messages to be stored into an attacker's IMAP mailbox, but depends on details of the victim's client behavior.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37845 was patched at 2024-05-15

9443. Unknown Vulnerability Type - TLS/SSL (CVE-2016-1000033) - Low [130]

Description: {'vulners_cve_data_all': 'Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS/SSL
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1000033 was patched at 2024-05-15

9444. Unknown Vulnerability Type - TRIE (CVE-2021-22060) - Low [130]

Description: {'vulners_cve_data_all': 'In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TRIE
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-22060 was patched at 2024-05-15

9445. Unknown Vulnerability Type - GPAC (CVE-2022-1172) - Low [126]

Description: {'vulners_cve_data_all': 'Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1172 was patched at 2024-05-15

9446. Unknown Vulnerability Type - Git (CVE-2022-0430) - Low [126]

Description: {'vulners_cve_data_all': 'Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-0430 was patched at 2024-05-15

9447. Unknown Vulnerability Type - Git (CVE-2023-3431) - Low [126]

Description: {'vulners_cve_data_all': 'Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-3431 was patched at 2024-05-15

debian: CVE-2023-34318 was patched at 2024-05-15

9448. Denial of Service - Unknown Product (CVE-2023-36268) - Low [125]

Description: {'vulners_cve_data_all': 'An issue in The Document Foundation Libreoffice v.7.4.7 allows a remote attacker to cause a denial of service via a crafted .ppt file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-36268 was patched at 2024-05-15

9449. Denial of Service - Unknown Product (CVE-2023-43279) - Low [125]

Description: {'vulners_cve_data_all': 'Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-43279 was patched at 2024-05-15

9450. Denial of Service - Unknown Product (CVE-2023-45290) - Low [125]

Description: {'vulners_cve_data_all': 'When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-45290 was patched at 2024-04-30, 2024-05-07, 2024-05-22, 2024-05-23, 2024-06-11

debian: CVE-2023-45290 was patched at 2024-05-15

oraclelinux: CVE-2023-45290 was patched at 2024-05-07, 2024-05-29, 2024-06-11, 2024-06-12

redhat: CVE-2023-45290 was patched at 2024-04-30, 2024-05-07, 2024-05-22, 2024-05-23, 2024-06-11

redos: CVE-2023-45290 was patched at 2024-04-22

9451. Denial of Service - Unknown Product (CVE-2023-46565) - Low [125]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in osrg gobgp commit 419c50dfac578daa4d11256904d0dc182f1a9b22 allows a remote attacker to cause a denial of service via the handlingError function in pkg/server/fsm.go.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46565 was patched at 2024-05-15

9452. Denial of Service - Unknown Product (CVE-2023-46566) - Low [125]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in msoulier tftpy commit 467017b844bf6e31745138a30e2509145b0c529c allows a remote attacker to cause a denial of service via the parse function in the TftpPacketFactory class.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46566 was patched at 2024-05-15

9453. Denial of Service - Unknown Product (CVE-2023-50658) - Low [125]

Description: {'vulners_cve_data_all': 'The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50658 was patched at 2024-05-15

9454. Denial of Service - Unknown Product (CVE-2023-5215) - Low [125]

Description: {'vulners_cve_data_all': 'A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-5215 was patched at 2024-04-30

debian: CVE-2023-5215 was patched at 2024-05-15

debian: CVE-2023-52159 was patched at 2024-05-15

oraclelinux: CVE-2023-5215 was patched at 2024-05-02

redhat: CVE-2023-5215 was patched at 2024-04-30

9455. Denial of Service - Unknown Product (CVE-2023-5871) - Low [125]

Description: {'vulners_cve_data_all': 'A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-5871 was patched at 2024-04-30

oraclelinux: CVE-2023-5871 was patched at 2024-05-02

redhat: CVE-2023-5871 was patched at 2024-04-30

9456. Denial of Service - Unknown Product (CVE-2023-7250) - Low [125]

Description: {'vulners_cve_data_all': 'A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-7250 was patched at 2024-05-15

redos: CVE-2023-7250 was patched at 2024-04-22

9457. Denial of Service - Unknown Product (CVE-2024-22640) - Low [125]

Description: {'vulners_cve_data_all': 'TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22640 was patched at 2024-05-15

9458. Denial of Service - Unknown Product (CVE-2024-22871) - Low [125]

Description: {'vulners_cve_data_all': 'An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22871 was patched at 2024-05-15

9459. Denial of Service - Unknown Product (CVE-2024-25269) - Low [125]

Description: {'vulners_cve_data_all': 'libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25269 was patched at 2024-05-15

redos: CVE-2024-25269 was patched at 2024-04-22

9460. Denial of Service - Unknown Product (CVE-2024-25580) - Low [125]

Description: {'vulners_cve_data_all': 'An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-25580 was patched at 2024-04-30, 2024-05-22

debian: CVE-2024-25580 was patched at 2024-05-15

oraclelinux: CVE-2024-25580 was patched at 2024-05-02, 2024-05-23

redhat: CVE-2024-25580 was patched at 2024-04-30, 2024-05-22

9461. Denial of Service - Unknown Product (CVE-2024-28084) - Low [125]

Description: {'vulners_cve_data_all': 'p2putil.c in iNet wireless daemon (IWD) through 2.15 allows attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact because of initialization issues in situations where parsing of advertised service information fails.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28084 was patched at 2024-05-15

9462. Denial of Service - Unknown Product (CVE-2024-28563) - Low [125]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::DwaCompressor::Classifier::Classifier() function when reading images in EXR format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28563 was patched at 2024-05-15

9463. Denial of Service - Unknown Product (CVE-2024-28564) - Low [125]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::CharPtrIO::readChars() function when reading images in EXR format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28564 was patched at 2024-05-15

9464. Denial of Service - Unknown Product (CVE-2024-28565) - Low [125]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the psdParser::ReadImageData() function when reading images in PSD format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28565 was patched at 2024-05-15

9465. Denial of Service - Unknown Product (CVE-2024-28567) - Low [125]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_CreateICCProfile() function when reading images in TIFF format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28567 was patched at 2024-05-15

9466. Denial of Service - Unknown Product (CVE-2024-28568) - Low [125]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the read_iptc_profile() function when reading images in TIFF format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28568 was patched at 2024-05-15

9467. Denial of Service - Unknown Product (CVE-2024-28570) - Low [125]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28570 was patched at 2024-05-15

9468. Denial of Service - Unknown Product (CVE-2024-28571) - Low [125]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28571 was patched at 2024-05-15

9469. Denial of Service - Unknown Product (CVE-2024-28572) - Low [125]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28572 was patched at 2024-05-15

9470. Denial of Service - Unknown Product (CVE-2024-28573) - Low [125]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPEG format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28573 was patched at 2024-05-15

9471. Denial of Service - Unknown Product (CVE-2024-28574) - Low [125]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28574 was patched at 2024-05-15

9472. Denial of Service - Unknown Product (CVE-2024-28575) - Low [125]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28575 was patched at 2024-05-15

9473. Denial of Service - Unknown Product (CVE-2024-28576) - Low [125]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28576 was patched at 2024-05-15

9474. Denial of Service - Unknown Product (CVE-2024-28577) - Low [125]

Description: {'vulners_cve_data_all': 'Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28577 was patched at 2024-05-15

9475. Denial of Service - Unknown Product (CVE-2024-28579) - Low [125]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_Unload() function when reading images in HDR format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28579 was patched at 2024-05-15

9476. Denial of Service - Unknown Product (CVE-2024-28584) - Low [125]

Description: {'vulners_cve_data_all': 'Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28584 was patched at 2024-05-15

9477. Denial of Service - Unknown Product (CVE-2024-31047) - Low [125]

Description: {'vulners_cve_data_all': 'An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31047 was patched at 2024-05-15

9478. Denial of Service - Unknown Product (CVE-2024-31580) - Low [125]

Description: {'vulners_cve_data_all': 'PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31580 was patched at 2024-05-15

9479. Denial of Service - Unknown Product (CVE-2024-34244) - Low [125]

Description: {'vulners_cve_data_all': 'libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Denial of Service
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-34244 was patched at 2024-05-15

9480. Memory Corruption - Unknown Product (CVE-2023-31975) - Low [125]

Description: {'vulners_cve_data_all': 'yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31975 was patched at 2024-05-15

9481. Memory Corruption - Unknown Product (CVE-2024-0217) - Low [125]

Description: {'vulners_cve_data_all': 'A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-0217 was patched at 2024-05-15

9482. Memory Corruption - Unknown Product (CVE-2024-1454) - Low [125]

Description: {'vulners_cve_data_all': 'The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-1454 was patched at 2024-05-15

redos: CVE-2024-1454 was patched at 2024-04-22

9483. Path Traversal - Unknown Product (CVE-2024-25711) - Low [125]

Description: {'vulners_cve_data_all': 'diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.715Path Traversal
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25711 was patched at 2024-05-15

9484. Unknown Vulnerability Type - Perl (CVE-2004-0976) - Low [123]

Description: {'vulners_cve_data_all': 'Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0976 was patched at 2024-05-15

9485. Unknown Vulnerability Type - Perl (CVE-2005-0201) - Low [123]

Description: {'vulners_cve_data_all': 'D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0201 was patched at 2024-05-15

9486. Unknown Vulnerability Type - Perl (CVE-2005-1774) - Low [123]

Description: {'vulners_cve_data_all': 'WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce Unix permissions, which allows local users to write arbitrary files on a davfs2 mounted filesystem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1774 was patched at 2024-05-15

9487. Unknown Vulnerability Type - Perl (CVE-2005-2302) - Low [123]

Description: {'vulners_cve_data_all': 'PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2302 was patched at 2024-05-15

9488. Unknown Vulnerability Type - Perl (CVE-2005-4683) - Low [123]

Description: {'vulners_cve_data_all': 'PADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in a world-readable /tmp/nis.$$.ldif file, and possibly other sensitive information in other temporary files, which are not properly managed by (1) migrate_all_online.sh, (2) migrate_all_offline.sh, (3) migrate_all_netinfo_online.sh, (4) migrate_all_netinfo_offline.sh, (5) migrate_all_nis_online.sh, (6) migrate_all_nis_offline.sh, (7) migrate_all_nisplus_online.sh, and (8) migrate_all_nisplus_offline.sh.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4683 was patched at 2024-05-15

9489. Unknown Vulnerability Type - Perl (CVE-2009-5056) - Low [123]

Description: {'vulners_cve_data_all': 'Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5056 was patched at 2024-05-15

9490. Unknown Vulnerability Type - Perl (CVE-2011-1500) - Low [123]

Description: {'vulners_cve_data_all': 'PreferencesPithosDialog.py in Pithos 0.3.7 does not properly restrict permissions for the .config/pithos.ini file in a user's home directory, which allows local users to obtain Pandora credentials by reading this file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1500 was patched at 2024-05-15

9491. Unknown Vulnerability Type - Perl (CVE-2012-2672) - Low [123]

Description: {'vulners_cve_data_all': 'Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2672 was patched at 2024-05-15

9492. Unknown Vulnerability Type - Perl (CVE-2014-7231) - Low [123]

Description: {'vulners_cve_data_all': 'The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-7231 was patched at 2024-05-15

9493. Unknown Vulnerability Type - Python (CVE-2012-4571) - Low [123]

Description: {'vulners_cve_data_all': 'Python Keyring 0.9.1 does not securely initialize the cipher when encrypting passwords for CryptedFileKeyring files, which makes it easier for local users to obtain passwords via a brute-force attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4571 was patched at 2024-05-15

9494. Unknown Vulnerability Type - Python (CVE-2014-1604) - Low [123]

Description: {'vulners_cve_data_all': 'The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1604 was patched at 2024-05-15

9495. Unknown Vulnerability Type - Python (CVE-2014-1933) - Low [123]

Description: {'vulners_cve_data_all': 'The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1933 was patched at 2024-05-15

9496. Unknown Vulnerability Type - LNK (CVE-2019-17264) - Low [119]

Description: {'vulners_cve_data_all': 'In libyal liblnk before 20191006, liblnk_location_information_read_data in liblnk_location_information.c has a heap-based buffer over-read because an incorrect variable name is used for a certain offset. NOTE: the vendor has disputed this as described in the GitHub issue', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514LNK
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17264 was patched at 2024-05-15

9497. Unknown Vulnerability Type - LNK (CVE-2019-17401) - Low [119]

Description: {'vulners_cve_data_all': 'libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514LNK
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17401 was patched at 2024-05-15

9498. Unknown Vulnerability Type - Unknown Product (CVE-2000-1220) - Low [119]

Description: {'vulners_cve_data_all': 'The line printer daemon (lpd) in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2000-1220 was patched at 2024-05-15

9499. Unknown Vulnerability Type - Unknown Product (CVE-2000-1221) - Low [119]

Description: {'vulners_cve_data_all': 'The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modifying the DNS for the attacking IP.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2000-1221 was patched at 2024-05-15

9500. Unknown Vulnerability Type - Unknown Product (CVE-2002-1367) - Low [119]

Description: {'vulners_cve_data_all': 'Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need authorization" page, as demonstrated by new-coke.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1367 was patched at 2024-05-15

9501. Unknown Vulnerability Type - Unknown Product (CVE-2002-2047) - Low [119]

Description: {'vulners_cve_data_all': 'The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript (EPS) file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-2047 was patched at 2024-05-15

9502. Unknown Vulnerability Type - Unknown Product (CVE-2003-0098) - Low [119]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0098 was patched at 2024-05-15

9503. Unknown Vulnerability Type - Unknown Product (CVE-2004-1113) - Low [119]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1113 was patched at 2024-05-15

9504. Unknown Vulnerability Type - Unknown Product (CVE-2004-1170) - Low [119]

Description: {'vulners_cve_data_all': 'a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1170 was patched at 2024-05-15

9505. Unknown Vulnerability Type - Unknown Product (CVE-2004-1463) - Low [119]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1463 was patched at 2024-05-15

9506. Unknown Vulnerability Type - Unknown Product (CVE-2004-2154) - Low [119]

Description: {'vulners_cve_data_all': 'CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2154 was patched at 2024-05-15

9507. Unknown Vulnerability Type - Unknown Product (CVE-2005-0194) - Low [119]

Description: {'vulners_cve_data_all': 'Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0194 was patched at 2024-05-15

9508. Unknown Vulnerability Type - Unknown Product (CVE-2005-2626) - Low [119]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Kismet before 2005-08-R1 allows remote attackers to have an unknown impact via unprintable characters in the SSID.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2626 was patched at 2024-05-15

9509. Unknown Vulnerability Type - Unknown Product (CVE-2005-2655) - Low [119]

Description: {'vulners_cve_data_all': 'lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2655 was patched at 2024-05-15

9510. Unknown Vulnerability Type - Unknown Product (CVE-2005-2659) - Low [119]

Description: {'vulners_cve_data_all': 'Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as used in products such as KchmViewer, has unknown impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2659 was patched at 2024-05-15

9511. Unknown Vulnerability Type - Unknown Product (CVE-2005-3068) - Low [119]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Eric Integrated Development Environment (eric3) before 3.7.2 has unknown impact and attack vectors related to a "potential security exploit."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3068 was patched at 2024-05-15

9512. Unknown Vulnerability Type - Unknown Product (CVE-2005-3587) - Low [119]

Description: {'vulners_cve_data_all': 'Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3587 was patched at 2024-05-15

9513. Unknown Vulnerability Type - Unknown Product (CVE-2006-4028) - Low [119]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4028 was patched at 2024-05-15

9514. Unknown Vulnerability Type - Unknown Product (CVE-2007-0640) - Low [119]

Description: {'vulners_cve_data_all': 'Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0640 was patched at 2024-05-15

9515. Unknown Vulnerability Type - Unknown Product (CVE-2007-0899) - Low [119]

Description: {'vulners_cve_data_all': 'There is a possible heap overflow in libclamav/fsg.c before 0.100.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0899 was patched at 2024-05-15

9516. Unknown Vulnerability Type - Unknown Product (CVE-2007-0903) - Low [119]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0903 was patched at 2024-05-15

9517. Unknown Vulnerability Type - Unknown Product (CVE-2007-1406) - Low [119]

Description: {'vulners_cve_data_all': 'Trac before 0.10.3.1 does not send a Content-Disposition HTTP header specifying an attachment in certain "unsafe" situations, which has unknown impact and remote attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1406 was patched at 2024-05-15

9518. Unknown Vulnerability Type - Unknown Product (CVE-2007-4074) - Low [119]

Description: {'vulners_cve_data_all': 'The default configuration of Centre for Speech Technology Research (CSTR) Festival 1.95 beta (aka 2.0 beta) on Gentoo Linux, SUSE Linux, and possibly other distributions, is run locally with elevated privileges without requiring authentication, which allows local and remote attackers to execute arbitrary commands via the local daemon on port 1314, a different vulnerability than CVE-2001-0956. NOTE: this issue is local in some environments, but remote on others.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4074 was patched at 2024-05-15

9519. Unknown Vulnerability Type - Unknown Product (CVE-2007-5372) - Low [119]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5372 was patched at 2024-05-15

9520. Unknown Vulnerability Type - Unknown Product (CVE-2007-6337) - Low [119]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6337 was patched at 2024-05-15

9521. Unknown Vulnerability Type - Unknown Product (CVE-2007-6354) - Low [119]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability than CVE-2007-6355.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6354 was patched at 2024-05-15

9522. Unknown Vulnerability Type - Unknown Product (CVE-2007-6745) - Low [119]

Description: {'vulners_cve_data_all': 'clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6745 was patched at 2024-05-15

9523. Unknown Vulnerability Type - Unknown Product (CVE-2008-3522) - Low [119]

Description: {'vulners_cve_data_all': 'Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3522 was patched at 2024-05-15

9524. Unknown Vulnerability Type - Unknown Product (CVE-2008-4641) - Low [119]

Description: {'vulners_cve_data_all': 'The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4641 was patched at 2024-05-15

9525. Unknown Vulnerability Type - Unknown Product (CVE-2008-5184) - Low [119]

Description: {'vulners_cve_data_all': 'The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5184 was patched at 2024-05-15

9526. Unknown Vulnerability Type - Unknown Product (CVE-2008-5244) - Low [119]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5244 was patched at 2024-05-15

9527. Unknown Vulnerability Type - Unknown Product (CVE-2008-5812) - Low [119]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5812 was patched at 2024-05-15

9528. Unknown Vulnerability Type - Unknown Product (CVE-2008-7291) - Low [119]

Description: {'vulners_cve_data_all': 'gri before 2.12.18 generates temporary files in an insecure way.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7291 was patched at 2024-05-15

9529. Unknown Vulnerability Type - Unknown Product (CVE-2008-7315) - Low [119]

Description: {'vulners_cve_data_all': 'UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7315 was patched at 2024-05-15

9530. Unknown Vulnerability Type - Unknown Product (CVE-2009-0939) - Low [119]

Description: {'vulners_cve_data_all': 'Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec conformance," as demonstrated using 192.168.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0939 was patched at 2024-05-15

9531. Unknown Vulnerability Type - Unknown Product (CVE-2009-1443) - Low [119]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in the Server component in OCS Inventory NG before 1.02 have unknown impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1443 was patched at 2024-05-15

9532. Unknown Vulnerability Type - Unknown Product (CVE-2009-2459) - Low [119]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in mimeTeX, when downloaded before 20090713, have unknown impact and attack vectors related to the (1) \\environ, (2) \\input, and (3) \\counter TeX directives.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2459 was patched at 2024-05-15

9533. Unknown Vulnerability Type - Unknown Product (CVE-2009-5052) - Low [119]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5052 was patched at 2024-05-15

9534. Unknown Vulnerability Type - Unknown Product (CVE-2010-2451) - Low [119]

Description: {'vulners_cve_data_all': 'Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2451 was patched at 2024-05-15

9535. Unknown Vulnerability Type - Unknown Product (CVE-2010-4533) - Low [119]

Description: {'vulners_cve_data_all': 'offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4533 was patched at 2024-05-15

9536. Unknown Vulnerability Type - Unknown Product (CVE-2010-4722) - Low [119]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 has unknown impact and remote attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4722 was patched at 2024-05-15

9537. Unknown Vulnerability Type - Unknown Product (CVE-2010-4724) - Low [119]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in the parser implementation in Smarty before 3.0.0 RC3 have unknown impact and remote attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4724 was patched at 2024-05-15

9538. Unknown Vulnerability Type - Unknown Product (CVE-2010-4726) - Low [119]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC1 has unknown impact and remote attack vectors. NOTE: this might overlap CVE-2009-1669.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4726 was patched at 2024-05-15

9539. Unknown Vulnerability Type - Unknown Product (CVE-2010-4744) - Low [119]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have unknown impact and attack vectors, a different issue than CVE-2010-3441.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4744 was patched at 2024-05-15

9540. Unknown Vulnerability Type - Unknown Product (CVE-2011-1933) - Low [119]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in Jifty::DBI before 0.68.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1933 was patched at 2024-05-15

9541. Unknown Vulnerability Type - Unknown Product (CVE-2011-1935) - Low [119]

Description: {'vulners_cve_data_all': 'pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1935 was patched at 2024-05-15

9542. Unknown Vulnerability Type - Unknown Product (CVE-2011-3122) - Low [119]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3122 was patched at 2024-05-15

9543. Unknown Vulnerability Type - Unknown Product (CVE-2011-3125) - Low [119]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3125 was patched at 2024-05-15

9544. Unknown Vulnerability Type - Unknown Product (CVE-2011-4120) - Low [119]

Description: {'vulners_cve_data_all': 'Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4120 was patched at 2024-05-15

9545. Unknown Vulnerability Type - Unknown Product (CVE-2011-4125) - Low [119]

Description: {'vulners_cve_data_all': 'A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4125 was patched at 2024-05-15

9546. Unknown Vulnerability Type - Unknown Product (CVE-2012-1187) - Low [119]

Description: {'vulners_cve_data_all': 'Bitlbee does not drop extra group privileges correctly in unix.c', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1187 was patched at 2024-05-15

9547. Unknown Vulnerability Type - Unknown Product (CVE-2012-1577) - Low [119]

Description: {'vulners_cve_data_all': 'lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1577 was patched at 2024-05-15

9548. Unknown Vulnerability Type - Unknown Product (CVE-2012-2321) - Low [119]

Description: {'vulners_cve_data_all': 'The loopback plug-in in ConnMan before 0.85 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) host name or (2) domain name in a DHCP reply.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2321 was patched at 2024-05-15

9549. Unknown Vulnerability Type - Unknown Product (CVE-2012-2400) - Low [119]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2400 was patched at 2024-05-15

9550. Unknown Vulnerability Type - Unknown Product (CVE-2012-5197) - Low [119]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 have unknown impact and attack vectors related to "error checking of system calls."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5197 was patched at 2024-05-15

9551. Unknown Vulnerability Type - Unknown Product (CVE-2012-6125) - Low [119]

Description: {'vulners_cve_data_all': 'Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6125 was patched at 2024-05-15

9552. Unknown Vulnerability Type - Unknown Product (CVE-2013-2018) - Low [119]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2018 was patched at 2024-05-15

9553. Unknown Vulnerability Type - Unknown Product (CVE-2013-4437) - Low [119]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 has unspecified impact and vectors related to "insecure Usage of /tmp."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4437 was patched at 2024-05-15

9554. Unknown Vulnerability Type - Unknown Product (CVE-2013-4441) - Low [119]

Description: {'vulners_cve_data_all': 'The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4441 was patched at 2024-05-15

9555. Unknown Vulnerability Type - Unknown Product (CVE-2013-5986) - Low [119]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 has unknown impact and attack vectors, a different vulnerability than CVE-2013-5987.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-5986 was patched at 2024-05-15

9556. Unknown Vulnerability Type - Unknown Product (CVE-2013-7087) - Low [119]

Description: {'vulners_cve_data_all': 'ClamAV before 0.97.7 has WWPack corrupt heap memory', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7087 was patched at 2024-05-15

9557. Unknown Vulnerability Type - Unknown Product (CVE-2014-0175) - Low [119]

Description: {'vulners_cve_data_all': 'mcollective has a default password set at install', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0175 was patched at 2024-05-15

9558. Unknown Vulnerability Type - Unknown Product (CVE-2014-9474) - Low [119]

Description: {'vulners_cve_data_all': 'Buffer overflow in the mpfr_strtofr function in GNU MPFR before 3.1.2-p11 allows context-dependent attackers to have unspecified impact via vectors related to incorrect documentation for mpn_set_str.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9474 was patched at 2024-05-15

9559. Unknown Vulnerability Type - Unknown Product (CVE-2015-0565) - Low [119]

Description: {'vulners_cve_data_all': 'NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0565 was patched at 2024-05-15

9560. Unknown Vulnerability Type - Unknown Product (CVE-2015-3886) - Low [119]

Description: {'vulners_cve_data_all': 'libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-3886 was patched at 2024-05-15

9561. Unknown Vulnerability Type - Unknown Product (CVE-2015-5224) - Low [119]

Description: {'vulners_cve_data_all': 'The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5224 was patched at 2024-05-15

9562. Unknown Vulnerability Type - Unknown Product (CVE-2016-1585) - Low [119]

Description: {'vulners_cve_data_all': 'In all versions of AppArmor mount rules are accidentally widened when compiled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1585 was patched at 2024-05-15

9563. Unknown Vulnerability Type - Unknown Product (CVE-2016-20014) - Low [119]

Description: {'vulners_cve_data_all': 'In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-20014 was patched at 2024-05-15

9564. Unknown Vulnerability Type - Unknown Product (CVE-2016-5713) - Low [119]

Description: {'vulners_cve_data_all': 'Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5713 was patched at 2024-05-15

9565. Unknown Vulnerability Type - Unknown Product (CVE-2016-9558) - Low [119]

Description: {'vulners_cve_data_all': '(1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf before 20161124 allow remote attackers to have unspecified impact via a crafted bit pattern in a signed leb number, aka a "negation overflow."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9558 was patched at 2024-05-15

9566. Unknown Vulnerability Type - Unknown Product (CVE-2017-12588) - Low [119]

Description: {'vulners_cve_data_all': 'The zmq3 input and output modules in rsyslog before 8.28.0 interpreted description fields as format strings, possibly allowing a format string attack with unspecified impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12588 was patched at 2024-05-15

9567. Unknown Vulnerability Type - Unknown Product (CVE-2017-14804) - Low [119]

Description: {'vulners_cve_data_all': 'The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14804 was patched at 2024-05-15

9568. Unknown Vulnerability Type - Unknown Product (CVE-2017-18021) - Low [119]

Description: {'vulners_cve_data_all': 'It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-18021 was patched at 2024-05-15

9569. Unknown Vulnerability Type - Unknown Product (CVE-2017-18212) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function in lit/lit-char-helpers.c via a RegExp("[\\x0"); payload.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-18212 was patched at 2024-05-15

9570. Unknown Vulnerability Type - Unknown Product (CVE-2017-20146) - Low [119]

Description: {'vulners_cve_data_all': 'Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-20146 was patched at 2024-05-15

9571. Unknown Vulnerability Type - Unknown Product (CVE-2017-20189) - Low [119]

Description: {'vulners_cve_data_all': 'In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-20189 was patched at 2024-05-15

9572. Unknown Vulnerability Type - Unknown Product (CVE-2017-5226) - Low [119]

Description: {'vulners_cve_data_all': 'When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5226 was patched at 2024-05-15

9573. Unknown Vulnerability Type - Unknown Product (CVE-2017-7893) - Low [119]

Description: {'vulners_cve_data_all': 'In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7893 was patched at 2024-05-15

9574. Unknown Vulnerability Type - Unknown Product (CVE-2017-9051) - Low [119]

Description: {'vulners_cve_data_all': 'libav before 12.1 is vulnerable to an invalid read of size 1 due to NULL pointer dereferencing in the nsv_read_chunk function in libavformat/nsvdec.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9051 was patched at 2024-05-15

9575. Unknown Vulnerability Type - Unknown Product (CVE-2017-9052) - Low [119]

Description: {'vulners_cve_data_all': 'An issue, also known as DW201703-006, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in dwarf_formsdata() is due to a failure to check a pointer for being in bounds (in a few places in this function) and a failure in a check in dwarf_attr_list().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9052 was patched at 2024-05-15

9576. Unknown Vulnerability Type - Unknown Product (CVE-2017-9054) - Low [119]

Description: {'vulners_cve_data_all': 'An issue, also known as DW201703-002, was discovered in libdwarf 2017-03-21. In _dwarf_decode_s_leb128_chk() a byte pointer was dereferenced just before it was checked for being in bounds, leading to a heap-based buffer over-read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9054 was patched at 2024-05-15

9577. Unknown Vulnerability Type - Unknown Product (CVE-2017-9055) - Low [119]

Description: {'vulners_cve_data_all': 'An issue, also known as DW201703-001, was discovered in libdwarf 2017-03-21. In dwarf_formsdata() a few data types were not checked for being in bounds, leading to a heap-based buffer over-read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9055 was patched at 2024-05-15

9578. Unknown Vulnerability Type - Unknown Product (CVE-2017-9104) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9104 was patched at 2024-05-15

9579. Unknown Vulnerability Type - Unknown Product (CVE-2017-9109) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the CNAME itself. In that case the answer data structure (on the heap) can be overrun. With this fixed, it prefers to look only at the answer RRs which come after the CNAME, which is at least arguably correct.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9109 was patched at 2024-05-15

9580. Unknown Vulnerability Type - Unknown Product (CVE-2017-9269) - Low [119]

Description: {'vulners_cve_data_all': 'In libzypp before August 2018 GPG keys attached to YUM repositories were not correctly pinned, allowing malicious repository mirrors to silently downgrade to unsigned repositories with potential malicious content.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9269 was patched at 2024-05-15

9581. Unknown Vulnerability Type - Unknown Product (CVE-2018-1000101) - Low [119]

Description: {'vulners_cve_data_all': 'Mingw-w64 version 5.0.3 and earlier, 5.0.4, 6.0.0 and 7.0.0 contains an Improper Null Termination (CWE-170) vulnerability in mingw-w64-crt (libc)->(v)snprintf that can result in The bug may be used to corrupt subsequent string functions. This attack appear to be exploitable via Depending on the usage, worst case: network.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000101 was patched at 2024-05-15

9582. Unknown Vulnerability Type - Unknown Product (CVE-2018-10992) - Low [119]

Description: {'vulners_cve_data_all': 'lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument, because the GNU Guile code uses the system Scheme procedure instead of the system* Scheme procedure. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-17523.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10992 was patched at 2024-05-15

9583. Unknown Vulnerability Type - Unknown Product (CVE-2018-11210) - Low [119]

Description: {'vulners_cve_data_all': 'TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11210 was patched at 2024-05-15

9584. Unknown Vulnerability Type - Unknown Product (CVE-2018-11418) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_utf8 function via a RegExp("[\\\\u0020") payload, related to re_parse_char_class in parser/regexp/re-parser.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11418 was patched at 2024-05-15

9585. Unknown Vulnerability Type - Unknown Product (CVE-2018-11419) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function via a RegExp("[\\\\u0") payload, related to re_parse_char_class in parser/regexp/re-parser.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11419 was patched at 2024-05-15

9586. Unknown Vulnerability Type - Unknown Product (CVE-2018-12562) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12562 was patched at 2024-05-15

9587. Unknown Vulnerability Type - Unknown Product (CVE-2018-1297) - Low [119]

Description: {'vulners_cve_data_all': 'When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1297 was patched at 2024-05-15

9588. Unknown Vulnerability Type - Unknown Product (CVE-2018-13421) - Low [119]

Description: {'vulners_cve_data_all': 'Fast C++ CSV Parser (aka fast-cpp-csv-parser) before 2018-07-06 has a heap-based buffer over-read in io::trim_chars in csv.h.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-13421 was patched at 2024-05-15

9589. Unknown Vulnerability Type - Unknown Product (CVE-2018-13869) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-13869 was patched at 2024-05-15

9590. Unknown Vulnerability Type - Unknown Product (CVE-2018-13870) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_link_decode in H5Olink.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-13870 was patched at 2024-05-15

9591. Unknown Vulnerability Type - Unknown Product (CVE-2018-16491) - Low [119]

Description: {'vulners_cve_data_all': 'A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16491 was patched at 2024-05-15

9592. Unknown Vulnerability Type - Unknown Product (CVE-2018-16983) - Low [119]

Description: {'vulners_cve_data_all': 'NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16983 was patched at 2024-05-15

9593. Unknown Vulnerability Type - Unknown Product (CVE-2018-17613) - Low [119]

Description: {'vulners_cve_data_all': 'Telegram Desktop (aka tdesktop) 1.3.16 alpha, when "Use proxy" is enabled, sends credentials and application data in cleartext over the SOCKS5 protocol.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17613 was patched at 2024-05-15

9594. Unknown Vulnerability Type - Unknown Product (CVE-2018-17825) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in AdPlug 2.3.1. There are several double-free vulnerabilities in the CEmuopl class in emuopl.cpp because of a destructor's two OPLDestroy calls, each of which frees TL_TABLE, SIN_TABLE, AMS_TABLE, and VIB_TABLE.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17825 was patched at 2024-05-15

9595. Unknown Vulnerability Type - Unknown Product (CVE-2018-18197) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in libgig 4.1.0. There is an operator new[] failure (due to a big pSampleLoops heap request) in DLS::Sampler::Sampler in DLS.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18197 was patched at 2024-05-15

9596. Unknown Vulnerability Type - Unknown Product (CVE-2018-19800) - Low [119]

Description: {'vulners_cve_data_all': 'aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19800 was patched at 2024-05-15

9597. Unknown Vulnerability Type - Unknown Product (CVE-2018-20839) - Low [119]

Description: {'vulners_cve_data_all': 'systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20839 was patched at 2024-05-15

9598. Unknown Vulnerability Type - Unknown Product (CVE-2018-21234) - Low [119]

Description: {'vulners_cve_data_all': 'Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-21234 was patched at 2024-05-15

9599. Unknown Vulnerability Type - Unknown Product (CVE-2018-7648) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The output prefix was not checked for length, which could overflow a buffer, when providing a prefix with 50 or more characters on the command line.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7648 was patched at 2024-05-15

9600. Unknown Vulnerability Type - Unknown Product (CVE-2019-10053) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in Suricata 4.1.x before 4.1.4. If the input of the function SSHParseBanner is composed only of a \\n character, then the program runs into a heap-based buffer over-read. This occurs because the erroneous search for \\r results in an integer underflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10053 was patched at 2024-05-15

9601. Unknown Vulnerability Type - Unknown Product (CVE-2019-11371) - Low [119]

Description: {'vulners_cve_data_all': 'BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow via a long prefix that is mishandled in bns_fasta2bntseq and bns_dump at btnseq.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11371 was patched at 2024-05-15

9602. Unknown Vulnerability Type - Unknown Product (CVE-2019-11834) - Low [119]

Description: {'vulners_cve_data_all': 'cJSON before 1.7.11 allows out-of-bounds access, related to \\x00 in a string literal.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11834 was patched at 2024-05-15

9603. Unknown Vulnerability Type - Unknown Product (CVE-2019-11835) - Low [119]

Description: {'vulners_cve_data_all': 'cJSON before 1.7.11 allows out-of-bounds access, related to multiline comments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11835 was patched at 2024-05-15

9604. Unknown Vulnerability Type - Unknown Product (CVE-2019-12300) - Low [119]

Description: {'vulners_cve_data_all': 'Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a token allowing them to read the user details of a victim, they can login as the victim.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12300 was patched at 2024-05-15

9605. Unknown Vulnerability Type - Unknown Product (CVE-2019-13207) - Low [119]

Description: {'vulners_cve_data_all': 'nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-13207 was patched at 2024-05-15

9606. Unknown Vulnerability Type - Unknown Product (CVE-2019-14192) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14192 was patched at 2024-05-15

9607. Unknown Vulnerability Type - Unknown Product (CVE-2019-14193) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14193 was patched at 2024-05-15

9608. Unknown Vulnerability Type - Unknown Product (CVE-2019-14194) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14194 was patched at 2024-05-15

9609. Unknown Vulnerability Type - Unknown Product (CVE-2019-14195) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14195 was patched at 2024-05-15

9610. Unknown Vulnerability Type - Unknown Product (CVE-2019-14196) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14196 was patched at 2024-05-15

9611. Unknown Vulnerability Type - Unknown Product (CVE-2019-14198) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14198 was patched at 2024-05-15

9612. Unknown Vulnerability Type - Unknown Product (CVE-2019-14199) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14199 was patched at 2024-05-15

9613. Unknown Vulnerability Type - Unknown Product (CVE-2019-14532) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in The Sleuth Kit (TSK) 4.6.6. There is an off-by-one overwrite due to an underflow on tools/hashtools/hfind.cpp while using a bogus hash table.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14532 was patched at 2024-05-15

9614. Unknown Vulnerability Type - Unknown Product (CVE-2019-15052) - Low [119]

Description: {'vulners_cve_data_all': 'The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15052 was patched at 2024-05-15

9615. Unknown Vulnerability Type - Unknown Product (CVE-2019-15151) - Low [119]

Description: {'vulners_cve_data_all': 'AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15151 was patched at 2024-05-15

9616. Unknown Vulnerability Type - Unknown Product (CVE-2019-15232) - Low [119]

Description: {'vulners_cve_data_all': 'Live555 before 2019.08.16 has a Use-After-Free because GenericMediaServer::createNewClientSessionWithId can generate the same client session ID in succession, which is mishandled by the MPEG1or2 and Matroska file demultiplexors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15232 was patched at 2024-05-15

9617. Unknown Vulnerability Type - Unknown Product (CVE-2019-15522) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15522 was patched at 2024-05-15

9618. Unknown Vulnerability Type - Unknown Product (CVE-2019-15551) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in the smallvec crate before 0.6.10 for Rust. There is a double free for certain grow attempts with the current capacity.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15551 was patched at 2024-05-15

9619. Unknown Vulnerability Type - Unknown Product (CVE-2019-15651) - Low [119]

Description: {'vulners_cve_data_all': 'wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCertExtensions in wolfcrypt/src/asn.c because reading the ASN_BOOLEAN byte is mishandled for a crafted DER certificate in GetLength_ex.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15651 was patched at 2024-05-15

9620. Unknown Vulnerability Type - Unknown Product (CVE-2019-15784) - Low [119]

Description: {'vulners_cve_data_all': 'Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array overflow if there are many SRT connections.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15784 was patched at 2024-05-15

9621. Unknown Vulnerability Type - Unknown Product (CVE-2019-15874) - Low [119]

Description: {'vulners_cve_data_all': 'In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has been freed leading to a kernel panic or other unpredictable results.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15874 was patched at 2024-05-15

9622. Unknown Vulnerability Type - Unknown Product (CVE-2019-16227) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16227 was patched at 2024-05-15

9623. Unknown Vulnerability Type - Unknown Product (CVE-2019-16748) - Low [119]

Description: {'vulners_cve_data_all': 'In wolfSSL through 4.1.0, there is a missing sanity check of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer over-read in CheckCertSignature_ex in wolfcrypt/src/asn.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16748 was patched at 2024-05-15

9624. Unknown Vulnerability Type - Unknown Product (CVE-2019-17040) - Low [119]

Description: {'vulners_cve_data_all': 'contrib/pmdb2diag/pmdb2diag.c in Rsyslog v8.1908.0 allows out-of-bounds access because the level length is mishandled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17040 was patched at 2024-05-15

9625. Unknown Vulnerability Type - Unknown Product (CVE-2019-19010) - Low [119]

Description: {'vulners_cve_data_all': 'Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19010 was patched at 2024-05-15

9626. Unknown Vulnerability Type - Unknown Product (CVE-2019-19977) - Low [119]

Description: {'vulners_cve_data_all': 'libESMTP through 1.0.6 mishandles domain copying into a fixed-size buffer in ntlm_build_type_2 in ntlm/ntlmstruct.c, as demonstrated by a stack-based buffer over-read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19977 was patched at 2024-05-15

9627. Unknown Vulnerability Type - Unknown Product (CVE-2019-20790) - Low [119]

Description: {'vulners_cve_data_all': 'OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20790 was patched at 2024-05-15

9628. Unknown Vulnerability Type - Unknown Product (CVE-2019-25009) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a raw pointer, defeating soundness.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-25009 was patched at 2024-05-15

9629. Unknown Vulnerability Type - Unknown Product (CVE-2019-25010) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur when __private_get_type_id__ is overridden.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-25010 was patched at 2024-05-15

9630. Unknown Vulnerability Type - Unknown Product (CVE-2019-5421) - Low [119]

Description: {'vulners_cve_data_all': 'Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempts` method. File location: lib/devise/models/lockable.rb that can result in Multiple concurrent requests can prevent an attacker from being blocked on brute force attacks. This attack appear to be exploitable via Network connectivity - brute force attacks. This vulnerability appears to have been fixed in 4.6.0 and later.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5421 was patched at 2024-05-15

9631. Unknown Vulnerability Type - Unknown Product (CVE-2019-5614) - Low [119]

Description: {'vulners_cve_data_all': 'In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in accessing out-of-bounds memory leading to a kernel panic or other unpredictable results.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5614 was patched at 2024-05-15

9632. Unknown Vulnerability Type - Unknown Product (CVE-2020-11986) - Low [119]

Description: {'vulners_cve_data_all': 'To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis of the project at load time. This in turn will run potentially malicious code, from an external source, without the consent of the user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11986 was patched at 2024-05-15

9633. Unknown Vulnerability Type - Unknown Product (CVE-2020-13091) - Low [119]

Description: {'vulners_cve_data_all': 'pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the read_pickle() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13091 was patched at 2024-05-15

9634. Unknown Vulnerability Type - Unknown Product (CVE-2020-13092) - Low [119]

Description: {'vulners_cve_data_all': 'scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13092 was patched at 2024-05-15

9635. Unknown Vulnerability Type - Unknown Product (CVE-2020-14033) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_streaming_rtsp_parse_sdp in plugins/janus_streaming.c has a Buffer Overflow via a crafted RTSP server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-14033 was patched at 2024-05-15

9636. Unknown Vulnerability Type - Unknown Product (CVE-2020-14034) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_get_codec_from_pt in utils.c has a Buffer Overflow via long value in an SDP Offer packet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-14034 was patched at 2024-05-15

9637. Unknown Vulnerability Type - Unknown Product (CVE-2020-15690) - Low [119]

Description: {'vulners_cve_data_all': 'In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15690 was patched at 2024-05-15

9638. Unknown Vulnerability Type - Unknown Product (CVE-2020-15692) - Low [119]

Description: {'vulners_cve_data_all': 'In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15692 was patched at 2024-05-15

9639. Unknown Vulnerability Type - Unknown Product (CVE-2020-15889) - Low [119]

Description: {'vulners_cve_data_all': 'Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15889 was patched at 2024-05-15

9640. Unknown Vulnerability Type - Unknown Product (CVE-2020-25573) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25573 was patched at 2024-05-15

9641. Unknown Vulnerability Type - Unknown Product (CVE-2020-25575) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25575 was patched at 2024-05-15

9642. Unknown Vulnerability Type - Unknown Product (CVE-2020-25576) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25576 was patched at 2024-05-15

9643. Unknown Vulnerability Type - Unknown Product (CVE-2020-27739) - Low [119]

Description: {'vulners_cve_data_all': 'A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27739 was patched at 2024-05-15

9644. Unknown Vulnerability Type - Unknown Product (CVE-2020-28638) - Low [119]

Description: {'vulners_cve_data_all': 'ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is non-empty, causing affected users' files to be encrypted with "tomb {W] Detected DISPLAY, but only pinentry-curses is found." as the encryption key.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28638 was patched at 2024-05-15

9645. Unknown Vulnerability Type - Unknown Product (CVE-2020-29509) - Low [119]

Description: {'vulners_cve_data_all': 'The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-29509 was patched at 2024-05-15

9646. Unknown Vulnerability Type - Unknown Product (CVE-2020-29510) - Low [119]

Description: {'vulners_cve_data_all': 'The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-29510 was patched at 2024-05-15

9647. Unknown Vulnerability Type - Unknown Product (CVE-2020-29511) - Low [119]

Description: {'vulners_cve_data_all': 'The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-29511 was patched at 2024-05-15

9648. Unknown Vulnerability Type - Unknown Product (CVE-2020-36599) - Low [119]

Description: {'vulners_cve_data_all': 'lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36599 was patched at 2024-05-15

9649. Unknown Vulnerability Type - Unknown Product (CVE-2020-36619) - Low [119]

Description: {'vulners_cve_data_all': 'A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36619 was patched at 2024-05-15

9650. Unknown Vulnerability Type - Unknown Product (CVE-2020-7769) - Low [119]

Description: {'vulners_cve_data_all': 'This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7769 was patched at 2024-05-15

9651. Unknown Vulnerability Type - Unknown Product (CVE-2020-7981) - Low [119]

Description: {'vulners_cve_data_all': 'sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7981 was patched at 2024-05-15

9652. Unknown Vulnerability Type - Unknown Product (CVE-2021-23520) - Low [119]

Description: {'vulners_cve_data_all': 'The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the ZipFile::uncompressEntry function in juce_ZipFile.cpp. This vulnerability is triggered when the archive is extracted upon calling uncompressTo() on a ZipFile object.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-23520 was patched at 2024-05-15

9653. Unknown Vulnerability Type - Unknown Product (CVE-2021-24115) - Low [119]

Description: {'vulners_cve_data_all': 'In Botan before 2.17.3, constant-time computations are not used for certain decoding and encoding operations (base32, base58, base64, and hex).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-24115 was patched at 2024-05-15

9654. Unknown Vulnerability Type - Unknown Product (CVE-2021-26955) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because xcb::xproto::GetAtomNameReply::name() calls std::str::from_utf8_unchecked() on unvalidated bytes from an X server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26955 was patched at 2024-05-15

9655. Unknown Vulnerability Type - Unknown Product (CVE-2021-26956) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because bytes from an X server can be interpreted as any data type returned by xcb::xproto::GetPropertyReply::value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26956 was patched at 2024-05-15

9656. Unknown Vulnerability Type - Unknown Product (CVE-2021-33388) - Low [119]

Description: {'vulners_cve_data_all': 'dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33388 was patched at 2024-05-15

9657. Unknown Vulnerability Type - Unknown Product (CVE-2021-37155) - Low [119]

Description: {'vulners_cve_data_all': 'wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37155 was patched at 2024-05-15

9658. Unknown Vulnerability Type - Unknown Product (CVE-2021-37232) - Low [119]

Description: {'vulners_cve_data_all': 'A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in APar_read64.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37232 was patched at 2024-05-15

9659. Unknown Vulnerability Type - Unknown Product (CVE-2021-38187) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in the anymap crate through 0.12.1 for Rust. It violates soundness via conversion of a *u8 to a *u64.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38187 was patched at 2024-05-15

9660. Unknown Vulnerability Type - Unknown Product (CVE-2021-38441) - Low [119]

Description: {'vulners_cve_data_all': 'Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38441 was patched at 2024-05-15

9661. Unknown Vulnerability Type - Unknown Product (CVE-2021-40084) - Low [119]

Description: {'vulners_cve_data_all': 'opensysusers through 0.6 does not safely use eval on files in sysusers.d that may contain shell metacharacters. For example, it allows command execution via a crafted GECOS field whereas systemd-sysusers (a program with the same specification) does not do that.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40084 was patched at 2024-05-15

9662. Unknown Vulnerability Type - Unknown Product (CVE-2021-40589) - Low [119]

Description: {'vulners_cve_data_all': 'ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40589 was patched at 2024-05-15

9663. Unknown Vulnerability Type - Unknown Product (CVE-2021-41751) - Low [119]

Description: {'vulners_cve_data_all': 'Buffer overflow vulnerability in file ecma-builtin-array-prototype.c:909 in function ecma_builtin_array_prototype_object_slice in Jerryscript before commit e1ce7dd7271288be8c0c8136eea9107df73a8ce2 on Oct 20, 2021.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41751 was patched at 2024-05-15

9664. Unknown Vulnerability Type - Unknown Product (CVE-2021-41868) - Low [119]

Description: {'vulners_cve_data_all': 'OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41868 was patched at 2024-05-15

9665. Unknown Vulnerability Type - Unknown Product (CVE-2021-44496) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size variable and buffer that is passed to a call to memcpy. An attacker can use this to overwrite key data structures and gain control of the flow of execution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44496 was patched at 2024-05-15

9666. Unknown Vulnerability Type - Unknown Product (CVE-2022-23901) - Low [119]

Description: {'vulners_cve_data_all': 'A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-23901 was patched at 2024-05-15

9667. Unknown Vulnerability Type - Unknown Product (CVE-2022-24803) - Low [119]

Description: {'vulners_cve_data_all': 'Asciidoctor-include-ext is Asciidoctor’s standard include processor reimplemented as an extension. Versions prior to 0.4.0, when used to render user-supplied input in AsciiDoc markup, may allow an attacker to execute arbitrary system commands on the host operating system. This attack is possible even when `allow-uri-read` is disabled! The problem has been patched in the referenced commits.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24803 was patched at 2024-05-15

9668. Unknown Vulnerability Type - Unknown Product (CVE-2022-25643) - Low [119]

Description: {'vulners_cve_data_all': 'seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25643 was patched at 2024-05-15

9669. Unknown Vulnerability Type - Unknown Product (CVE-2022-32511) - Low [119]

Description: {'vulners_cve_data_all': 'jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-32511 was patched at 2024-05-15

9670. Unknown Vulnerability Type - Unknown Product (CVE-2022-35978) - Low [119]

Description: {'vulners_cve_data_all': 'Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user's system. There are currently no known workarounds.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 10.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35978 was patched at 2024-05-15

9671. Unknown Vulnerability Type - Unknown Product (CVE-2022-36640) - Low [119]

Description: {'vulners_cve_data_all': 'influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-36640 was patched at 2024-05-15

9672. Unknown Vulnerability Type - Unknown Product (CVE-2022-37598) - Low [119]

Description: {'vulners_cve_data_all': 'Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-37598 was patched at 2024-05-15

9673. Unknown Vulnerability Type - Unknown Product (CVE-2022-4399) - Low [119]

Description: {'vulners_cve_data_all': 'A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7d737a3929f335b9717ddbd31db91151b69ad2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-215252.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-4399 was patched at 2024-05-15

9674. Unknown Vulnerability Type - Unknown Product (CVE-2023-29827) - Low [119]

Description: {'vulners_cve_data_all': 'ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be used with untrusted input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29827 was patched at 2024-05-15

9675. Unknown Vulnerability Type - Unknown Product (CVE-2023-30769) - Low [119]

Description: {'vulners_cve_data_all': 'Vulnerability discovered is related to the peer-to-peer (p2p) communications, attackers can craft consensus messages, send it to individual nodes and take them offline. An attacker can crawl the network peers using getaddr message and attack the unpatched nodes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-30769 was patched at 2024-05-15

9676. Unknown Vulnerability Type - Unknown Product (CVE-2023-38199) - Low [119]

Description: {'vulners_cve_data_all': 'coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion" between the WAF and the backend application. This occurs when the web application relies on only the last Content-Type header. Other platforms may reject the additional Content-Type header or merge conflicting headers, leading to detection as a malformed header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38199 was patched at 2024-05-15

9677. Unknown Vulnerability Type - Unknown Product (CVE-2023-38317) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the network interface name entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38317 was patched at 2024-05-15

9678. Unknown Vulnerability Type - Unknown Product (CVE-2023-38318) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the gateway FQDN entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38318 was patched at 2024-05-15

9679. Unknown Vulnerability Type - Unknown Product (CVE-2023-38319) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38319 was patched at 2024-05-15

9680. Unknown Vulnerability Type - Unknown Product (CVE-2023-38323) - Low [119]

Description: {'vulners_cve_data_all': 'An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the status path script entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38323 was patched at 2024-05-15

9681. Unknown Vulnerability Type - Unknown Product (CVE-2023-50257) - Low [119]

Description: {'vulners_cve_data_all': 'eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Even with the application of SROS2, due to the issue where the data (`p[UD]`) and `guid` values used to disconnect between nodes are not encrypted, a vulnerability has been discovered where a malicious attacker can forcibly disconnect a Subscriber and can deny a Subscriber attempting to connect. Afterwards, if the attacker sends the packet for disconnecting, which is data (`p[UD]`), to the Global Data Space (`239.255.0.1:7400`) using the said Publisher ID, all the Subscribers (Listeners) connected to the Publisher (Talker) will not receive any data and their connection will be disconnected. Moreover, if this disconnection packet is sent continuously, the Subscribers (Listeners) trying to connect will not be able to do so. Since the initial commit of the `SecurityManager.cpp` code (`init`, `on_process_handshake`) on Nov 8, 2016, the Disconnect Vulnerability in RTPS Packets Used by SROS2 has been present prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50257 was patched at 2024-05-15

9682. Unknown Vulnerability Type - Unknown Product (CVE-2023-50716) - Low [119]

Description: {'vulners_cve_data_all': 'eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely terminated. If an invalid Data_Frag packet is sent, the `Inline_qos, SerializedPayload` member of object `ch` will attempt to release memory without initialization, resulting in a 'bad-free' error. Versions 2.13.0, 2.12.2, 2.11.3, 2.10.2, and 2.6.7 fix this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50716 was patched at 2024-05-15

9683. Unknown Vulnerability Type - Unknown Product (CVE-2023-6879) - Low [119]

Description: {'vulners_cve_data_all': 'Increasing the resolution of video frames, while performing a multi-threaded encode, can result in a heap overflow in av1_loop_restoration_dealloc().\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score1.010CVSS Base Score is 9.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-6879 was patched at 2024-05-15

9684. Unknown Vulnerability Type - FFmpeg (CVE-2024-31581) - Low [116]

Description: {'vulners_cve_data_all': 'FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.714FFmpeg is a free and open-source software project consisting of a suite of libraries and programs for handling video, audio, and other multimedia files and streams
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31581 was patched at 2024-05-15

9685. Unknown Vulnerability Type - Perl (CVE-2005-0448) - Low [111]

Description: {'vulners_cve_data_all': 'Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0448 was patched at 2024-05-15

9686. Unknown Vulnerability Type - Unknown Product (CVE-2007-0313) - Low [107]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0313 was patched at 2024-05-15

9687. Unknown Vulnerability Type - Unknown Product (CVE-2007-4396) - Low [107]

Description: {'vulners_cve_data_all': 'Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4396 was patched at 2024-05-15

9688. Unknown Vulnerability Type - Unknown Product (CVE-2007-6199) - Low [107]

Description: {'vulners_cve_data_all': 'rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6199 was patched at 2024-05-15

9689. Unknown Vulnerability Type - Unknown Product (CVE-2007-6278) - Low [107]

Description: {'vulners_cve_data_all': 'Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6278 was patched at 2024-05-15

9690. Unknown Vulnerability Type - Unknown Product (CVE-2008-5110) - Low [107]

Description: {'vulners_cve_data_all': 'syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5110 was patched at 2024-05-15

9691. Unknown Vulnerability Type - Unknown Product (CVE-2008-7177) - Low [107]

Description: {'vulners_cve_data_all': 'Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7177 was patched at 2024-05-15

9692. Unknown Vulnerability Type - Unknown Product (CVE-2009-4502) - Low [107]

Description: {'vulners_cve_data_all': 'The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4502 was patched at 2024-05-15

9693. Unknown Vulnerability Type - Unknown Product (CVE-2010-1132) - Low [107]

Description: {'vulners_cve_data_all': 'The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1132 was patched at 2024-05-15

9694. Unknown Vulnerability Type - Unknown Product (CVE-2010-3844) - Low [107]

Description: {'vulners_cve_data_all': 'An unchecked sscanf() call in ettercap before 0.7.5 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3844 was patched at 2024-05-15

9695. Unknown Vulnerability Type - Unknown Product (CVE-2010-4723) - Low [107]

Description: {'vulners_cve_data_all': 'Smarty before 3.0.0, when security is enabled, does not prevent access to the (1) dynamic and (2) private object members of an assigned object, which has unspecified impact and remote attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4723 was patched at 2024-05-15

9696. Unknown Vulnerability Type - Unknown Product (CVE-2011-3129) - Low [107]

Description: {'vulners_cve_data_all': 'The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3129 was patched at 2024-05-15

9697. Unknown Vulnerability Type - Unknown Product (CVE-2011-3147) - Low [107]

Description: {'vulners_cve_data_all': 'Versions of nova before 2012.1 could expose hypervisor host files to a guest operating system when processing a maliciously constructed qcow filesystem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3147 was patched at 2024-05-15

9698. Unknown Vulnerability Type - Unknown Product (CVE-2011-3211) - Low [107]

Description: {'vulners_cve_data_all': 'The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3211 was patched at 2024-05-15

9699. Unknown Vulnerability Type - Unknown Product (CVE-2012-0208) - Low [107]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to qrsh.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0208 was patched at 2024-05-15

9700. Unknown Vulnerability Type - Unknown Product (CVE-2012-2186) - Low [107]

Description: {'vulners_cve_data_all': 'Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2186 was patched at 2024-05-15

9701. Unknown Vulnerability Type - Unknown Product (CVE-2012-3366) - Low [107]

Description: {'vulners_cve_data_all': 'The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers with root access to the client to execute arbitrary commands via shell metacharacters in the UUID field to the server process (bcfg2-server).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3366 was patched at 2024-05-15

9702. Unknown Vulnerability Type - Unknown Product (CVE-2012-3462) - Low [107]

Description: {'vulners_cve_data_all': 'A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3462 was patched at 2024-05-15

9703. Unknown Vulnerability Type - Unknown Product (CVE-2012-6639) - Low [107]

Description: {'vulners_cve_data_all': 'An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6639 was patched at 2024-05-15

9704. Unknown Vulnerability Type - Unknown Product (CVE-2013-4436) - Low [107]

Description: {'vulners_cve_data_all': 'The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4436 was patched at 2024-05-15

9705. Unknown Vulnerability Type - Unknown Product (CVE-2014-3498) - Low [107]

Description: {'vulners_cve_data_all': 'The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3498 was patched at 2024-05-15

9706. Unknown Vulnerability Type - Unknown Product (CVE-2015-0853) - Low [107]

Description: {'vulners_cve_data_all': 'svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0853 was patched at 2024-05-15

9707. Unknown Vulnerability Type - Unknown Product (CVE-2015-5395) - Low [107]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5395 was patched at 2024-05-15

9708. Unknown Vulnerability Type - Unknown Product (CVE-2015-8371) - Low [107]

Description: {'vulners_cve_data_all': 'Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package repository (which may simply be a commit hash, and thus can be found by an attacker). Versions through 1.0.0-alpha11 are affected, and 1.0.0 is unaffected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8371 was patched at 2024-05-15

9709. Unknown Vulnerability Type - Unknown Product (CVE-2015-9284) - Low [107]

Description: {'vulners_cve_data_all': 'The request phase of the OmniAuth Ruby gem (1.9.1 and earlier) is vulnerable to Cross-Site Request Forgery when used as part of the Ruby on Rails framework, allowing accounts to be connected without user intent, user interaction, or feedback to the user. This permits a secondary account to be able to sign into the web application as the primary account.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-9284 was patched at 2024-05-15

9710. Unknown Vulnerability Type - Unknown Product (CVE-2016-10377) - Low [107]

Description: {'vulners_cve_data_all': 'In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list enforced by the switch.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10377 was patched at 2024-05-15

9711. Unknown Vulnerability Type - Unknown Product (CVE-2016-6582) - Low [107]

Description: {'vulners_cve_data_all': 'The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6582 was patched at 2024-05-15

9712. Unknown Vulnerability Type - Unknown Product (CVE-2016-8640) - Low [107]

Description: {'vulners_cve_data_all': 'A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-8640 was patched at 2024-05-15

9713. Unknown Vulnerability Type - Unknown Product (CVE-2016-9016) - Low [107]

Description: {'vulners_cve_data_all': 'Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9016 was patched at 2024-05-15

9714. Unknown Vulnerability Type - Unknown Product (CVE-2016-9121) - Low [107]

Description: {'vulners_cve_data_all': 'go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the receiver, thus making it vulnerable to an invalid curve attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9121 was patched at 2024-05-15

9715. Unknown Vulnerability Type - Unknown Product (CVE-2016-9639) - Low [107]

Description: {'vulners_cve_data_all': 'Salt before 2015.8.11 allows deleted minions to read or write to minions with the same id, related to caching.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9639 was patched at 2024-05-15

9716. Unknown Vulnerability Type - Unknown Product (CVE-2017-15914) - Low [107]

Description: {'vulners_cve_data_all': 'Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers 1.1.x before 1.1.3.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15914 was patched at 2024-05-15

9717. Unknown Vulnerability Type - Unknown Product (CVE-2017-17459) - Low [107]

Description: {'vulners_cve_data_all': 'http_transport.c in Fossil before 2.4, when the SSH sync protocol is used, allows user-assisted remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-14176, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17459 was patched at 2024-05-15

9718. Unknown Vulnerability Type - Unknown Product (CVE-2017-17513) - Low [107]

Description: {'vulners_cve_data_all': 'TeX Live through 20170524 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, related to linked_scripts/context/stubs/unix/mtxrun, texmf-dist/scripts/context/stubs/mswin/mtxrun.lua, and texmf-dist/tex/luatex/lualibs/lualibs-os.lua.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17513 was patched at 2024-05-15

9719. Unknown Vulnerability Type - Unknown Product (CVE-2017-17514) - Low [107]

Description: {'vulners_cve_data_all': 'boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17514 was patched at 2024-05-15

9720. Unknown Vulnerability Type - Unknown Product (CVE-2017-17515) - Low [107]

Description: {'vulners_cve_data_all': 'etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated that the code to access this environment variable is not enabled in the shipped product', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17515 was patched at 2024-05-15

9721. Unknown Vulnerability Type - Unknown Product (CVE-2017-17516) - Low [107]

Description: {'vulners_cve_data_all': 'scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17516 was patched at 2024-05-15

9722. Unknown Vulnerability Type - Unknown Product (CVE-2017-17517) - Low [107]

Description: {'vulners_cve_data_all': 'libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17517 was patched at 2024-05-15

9723. Unknown Vulnerability Type - Unknown Product (CVE-2017-17519) - Low [107]

Description: {'vulners_cve_data_all': 'batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) 2.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17519 was patched at 2024-05-15

9724. Unknown Vulnerability Type - Unknown Product (CVE-2017-17520) - Low [107]

Description: {'vulners_cve_data_all': 'tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional behavior, because the documentation states "url_handler.pl was designed to work together with tin which only issues shell escaped absolute URLs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17520 was patched at 2024-05-15

9725. Unknown Vulnerability Type - Unknown Product (CVE-2017-17521) - Low [107]

Description: {'vulners_cve_data_all': 'uiutil.c in FontForge through 20170731 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, a different vulnerability than CVE-2017-17534.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17521 was patched at 2024-05-15

9726. Unknown Vulnerability Type - Unknown Product (CVE-2017-17523) - Low [107]

Description: {'vulners_cve_data_all': 'lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17523 was patched at 2024-05-15

9727. Unknown Vulnerability Type - Unknown Product (CVE-2017-17524) - Low [107]

Description: {'vulners_cve_data_all': 'library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17524 was patched at 2024-05-15

9728. Unknown Vulnerability Type - Unknown Product (CVE-2017-17525) - Low [107]

Description: {'vulners_cve_data_all': 'guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17525 was patched at 2024-05-15

9729. Unknown Vulnerability Type - Unknown Product (CVE-2017-17526) - Low [107]

Description: {'vulners_cve_data_all': 'Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17526 was patched at 2024-05-15

9730. Unknown Vulnerability Type - Unknown Product (CVE-2017-17527) - Low [107]

Description: {'vulners_cve_data_all': 'delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code referencing the BROWSER environment variable is never used', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17527 was patched at 2024-05-15

9731. Unknown Vulnerability Type - Unknown Product (CVE-2017-17528) - Low [107]

Description: {'vulners_cve_data_all': 'backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17528 was patched at 2024-05-15

9732. Unknown Vulnerability Type - Unknown Product (CVE-2017-17529) - Low [107]

Description: {'vulners_cve_data_all': 'af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17529 was patched at 2024-05-15

9733. Unknown Vulnerability Type - Unknown Product (CVE-2017-17530) - Low [107]

Description: {'vulners_cve_data_all': 'common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: this is disputed by a third party because no untrusted input can be used for the injection', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17530 was patched at 2024-05-15

9734. Unknown Vulnerability Type - Unknown Product (CVE-2017-17531) - Low [107]

Description: {'vulners_cve_data_all': 'gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17531 was patched at 2024-05-15

9735. Unknown Vulnerability Type - Unknown Product (CVE-2017-17532) - Low [107]

Description: {'vulners_cve_data_all': 'examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17532 was patched at 2024-05-15

9736. Unknown Vulnerability Type - Unknown Product (CVE-2017-17535) - Low [107]

Description: {'vulners_cve_data_all': 'lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17535 was patched at 2024-05-15

9737. Unknown Vulnerability Type - Unknown Product (CVE-2017-17942) - Low [107]

Description: {'vulners_cve_data_all': 'In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17942 was patched at 2024-05-15

9738. Unknown Vulnerability Type - Unknown Product (CVE-2017-5180) - Low [107]

Description: {'vulners_cve_data_all': 'Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5180 was patched at 2024-05-15

9739. Unknown Vulnerability Type - Unknown Product (CVE-2017-5192) - Low [107]

Description: {'vulners_cve_data_all': 'When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5192 was patched at 2024-05-15

9740. Unknown Vulnerability Type - Unknown Product (CVE-2017-5200) - Low [107]

Description: {'vulners_cve_data_all': 'Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2 allows arbitrary command execution on a salt-master via Salt's ssh_client.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5200 was patched at 2024-05-15

9741. Unknown Vulnerability Type - Unknown Product (CVE-2017-5940) - Low [107]

Description: {'vulners_cve_data_all': 'Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not comprehensively address dotfile cases during its attempt to prevent accessing user files with an euid of zero, which allows local users to conduct sandbox-escape attacks via vectors involving a symlink and the --private option. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-5180.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5940 was patched at 2024-05-15

9742. Unknown Vulnerability Type - Unknown Product (CVE-2017-7557) - Low [107]

Description: {'vulners_cve_data_all': 'dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7557 was patched at 2024-05-15

9743. Unknown Vulnerability Type - Unknown Product (CVE-2017-9053) - Low [107]

Description: {'vulners_cve_data_all': 'An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9053 was patched at 2024-05-15

9744. Unknown Vulnerability Type - Unknown Product (CVE-2018-12294) - Low [107]

Description: {'vulners_cve_data_all': 'WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.2, is vulnerable to a use after free for a WebCore::TextureMapperLayer object.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12294 was patched at 2024-05-15

9745. Unknown Vulnerability Type - Unknown Product (CVE-2018-12482) - Low [107]

Description: {'vulners_cve_data_all': 'OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12482 was patched at 2024-05-15

9746. Unknown Vulnerability Type - Unknown Product (CVE-2018-12713) - Low [107]

Description: {'vulners_cve_data_all': 'GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was intended to be private.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12713 was patched at 2024-05-15

9747. Unknown Vulnerability Type - Unknown Product (CVE-2018-14031) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14031 was patched at 2024-05-15

9748. Unknown Vulnerability Type - Unknown Product (CVE-2018-14033) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14033 was patched at 2024-05-15

9749. Unknown Vulnerability Type - Unknown Product (CVE-2018-14035) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14035 was patched at 2024-05-15

9750. Unknown Vulnerability Type - Unknown Product (CVE-2018-14460) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_sdspace_decode in H5Osdspace.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14460 was patched at 2024-05-15

9751. Unknown Vulnerability Type - Unknown Product (CVE-2018-14521) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14521 was patched at 2024-05-15

9752. Unknown Vulnerability Type - Unknown Product (CVE-2018-14522) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14522 was patched at 2024-05-15

9753. Unknown Vulnerability Type - Unknown Product (CVE-2018-14523) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14523 was patched at 2024-05-15

9754. Unknown Vulnerability Type - Unknown Product (CVE-2018-17076) - Low [107]

Description: {'vulners_cve_data_all': 'GPP through 2.25 will try to use more memory space than is available on the stack, leading to a segmentation fault or possibly unspecified other impact via a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17076 was patched at 2024-05-15

9755. Unknown Vulnerability Type - Unknown Product (CVE-2018-18193) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in libgig 4.1.0. There is operator new[] failure (due to a big pWavePoolTable heap request) in DLS::File::File in DLS.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18193 was patched at 2024-05-15

9756. Unknown Vulnerability Type - Unknown Product (CVE-2018-18194) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in DLS::Region::GetSample() in DLS.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18194 was patched at 2024-05-15

9757. Unknown Vulnerability Type - Unknown Product (CVE-2018-18196) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in libgig 4.1.0. There is a heap-based buffer over-read in RIFF::List::GetListTypeString in RIFF.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18196 was patched at 2024-05-15

9758. Unknown Vulnerability Type - Unknown Product (CVE-2018-20542) - Low [107]

Description: {'vulners_cve_data_all': 'There is a heap-based buffer-overflow at generator_spgemm_csc_reader.c (function libxsmm_sparse_csc_reader) in LIBXSMM 1.10, a different vulnerability than CVE-2018-20541 (which is in a different part of the source code and is seen at a different address).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20542 was patched at 2024-05-15

9759. Unknown Vulnerability Type - Unknown Product (CVE-2018-3719) - Low [107]

Description: {'vulners_cve_data_all': 'mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-3719 was patched at 2024-05-15

9760. Unknown Vulnerability Type - Unknown Product (CVE-2018-3728) - Low [107]

Description: {'vulners_cve_data_all': 'hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-3728 was patched at 2024-05-15

9761. Unknown Vulnerability Type - Unknown Product (CVE-2018-5360) - Low [107]

Description: {'vulners_cve_data_all': 'LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-5360 was patched at 2024-05-15

9762. Unknown Vulnerability Type - Unknown Product (CVE-2019-12589) - Low [107]

Description: {'vulners_cve_data_all': 'In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12589 was patched at 2024-05-15

9763. Unknown Vulnerability Type - Unknown Product (CVE-2019-14197) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14197 was patched at 2024-05-15

9764. Unknown Vulnerability Type - Unknown Product (CVE-2019-15753) - Low [107]

Description: {'vulners_cve_data_all': 'In OpenStack os-vif 1.15.x before 1.15.2, and 1.16.0, a hard-coded MAC aging time of 0 disables MAC learning in linuxbridge, forcing obligatory Ethernet flooding of non-local destinations, which both impedes network performance and allows users to possibly view the content of packets for instances belonging to other tenants sharing the same network. Only deployments using the linuxbridge backend are affected. This occurs in PyRoute2.add() in internal/command/ip/linux/impl_pyroute2.py.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15753 was patched at 2024-05-15

9765. Unknown Vulnerability Type - Unknown Product (CVE-2019-19391) - Low [107]

Description: {'vulners_cve_data_all': 'In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and > options are mishandled. NOTE: The LuaJIT project owner states that the debug libary is unsafe by definition and that this is not a vulnerability. When LuaJIT was originally developed, the expectation was that the entire debug library had no security guarantees and thus it made no sense to assign CVEs. However, not all users of later LuaJIT derivatives share this perspective', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19391 was patched at 2024-05-15

9766. Unknown Vulnerability Type - Unknown Product (CVE-2019-19777) - Low [107]

Description: {'vulners_cve_data_all': 'stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19777 was patched at 2024-05-15

9767. Unknown Vulnerability Type - Unknown Product (CVE-2019-19778) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19778 was patched at 2024-05-15

9768. Unknown Vulnerability Type - Unknown Product (CVE-2019-20063) - Low [107]

Description: {'vulners_cve_data_all': 'hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20063 was patched at 2024-05-15

9769. Unknown Vulnerability Type - Unknown Product (CVE-2019-5602) - Low [107]

Description: {'vulners_cve_data_all': 'In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory when media is present thereby allowing a malicious user in the operator group to gain root privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5602 was patched at 2024-05-15

9770. Unknown Vulnerability Type - Unknown Product (CVE-2019-7233) - Low [107]

Description: {'vulners_cve_data_all': 'In libdoc through 2019-01-28, doc2text in catdoc.c has a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7233 was patched at 2024-05-15

9771. Unknown Vulnerability Type - Unknown Product (CVE-2019-7346) - Low [107]

Description: {'vulners_cve_data_all': 'A CSRF check issue exists in ZoneMinder through 1.32.3 as whenever a CSRF check fails, a callback function is called displaying a "Try again" button, which allows resending the failed request, making the CSRF attack successful.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7346 was patched at 2024-05-15

9772. Unknown Vulnerability Type - Unknown Product (CVE-2019-9028) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function InflateDimensions() in inflate.c when called from ReadNextCell in mat5.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9028 was patched at 2024-05-15

9773. Unknown Vulnerability Type - Unknown Product (CVE-2019-9030) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in Mat_VarReadNextInfo5() in mat5.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9030 was patched at 2024-05-15

9774. Unknown Vulnerability Type - Unknown Product (CVE-2019-9033) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for the "Rank and Dimension" feature in the function ReadNextCell() in mat5.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9033 was patched at 2024-05-15

9775. Unknown Vulnerability Type - Unknown Product (CVE-2019-9034) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read for a memcpy in the function ReadNextCell() in mat5.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9034 was patched at 2024-05-15

9776. Unknown Vulnerability Type - Unknown Product (CVE-2019-9035) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a stack-based buffer over-read in the function ReadNextStructField() in mat5.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9035 was patched at 2024-05-15

9777. Unknown Vulnerability Type - Unknown Product (CVE-2019-9037) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a buffer over-read in the function Mat_VarPrint() in mat.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9037 was patched at 2024-05-15

9778. Unknown Vulnerability Type - Unknown Product (CVE-2020-13941) - Low [107]

Description: {'vulners_cve_data_all': 'Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13941 was patched at 2024-05-15

9779. Unknown Vulnerability Type - Unknown Product (CVE-2020-15471) - Low [107]

Description: {'vulners_cve_data_all': 'In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15471 was patched at 2024-05-15

9780. Unknown Vulnerability Type - Unknown Product (CVE-2020-15473) - Low [107]

Description: {'vulners_cve_data_all': 'In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15473 was patched at 2024-05-15

9781. Unknown Vulnerability Type - Unknown Product (CVE-2020-18232) - Low [107]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18232 was patched at 2024-05-15

9782. Unknown Vulnerability Type - Unknown Product (CVE-2020-18494) - Low [107]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-18494 was patched at 2024-05-15

9783. Unknown Vulnerability Type - Unknown Product (CVE-2020-23793) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23793 was patched at 2024-05-15

9784. Unknown Vulnerability Type - Unknown Product (CVE-2020-24292) - Low [107]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24292 was patched at 2024-05-15

9785. Unknown Vulnerability Type - Unknown Product (CVE-2020-24293) - Low [107]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24293 was patched at 2024-05-15

9786. Unknown Vulnerability Type - Unknown Product (CVE-2020-24295) - Low [107]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24295 was patched at 2024-05-15

9787. Unknown Vulnerability Type - Unknown Product (CVE-2020-25016) - Low [107]

Description: {'vulners_cve_data_all': 'A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25016 was patched at 2024-05-15

9788. Unknown Vulnerability Type - Unknown Product (CVE-2020-25582) - Low [107]

Description: {'vulners_cve_data_all': 'In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25582 was patched at 2024-05-15

9789. Unknown Vulnerability Type - Unknown Product (CVE-2020-29663) - Low [107]

Description: {'vulners_cve_data_all': 'Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-29663 was patched at 2024-05-15

9790. Unknown Vulnerability Type - Unknown Product (CVE-2020-8141) - Low [107]

Description: {'vulners_cve_data_all': 'The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-8141 was patched at 2024-05-15

9791. Unknown Vulnerability Type - Unknown Product (CVE-2021-22879) - Low [107]

Description: {'vulners_cve_data_all': 'Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-22879 was patched at 2024-05-15

9792. Unknown Vulnerability Type - Unknown Product (CVE-2021-26958) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::cast_event uses std::mem::transmute to return a reference to an arbitrary type.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26958 was patched at 2024-05-15

9793. Unknown Vulnerability Type - Unknown Product (CVE-2021-40263) - Low [107]

Description: {'vulners_cve_data_all': 'A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40263 was patched at 2024-05-15

9794. Unknown Vulnerability Type - Unknown Product (CVE-2021-40265) - Low [107]

Description: {'vulners_cve_data_all': 'A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40265 was patched at 2024-05-15

9795. Unknown Vulnerability Type - Unknown Product (CVE-2021-40656) - Low [107]

Description: {'vulners_cve_data_all': 'libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40656 was patched at 2024-05-15

9796. Unknown Vulnerability Type - Unknown Product (CVE-2021-41088) - Low [107]

Description: {'vulners_cve_data_all': 'Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend (started by `elvish -web`) hosts an endpoint that allows executing the code sent from the web UI. The backend does not check the origin of requests correctly. As a result, if the user has the web UI backend open and visits a compromised or malicious website, the website can send arbitrary code to the endpoint in localhost. All Elvish releases from 0.14.0 onward no longer include the the web UI, although it is still possible for the user to build a version from source that includes the web UI. The issue can be patched for previous versions by removing the web UI (found in web, pkg/web or pkg/prog/web, depending on the exact version).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41088 was patched at 2024-05-15

9797. Unknown Vulnerability Type - Unknown Product (CVE-2021-42006) - Low [107]

Description: {'vulners_cve_data_all': 'An out-of-bounds access in GffLine::GffLine in gff.cpp in GCLib 0.12.7 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted GFF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42006 was patched at 2024-05-15

9798. Unknown Vulnerability Type - Unknown Product (CVE-2021-45379) - Low [107]

Description: {'vulners_cve_data_all': 'Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user can attempt to log in as another user without its password.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45379 was patched at 2024-05-15

9799. Unknown Vulnerability Type - Unknown Product (CVE-2021-46242) - Low [107]

Description: {'vulners_cve_data_all': 'HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46242 was patched at 2024-05-15

9800. Unknown Vulnerability Type - Unknown Product (CVE-2022-21690) - Low [107]

Description: {'vulners_cve_data_all': 'OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT frontend. This path is used in all components for displaying the server access history. This leads to a rendered HTML4 Subset (QT RichText editor) in the Onionshare frontend.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-21690 was patched at 2024-05-15

9801. Unknown Vulnerability Type - Unknown Product (CVE-2022-21949) - Low [107]

Description: {'vulners_cve_data_all': 'A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-21949 was patched at 2024-05-15

9802. Unknown Vulnerability Type - Unknown Product (CVE-2022-22934) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-22934 was patched at 2024-05-15

9803. Unknown Vulnerability Type - Unknown Product (CVE-2022-22941) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as valid, allowing configured users to target any of the minions connected to the syndic with their configured commands. This requires a syndic master combined with publisher_acl configured on the Master-of-Masters, allowing users specified in the publisher_acl to bypass permissions, publishing authorized commands to any configured minion.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-22941 was patched at 2024-05-15

9804. Unknown Vulnerability Type - Unknown Product (CVE-2022-22967) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-22967 was patched at 2024-05-15

9805. Unknown Vulnerability Type - Unknown Product (CVE-2022-26530) - Low [107]

Description: {'vulners_cve_data_all': 'swaylock before 1.6 allows attackers to trigger a crash and achieve unlocked access to a Wayland compositor.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-26530 was patched at 2024-05-15

9806. Unknown Vulnerability Type - Unknown Product (CVE-2022-26592) - Low [107]

Description: {'vulners_cve_data_all': 'Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-26592 was patched at 2024-05-15

9807. Unknown Vulnerability Type - Unknown Product (CVE-2022-27044) - Low [107]

Description: {'vulners_cve_data_all': 'libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-27044 was patched at 2024-05-15

9808. Unknown Vulnerability Type - Unknown Product (CVE-2022-29241) - Low [107]

Description: {'vulners_cve_data_all': 'Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of `root_dir` that contains the starting user's home directory, then the underlying REST API can be used to leak the access token assigned at start time by guessing/brute forcing the PID of the jupyter server. While this requires an authenticated user session, this URL can be used from a cross-site scripting payload or from a hooked or otherwise compromised browser to leak this access token to a malicious third party. This token can be used along with the REST API to interact with Jupyter services/notebooks such as modifying or overwriting critical files, such as .bashrc or .ssh/authorized_keys, allowing a malicious user to read potentially sensitive data and possibly gain control of the impacted system. This issue is patched in version 1.17.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29241 was patched at 2024-05-15

9809. Unknown Vulnerability Type - Unknown Product (CVE-2022-30322) - Low [107]

Description: {'vulners_cve_data_all': 'go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-30322 was patched at 2024-05-15

9810. Unknown Vulnerability Type - Unknown Product (CVE-2022-30323) - Low [107]

Description: {'vulners_cve_data_all': 'go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-30323 was patched at 2024-05-15

9811. Unknown Vulnerability Type - Unknown Product (CVE-2022-34300) - Low [107]

Description: {'vulners_cve_data_all': 'In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-34300 was patched at 2024-05-15

9812. Unknown Vulnerability Type - Unknown Product (CVE-2022-39264) - Low [107]

Description: {'vulners_cve_data_all': 'nheko is a desktop client for the Matrix communication application. All versions below 0.10.2 are vulnerable homeservers inserting malicious secrets, which could lead to man-in-the-middle attacks. Users can upgrade to version 0.10.2 to protect against this issue. As a workaround, one may apply the patch manually, avoid doing verifications of one's own devices, and/or avoid pressing the request button in the settings menu.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-39264 was patched at 2024-05-15

9813. Unknown Vulnerability Type - Unknown Product (CVE-2022-39289) - Low [107]

Description: {'vulners_cve_data_all': 'ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-39289 was patched at 2024-05-15

9814. Unknown Vulnerability Type - Unknown Product (CVE-2022-45748) - Low [107]

Description: {'vulners_cve_data_all': 'An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-45748 was patched at 2024-05-15

9815. Unknown Vulnerability Type - Unknown Product (CVE-2023-22497) - Low [107]

Description: {'vulners_cve_data_all': 'Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has access to a Netdata Agent has access to its MACHINE_GUID. Streaming is a feature that allows a Netdata Agent to act as parent for other Netdata Agents (children), offloading children from various functions (increased data retention, ML, health monitoring, etc) that can now be handled by the parent Agent. Configuration is done via `stream.conf`. On the parent side, users configure in `stream.conf` an API key (any random UUID can do) to provide common configuration for all children using this API key and per MACHINE GUID configuration to customize the configuration for each child. The way this was implemented, allowed an attacker to use a valid MACHINE_GUID as an API key. This affects all users who expose their Netdata Agents (children) to non-trusted users and they also expose to the same users Netdata Agent parents that aggregate data from all these children. The problem has been fixed in: Netdata agent v1.37 (stable) and Netdata agent v1.36.0-409 (nightly). As a workaround, do not enable streaming by default. If you have previously enabled this, it can be disabled. Limiting access to the port on the recipient Agent to trusted child connections may mitigate the impact of this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22497 was patched at 2024-05-15

9816. Unknown Vulnerability Type - Unknown Product (CVE-2023-26130) - Low [107]

Description: {'vulners_cve_data_all': 'Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors.\r\r**Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26130 was patched at 2024-05-15

9817. Unknown Vulnerability Type - Unknown Product (CVE-2023-32200) - Low [107]

Description: {'vulners_cve_data_all': 'There is insufficient restrictions of called script functions in Apache Jena\n versions 4.8.0 and earlier. It allows a \nremote user to execute javascript via a SPARQL query.\nThis issue affects Apache Jena: from 3.7.0 through 4.8.0.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-32200 was patched at 2024-05-15

9818. Unknown Vulnerability Type - Unknown Product (CVE-2023-32724) - Low [107]

Description: {'vulners_cve_data_all': 'Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 9.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-32724 was patched at 2024-05-15

9819. Unknown Vulnerability Type - Unknown Product (CVE-2023-33817) - Low [107]

Description: {'vulners_cve_data_all': 'hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-33817 was patched at 2024-05-15

9820. Unknown Vulnerability Type - Unknown Product (CVE-2024-25450) - Low [107]

Description: {'vulners_cve_data_all': 'imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.910CVSS Base Score is 8.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25450 was patched at 2024-05-15

9821. Unknown Vulnerability Type - Git (CVE-2009-5055) - Low [102]

Description: {'vulners_cve_data_all': 'Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5055 was patched at 2024-05-15

9822. Unknown Vulnerability Type - Git (CVE-2019-17263) - Low [102]

Description: {'vulners_cve_data_all': 'In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported. NOTE: the vendor has disputed this as described in the GitHub issue', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17263 was patched at 2024-05-15

9823. Memory Corruption - Unknown Product (CVE-2012-6095) - Low [101]

Description: {'vulners_cve_data_all': 'ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows local users to modify the ownership of arbitrary files via a race condition and a symlink attack on the (1) MKD or (2) XMKD commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6095 was patched at 2024-05-15

9824. Unknown Vulnerability Type - Bouncy Castle (CVE-2024-29857) - Low [100]

Description: {'vulners_cve_data_all': 'An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Bouncy Castle is a collection of APIs used in cryptography
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29857 was patched at 2024-05-15

9825. Unknown Vulnerability Type - Bouncy Castle (CVE-2024-30171) - Low [100]

Description: {'vulners_cve_data_all': 'An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Bouncy Castle is a collection of APIs used in cryptography
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-30171 was patched at 2024-05-15

9826. Unknown Vulnerability Type - Bouncy Castle (CVE-2024-30172) - Low [100]

Description: {'vulners_cve_data_all': 'An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Bouncy Castle is a collection of APIs used in cryptography
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-30172 was patched at 2024-05-15

9827. Unknown Vulnerability Type - Bouncy Castle (CVE-2024-34447) - Low [100]

Description: {'vulners_cve_data_all': 'An issue was discovered in Bouncy Castle Java Cryptography APIs before BC 1.78. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Bouncy Castle is a collection of APIs used in cryptography
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-34447 was patched at 2024-05-15

9828. Unknown Vulnerability Type - Perl (CVE-2018-25099) - Low [100]

Description: {'vulners_cve_data_all': 'In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2018-25099 was patched at 2024-05-15

9829. Unknown Vulnerability Type - Perl (CVE-2018-25100) - Low [100]

Description: {'vulners_cve_data_all': 'The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain. This affects Mojo::UserAgent::CookieJar.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2018-25100 was patched at 2024-05-15

9830. Unknown Vulnerability Type - Perl (CVE-2020-36829) - Low [100]

Description: {'vulners_cve_data_all': 'The Mojolicious module before 8.65 for Perl is vulnerable to secure_compare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36829 was patched at 2024-05-15

redos: CVE-2020-36829 was patched at 2024-06-03

9831. Unknown Vulnerability Type - Perl (CVE-2021-47155) - Low [100]

Description: {'vulners_cve_data_all': 'The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-47155 was patched at 2024-05-15

9832. Unknown Vulnerability Type - Python (CVE-2023-29483) - Low [100]

Description: {'vulners_cve_data_all': 'eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614Python is a high-level, general-purpose programming language
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2023-29483 was patched at 2024-05-22

debian: CVE-2023-29483 was patched at 2024-05-15

oraclelinux: CVE-2023-29483 was patched at 2024-05-29

redhat: CVE-2023-29483 was patched at 2024-05-22

9833. Unknown Vulnerability Type - libxml2 (CVE-2024-34459) - Low [100]

Description: {'vulners_cve_data_all': 'An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.614libxml2 is an XML toolkit implemented in C, originally developed for the GNOME Project
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-34459 was patched at 2024-05-15

9834. Unknown Vulnerability Type - Unknown Product (CVE-1999-0710) - Low [95]

Description: {'vulners_cve_data_all': 'The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-1999-0710 was patched at 2024-05-15

9835. Unknown Vulnerability Type - Unknown Product (CVE-2002-0388) - Low [95]

Description: {'vulners_cve_data_all': 'Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0388 was patched at 2024-05-15

9836. Unknown Vulnerability Type - Unknown Product (CVE-2002-0714) - Low [95]

Description: {'vulners_cve_data_all': 'FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0714 was patched at 2024-05-15

9837. Unknown Vulnerability Type - Unknown Product (CVE-2002-0855) - Low [95]

Description: {'vulners_cve_data_all': 'Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0855 was patched at 2024-05-15

9838. Unknown Vulnerability Type - Unknown Product (CVE-2002-0904) - Low [95]

Description: {'vulners_cve_data_all': 'SayText function in Kismet 2.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters (backtick or pipe) in the essid argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0904 was patched at 2024-05-15

9839. Unknown Vulnerability Type - Unknown Product (CVE-2002-1227) - Low [95]

Description: {'vulners_cve_data_all': 'PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1227 was patched at 2024-05-15

9840. Unknown Vulnerability Type - Unknown Product (CVE-2002-1336) - Low [95]

Description: {'vulners_cve_data_all': 'TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1336 was patched at 2024-05-15

9841. Unknown Vulnerability Type - Unknown Product (CVE-2002-1342) - Low [95]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in smb2www 980804-16 and earlier allows remote attackers to execute arbitrary commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1342 was patched at 2024-05-15

9842. Unknown Vulnerability Type - Unknown Product (CVE-2002-1569) - Low [95]

Description: {'vulners_cve_data_all': 'gv 3.5.8, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the filename for (1) a PDF file or (2) a gzip file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1569 was patched at 2024-05-15

9843. Unknown Vulnerability Type - Unknown Product (CVE-2002-1697) - Low [95]

Description: {'vulners_cve_data_all': 'Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak encryption algorithm that produces the same ciphertext from the same plaintext blocks, which could allow remote attackers to gain sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1697 was patched at 2024-05-15

9844. Unknown Vulnerability Type - Unknown Product (CVE-2003-0040) - Low [95]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0040 was patched at 2024-05-15

9845. Unknown Vulnerability Type - Unknown Product (CVE-2003-0068) - Low [95]

Description: {'vulners_cve_data_all': 'The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0068 was patched at 2024-05-15

9846. Unknown Vulnerability Type - Unknown Product (CVE-2003-0069) - Low [95]

Description: {'vulners_cve_data_all': 'The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0069 was patched at 2024-05-15

9847. Unknown Vulnerability Type - Unknown Product (CVE-2003-0625) - Low [95]

Description: {'vulners_cve_data_all': 'Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0625 was patched at 2024-05-15

9848. Unknown Vulnerability Type - Unknown Product (CVE-2003-0779) - Low [95]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0779 was patched at 2024-05-15

9849. Unknown Vulnerability Type - Unknown Product (CVE-2003-0977) - Low [95]

Description: {'vulners_cve_data_all': 'CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0977 was patched at 2024-05-15

9850. Unknown Vulnerability Type - Unknown Product (CVE-2003-1092) - Low [95]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-1092 was patched at 2024-05-15

9851. Unknown Vulnerability Type - Unknown Product (CVE-2004-0189) - Low [95]

Description: {'vulners_cve_data_all': 'The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0189 was patched at 2024-05-15

9852. Unknown Vulnerability Type - Unknown Product (CVE-2004-0274) - Low [95]

Description: {'vulners_cve_data_all': 'Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0274 was patched at 2024-05-15

9853. Unknown Vulnerability Type - Unknown Product (CVE-2004-0601) - Low [95]

Description: {'vulners_cve_data_all': 'distcc before 2.16, when running on 64-bit platforms, does not interpret IP-based access control rules correctly, which could allow remote attackers to bypass intended restrictions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0601 was patched at 2024-05-15

9854. Unknown Vulnerability Type - Unknown Product (CVE-2004-0708) - Low [95]

Description: {'vulners_cve_data_all': 'MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0708 was patched at 2024-05-15

9855. Unknown Vulnerability Type - Unknown Product (CVE-2004-0747) - Low [95]

Description: {'vulners_cve_data_all': 'Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0747 was patched at 2024-05-15

9856. Unknown Vulnerability Type - Unknown Product (CVE-2004-0801) - Low [95]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0801 was patched at 2024-05-15

9857. Unknown Vulnerability Type - Unknown Product (CVE-2004-0833) - Low [95]

Description: {'vulners_cve_data_all': 'Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0833 was patched at 2024-05-15

9858. Unknown Vulnerability Type - Unknown Product (CVE-2004-0885) - Low [95]

Description: {'vulners_cve_data_all': 'The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0885 was patched at 2024-05-15

9859. Unknown Vulnerability Type - Unknown Product (CVE-2004-1004) - Low [95]

Description: {'vulners_cve_data_all': 'Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1004 was patched at 2024-05-15

9860. Unknown Vulnerability Type - Unknown Product (CVE-2004-1143) - Low [95]

Description: {'vulners_cve_data_all': 'The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1143 was patched at 2024-05-15

9861. Unknown Vulnerability Type - Unknown Product (CVE-2004-1175) - Low [95]

Description: {'vulners_cve_data_all': 'fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1175 was patched at 2024-05-15

9862. Unknown Vulnerability Type - Unknown Product (CVE-2004-1182) - Low [95]

Description: {'vulners_cve_data_all': 'hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1182 was patched at 2024-05-15

9863. Unknown Vulnerability Type - Unknown Product (CVE-2004-1185) - Low [95]

Description: {'vulners_cve_data_all': 'Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1185 was patched at 2024-05-15

9864. Unknown Vulnerability Type - Unknown Product (CVE-2004-2486) - Low [95]

Description: {'vulners_cve_data_all': 'The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2486 was patched at 2024-05-15

9865. Unknown Vulnerability Type - Unknown Product (CVE-2005-0015) - Low [95]

Description: {'vulners_cve_data_all': 'diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0015 was patched at 2024-05-15

9866. Unknown Vulnerability Type - Unknown Product (CVE-2005-0129) - Low [95]

Description: {'vulners_cve_data_all': 'The Quick Buttons feature in Konversation 0.15 allows remote attackers to execute certain IRC commands via a channel name containing "%" variables, which are recursively expanded by the Server::parseWildcards function when the Part Button is selected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0129 was patched at 2024-05-15

9867. Unknown Vulnerability Type - Unknown Product (CVE-2005-0157) - Low [95]

Description: {'vulners_cve_data_all': 'The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0157 was patched at 2024-05-15

9868. Unknown Vulnerability Type - Unknown Product (CVE-2005-0337) - Low [95]

Description: {'vulners_cve_data_all': 'Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0337 was patched at 2024-05-15

9869. Unknown Vulnerability Type - Unknown Product (CVE-2005-0363) - Low [95]

Description: {'vulners_cve_data_all': 'awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0363 was patched at 2024-05-15

9870. Unknown Vulnerability Type - Unknown Product (CVE-2005-0877) - Low [95]

Description: {'vulners_cve_data_all': 'Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0877 was patched at 2024-05-15

9871. Unknown Vulnerability Type - Unknown Product (CVE-2005-1308) - Low [95]

Description: {'vulners_cve_data_all': 'SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1308 was patched at 2024-05-15

9872. Unknown Vulnerability Type - Unknown Product (CVE-2005-1345) - Low [95]

Description: {'vulners_cve_data_all': 'Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1345 was patched at 2024-05-15

9873. Unknown Vulnerability Type - Unknown Product (CVE-2005-2317) - Low [95]

Description: {'vulners_cve_data_all': 'Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before 2.0.17, when MACLIST_TTL is greater than 0 or MACLIST_DISPOSITION is set to ACCEPT, allows remote attackers with an accepted MAC address to bypass other firewall rules or policies.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2317 was patched at 2024-05-15

9874. Unknown Vulnerability Type - Unknown Product (CVE-2005-3118) - Low [95]

Description: {'vulners_cve_data_all': 'Mason before 1.0.0 does not install the init script after the user uses Mason to configure a firewall, which causes the system to run without a firewall after a reboot.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3118 was patched at 2024-05-15

9875. Unknown Vulnerability Type - Unknown Product (CVE-2005-3532) - Low [95]

Description: {'vulners_cve_data_all': 'authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3532 was patched at 2024-05-15

9876. Unknown Vulnerability Type - Unknown Product (CVE-2005-3538) - Low [95]

Description: {'vulners_cve_data_all': 'hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3538 was patched at 2024-05-15

9877. Unknown Vulnerability Type - Unknown Product (CVE-2005-3539) - Low [95]

Description: {'vulners_cve_data_all': 'Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3539 was patched at 2024-05-15

9878. Unknown Vulnerability Type - Unknown Product (CVE-2005-3980) - Low [95]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3980 was patched at 2024-05-15

9879. Unknown Vulnerability Type - Unknown Product (CVE-2005-4065) - Low [95]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4065 was patched at 2024-05-15

9880. Unknown Vulnerability Type - Unknown Product (CVE-2005-4418) - Low [95]

Description: {'vulners_cve_data_all': 'util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux sets a default policy that trusts unknown capabilities, which could allow local users to conduct unauthorized activities.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4418 was patched at 2024-05-15

9881. Unknown Vulnerability Type - Unknown Product (CVE-2005-4745) - Low [95]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4745 was patched at 2024-05-15

9882. Unknown Vulnerability Type - Unknown Product (CVE-2005-4830) - Low [95]

Description: {'vulners_cve_data_all': 'CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the content-type parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4830 was patched at 2024-05-15

9883. Unknown Vulnerability Type - Unknown Product (CVE-2006-0402) - Low [95]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in Zoph before 0.5pre1 allows remote attackers to execute arbitrary SQL commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0402 was patched at 2024-05-15

9884. Unknown Vulnerability Type - Unknown Product (CVE-2006-1012) - Low [95]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1012 was patched at 2024-05-15

9885. Unknown Vulnerability Type - Unknown Product (CVE-2006-1280) - Low [95]

Description: {'vulners_cve_data_all': 'CGI::Session 4.03-1 does not set proper permissions on temporary files created in (1) Driver::File and (2) Driver::db_file, which allows local users to obtain privileged information, such as session keys, by viewing the files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1280 was patched at 2024-05-15

9886. Unknown Vulnerability Type - Unknown Product (CVE-2006-1296) - Low [95]

Description: {'vulners_cve_data_all': 'Untrusted search path vulnerability in Beagle 0.2.2.1 might allow local users to gain privileges via a malicious beagle-info program in the current working directory, or possibly directories specified in the PATH.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1296 was patched at 2024-05-15

9887. Unknown Vulnerability Type - Unknown Product (CVE-2006-2236) - Low [95]

Description: {'vulners_cve_data_all': 'Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2236 was patched at 2024-05-15

9888. Unknown Vulnerability Type - Unknown Product (CVE-2006-2453) - Low [95]

Description: {'vulners_cve_data_all': 'Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2453 was patched at 2024-05-15

9889. Unknown Vulnerability Type - Unknown Product (CVE-2006-3126) - Low [95]

Description: {'vulners_cve_data_all': 'c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute arbitrary commands via null (\\0) and shell metacharacters in the TSI string, as demonstrated by a fax from an anonymous number.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3126 was patched at 2024-05-15

9890. Unknown Vulnerability Type - Unknown Product (CVE-2006-4111) - Low [95]

Description: {'vulners_cve_data_all': 'Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4111 was patched at 2024-05-15

9891. Unknown Vulnerability Type - Unknown Product (CVE-2006-5878) - Low [95]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5878 was patched at 2024-05-15

9892. Unknown Vulnerability Type - Unknown Product (CVE-2006-7094) - Low [95]

Description: {'vulners_cve_data_all': 'ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-7094 was patched at 2024-05-15

9893. Unknown Vulnerability Type - Unknown Product (CVE-2007-0404) - Low [95]

Description: {'vulners_cve_data_all': 'bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0404 was patched at 2024-05-15

9894. Unknown Vulnerability Type - Unknown Product (CVE-2007-1099) - Low [95]

Description: {'vulners_cve_data_all': 'dbclient in Dropbear SSH client before 0.49 does not sufficiently warn the user when it detects a hostkey mismatch, which might allow remote attackers to conduct man-in-the-middle attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1099 was patched at 2024-05-15

9895. Unknown Vulnerability Type - Unknown Product (CVE-2007-1923) - Low [95]

Description: {'vulners_cve_data_all': '(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1923 was patched at 2024-05-15

9896. Unknown Vulnerability Type - Unknown Product (CVE-2007-3231) - Low [95]

Description: {'vulners_cve_data_all': 'Buffer overflow in MeCab before 0.96 has unknown impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3231 was patched at 2024-05-15

9897. Unknown Vulnerability Type - Unknown Product (CVE-2007-3949) - Low [95]

Description: {'vulners_cve_data_all': 'mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters in the URL, which allows remote attackers to bypass url.access-deny settings.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3949 was patched at 2024-05-15

9898. Unknown Vulnerability Type - Unknown Product (CVE-2007-5028) - Low [95]

Description: {'vulners_cve_data_all': 'Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5028 was patched at 2024-05-15

9899. Unknown Vulnerability Type - Unknown Product (CVE-2007-5743) - Low [95]

Description: {'vulners_cve_data_all': 'viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5743 was patched at 2024-05-15

9900. Unknown Vulnerability Type - Unknown Product (CVE-2007-6171) - Low [95]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6171 was patched at 2024-05-15

9901. Unknown Vulnerability Type - Unknown Product (CVE-2008-0673) - Low [95]

Description: {'vulners_cve_data_all': 'TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0673 was patched at 2024-05-15

9902. Unknown Vulnerability Type - Unknown Product (CVE-2008-0932) - Low [95]

Description: {'vulners_cve_data_all': 'diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0932 was patched at 2024-05-15

9903. Unknown Vulnerability Type - Unknown Product (CVE-2008-2078) - Low [95]

Description: {'vulners_cve_data_all': 'Robocode before 1.6.0 allows user-assisted remote attackers to "access the internals of the Robocode game" via unspecified vectors related to the AWT Event Queue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2078 was patched at 2024-05-15

9904. Unknown Vulnerability Type - Unknown Product (CVE-2008-3258) - Low [95]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3258 was patched at 2024-05-15

9905. Unknown Vulnerability Type - Unknown Product (CVE-2008-3904) - Low [95]

Description: {'vulners_cve_data_all': 'src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3904 was patched at 2024-05-15

9906. Unknown Vulnerability Type - Unknown Product (CVE-2008-3920) - Low [95]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in BitlBee before 1.2.2 allows remote attackers to "recreate" and "hijack" existing accounts via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3920 was patched at 2024-05-15

9907. Unknown Vulnerability Type - Unknown Product (CVE-2008-4094) - Low [95]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4094 was patched at 2024-05-15

9908. Unknown Vulnerability Type - Unknown Product (CVE-2008-4247) - Low [95]

Description: {'vulners_cve_data_all': 'ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4247 was patched at 2024-05-15

9909. Unknown Vulnerability Type - Unknown Product (CVE-2008-5617) - Low [95]

Description: {'vulners_cve_data_all': 'The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5617 was patched at 2024-05-15

9910. Unknown Vulnerability Type - Unknown Product (CVE-2008-5657) - Low [95]

Description: {'vulners_cve_data_all': 'CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows remote attackers to spoof IRC messages as other users via a crafted CTCP message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5657 was patched at 2024-05-15

9911. Unknown Vulnerability Type - Unknown Product (CVE-2008-5714) - Low [95]

Description: {'vulners_cve_data_all': 'Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5714 was patched at 2024-05-15

9912. Unknown Vulnerability Type - Unknown Product (CVE-2008-6837) - Low [95]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-3258. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6837 was patched at 2024-05-15

9913. Unknown Vulnerability Type - Unknown Product (CVE-2009-1241) - Low [95]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1241 was patched at 2024-05-15

9914. Unknown Vulnerability Type - Unknown Product (CVE-2009-1383) - Low [95]

Description: {'vulners_cve_data_all': 'The getdirective function in mathtex.cgi in mathTeX, when downloaded before 20090713, allows remote attackers to execute arbitrary commands via shell metacharacters in the dpi tag.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1383 was patched at 2024-05-15

9915. Unknown Vulnerability Type - Unknown Product (CVE-2009-1603) - Low [95]

Description: {'vulners_cve_data_all': 'src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1603 was patched at 2024-05-15

9916. Unknown Vulnerability Type - Unknown Product (CVE-2009-3369) - Low [95]

Description: {'vulners_cve_data_all': 'CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3369 was patched at 2024-05-15

9917. Unknown Vulnerability Type - Unknown Product (CVE-2009-3474) - Low [95]

Description: {'vulners_cve_data_all': 'OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3474 was patched at 2024-05-15

9918. Unknown Vulnerability Type - Unknown Product (CVE-2009-3723) - Low [95]

Description: {'vulners_cve_data_all': 'asterisk allows calls on prohibited networks', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3723 was patched at 2024-05-15

9919. Unknown Vulnerability Type - Unknown Product (CVE-2009-4010) - Low [95]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS data via crafted zones.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4010 was patched at 2024-05-15

9920. Unknown Vulnerability Type - Unknown Product (CVE-2009-4402) - Low [95]

Description: {'vulners_cve_data_all': 'The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4402 was patched at 2024-05-15

9921. Unknown Vulnerability Type - Unknown Product (CVE-2009-4499) - Low [95]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4499 was patched at 2024-05-15

9922. Unknown Vulnerability Type - Unknown Product (CVE-2009-4762) - Low [95]

Description: {'vulners_cve_data_all': 'MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4762 was patched at 2024-05-15

9923. Unknown Vulnerability Type - Unknown Product (CVE-2009-5014) - Low [95]

Description: {'vulners_cve_data_all': 'The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5014 was patched at 2024-05-15

9924. Unknown Vulnerability Type - Unknown Product (CVE-2009-5015) - Low [95]

Description: {'vulners_cve_data_all': 'The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 exposes controller methods even when an @expose decoration is not used, which has unspecified impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5015 was patched at 2024-05-15

9925. Unknown Vulnerability Type - Unknown Product (CVE-2009-5054) - Low [95]

Description: {'vulners_cve_data_all': 'Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5054 was patched at 2024-05-15

9926. Unknown Vulnerability Type - Unknown Product (CVE-2010-0005) - Low [95]

Description: {'vulners_cve_data_all': 'query.py in the query interface in ViewVC before 1.1.3 does not reject configurations that specify an unsupported authorizer for a root, which might allow remote attackers to bypass intended access restrictions via a query.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0005 was patched at 2024-05-15

9927. Unknown Vulnerability Type - Unknown Product (CVE-2010-0634) - Low [95]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) before 2.5.35 has unknown impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0634 was patched at 2024-05-15

9928. Unknown Vulnerability Type - Unknown Product (CVE-2010-0717) - Low [95]

Description: {'vulners_cve_data_all': 'The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0717 was patched at 2024-05-15

9929. Unknown Vulnerability Type - Unknown Product (CVE-2010-2247) - Low [95]

Description: {'vulners_cve_data_all': 'makepasswd 1.10 default settings generate insecure passwords', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2247 was patched at 2024-05-15

9930. Unknown Vulnerability Type - Unknown Product (CVE-2010-2488) - Low [95]

Description: {'vulners_cve_data_all': 'NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2488 was patched at 2024-05-15

9931. Unknown Vulnerability Type - Unknown Product (CVE-2010-4654) - Low [95]

Description: {'vulners_cve_data_all': 'poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4654 was patched at 2024-05-15

9932. Unknown Vulnerability Type - Unknown Product (CVE-2011-0432) - Low [95]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0432 was patched at 2024-05-15

9933. Unknown Vulnerability Type - Unknown Product (CVE-2011-1070) - Low [95]

Description: {'vulners_cve_data_all': 'v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1070 was patched at 2024-05-15

9934. Unknown Vulnerability Type - Unknown Product (CVE-2011-1408) - Low [95]

Description: {'vulners_cve_data_all': 'ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1408 was patched at 2024-05-15

9935. Unknown Vulnerability Type - Unknown Product (CVE-2011-1522) - Low [95]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in the Doctrine\\DBAL\\Platforms\\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1522 was patched at 2024-05-15

9936. Unknown Vulnerability Type - Unknown Product (CVE-2011-2187) - Low [95]

Description: {'vulners_cve_data_all': 'xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2187 was patched at 2024-05-15

9937. Unknown Vulnerability Type - Unknown Product (CVE-2011-2703) - Low [95]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2703 was patched at 2024-05-15

9938. Unknown Vulnerability Type - Unknown Product (CVE-2011-3596) - Low [95]

Description: {'vulners_cve_data_all': 'Polipo before 1.0.4.1 suffers from a DoD vulnerability via specially-crafted HTTP POST / PUT request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3596 was patched at 2024-05-15

9939. Unknown Vulnerability Type - Unknown Product (CVE-2011-3618) - Low [95]

Description: {'vulners_cve_data_all': 'atop: symlink attack possible due to insecure tempfile handling', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3618 was patched at 2024-05-15

9940. Unknown Vulnerability Type - Unknown Product (CVE-2011-4126) - Low [95]

Description: {'vulners_cve_data_all': 'Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4126 was patched at 2024-05-15

9941. Unknown Vulnerability Type - Unknown Product (CVE-2011-4931) - Low [95]

Description: {'vulners_cve_data_all': 'gpw generates shorter passwords than required', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4931 was patched at 2024-05-15

9942. Unknown Vulnerability Type - Unknown Product (CVE-2011-4970) - Low [95]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the (1) r_token variable in the dpm_get_pending_req_by_token, (2) dpm_get_cpr_by_fullid, (3) dpm_get_cpr_by_surl, (4) dpm_get_cpr_by_surls, (5) dpm_get_gfr_by_fullid, (6) dpm_get_gfr_by_surl, (7) dpm_get_pfr_by_fullid, (8) dpm_get_pfr_by_surl, (9) dpm_get_req_by_token, (10) dpm_insert_cpr_entry, (11) dpm_insert_gfr_entry, (12) dpm_insert_pending_entry, (13) dpm_insert_pfr_entry, (14) dpm_insert_xferreq_entry, (15) dpm_list_cpr_entry, (16) dpm_list_gfr_entry, or (17) dpm_list_pfr_entry function; the (18) surl variable in the dpm_get_cpr_by_surl function; the (19) to_surl variable in the dpm_get_cpr_by_surls function; the (20) u_token variable in the dpm_get_pending_reqs_by_u_desc, (21) dpm_get_reqs_by_u_desc, (22) dpm_get_spcmd_by_u_desc, (23) dpm_insert_pending_entry, (24) dpm_insert_spcmd_entry, or (25) dpm_insert_xferreq_entry function; the (26) s_token variable in the dpm_get_spcmd_by_token, (27) dpm_insert_cpr_entry, (28) dpm_insert_gfr_entry, (29) dpm_insert_pfr_entry, (30) dpm_insert_spcmd_entry, (31) dpm_update_cpr_entry, (32) dpm_update_gfr_entry, or (33) dpm_update_pfr_entry function; or remote administrators to execute arbitrary SQL commands via the (34) poolname variable in the dpm_get_pool_entry, (35) dpm_insert_fs_entry, (36) dpm_insert_pool_entry, (37) dpm_insert_spcmd_entry, (38) dpm_list_fs_entry, or (39) dpm_update_spcmd_entry function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4970 was patched at 2024-05-15

9943. Unknown Vulnerability Type - Unknown Product (CVE-2012-1572) - Low [95]

Description: {'vulners_cve_data_all': 'OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1572 was patched at 2024-05-15

9944. Unknown Vulnerability Type - Unknown Product (CVE-2012-2086) - Low [95]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2086 was patched at 2024-05-15

9945. Unknown Vulnerability Type - Unknown Product (CVE-2012-2142) - Low [95]

Description: {'vulners_cve_data_all': 'The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2142 was patched at 2024-05-15

9946. Unknown Vulnerability Type - Unknown Product (CVE-2012-2240) - Low [95]

Description: {'vulners_cve_data_all': 'scripts/dscverify.pl in devscripts before 2.12.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to "arguments to external commands."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2240 was patched at 2024-05-15

9947. Unknown Vulnerability Type - Unknown Product (CVE-2012-2248) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2248 was patched at 2024-05-15

9948. Unknown Vulnerability Type - Unknown Product (CVE-2012-2350) - Low [95]

Description: {'vulners_cve_data_all': 'pam_shield before 0.9.4: Default configuration does not perform protective action', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2350 was patched at 2024-05-15

9949. Unknown Vulnerability Type - Unknown Product (CVE-2012-2352) - Low [95]

Description: {'vulners_cve_data_all': 'The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2352 was patched at 2024-05-15

9950. Unknown Vulnerability Type - Unknown Product (CVE-2012-2671) - Low [95]

Description: {'vulners_cve_data_all': 'The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other sensitive headers, which allows attackers to obtain sensitive cookie information, hijack web sessions, or have other unspecified impact by accessing the cache.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2671 was patched at 2024-05-15

9951. Unknown Vulnerability Type - Unknown Product (CVE-2012-5534) - Low [95]

Description: {'vulners_cve_data_all': 'The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "shell expansion."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5534 was patched at 2024-05-15

9952. Unknown Vulnerability Type - Unknown Product (CVE-2013-1436) - Low [95]

Description: {'vulners_cve_data_all': 'The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the xmobar window title, as demonstrated using an action tag.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1436 was patched at 2024-05-15

9953. Unknown Vulnerability Type - Unknown Product (CVE-2013-1809) - Low [95]

Description: {'vulners_cve_data_all': 'Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1809 was patched at 2024-05-15

9954. Unknown Vulnerability Type - Unknown Product (CVE-2013-2228) - Low [95]

Description: {'vulners_cve_data_all': 'SaltStack RSA Key Generation allows remote users to decrypt communications', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2228 was patched at 2024-05-15

9955. Unknown Vulnerability Type - Unknown Product (CVE-2013-4090) - Low [95]

Description: {'vulners_cve_data_all': 'Varnish HTTP cache before 3.0.4: ACL bug', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4090 was patched at 2024-05-15

9956. Unknown Vulnerability Type - Unknown Product (CVE-2013-4401) - Low [95]

Description: {'vulners_cve_data_all': 'The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4401 was patched at 2024-05-15

9957. Unknown Vulnerability Type - Unknown Product (CVE-2013-4438) - Low [95]

Description: {'vulners_cve_data_all': 'Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute arbitrary YAML code via unspecified vectors. NOTE: the vendor states that this might not be a vulnerability because the YAML to be loaded has already been determined to be safe.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4438 was patched at 2024-05-15

9958. Unknown Vulnerability Type - Unknown Product (CVE-2013-6824) - Low [95]

Description: {'vulners_cve_data_all': 'Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6824 was patched at 2024-05-15

9959. Unknown Vulnerability Type - Unknown Product (CVE-2013-6876) - Low [95]

Description: {'vulners_cve_data_all': 'The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the version number was not changed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6876 was patched at 2024-05-15

9960. Unknown Vulnerability Type - Unknown Product (CVE-2013-7089) - Low [95]

Description: {'vulners_cve_data_all': 'ClamAV before 0.97.7: dbg_printhex possible information leak', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7089 was patched at 2024-05-15

9961. Unknown Vulnerability Type - Unknown Product (CVE-2013-7469) - Low [95]

Description: {'vulners_cve_data_all': 'Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7469 was patched at 2024-05-15

9962. Unknown Vulnerability Type - Unknown Product (CVE-2014-0021) - Low [95]

Description: {'vulners_cve_data_all': 'Chrony before 1.29.1 has traffic amplification in cmdmon protocol', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0021 was patched at 2024-05-15

9963. Unknown Vulnerability Type - Unknown Product (CVE-2014-1226) - Low [95]

Description: {'vulners_cve_data_all': 'The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-6876.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1226 was patched at 2024-05-15

9964. Unknown Vulnerability Type - Unknown Product (CVE-2014-1846) - Low [95]

Description: {'vulners_cve_data_all': 'Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1846 was patched at 2024-05-15

9965. Unknown Vulnerability Type - Unknown Product (CVE-2014-1937) - Low [95]

Description: {'vulners_cve_data_all': 'Gamera before 3.4.1 insecurely creates temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1937 was patched at 2024-05-15

9966. Unknown Vulnerability Type - Unknown Product (CVE-2014-2581) - Low [95]

Description: {'vulners_cve_data_all': 'Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2581 was patched at 2024-05-15

9967. Unknown Vulnerability Type - Unknown Product (CVE-2014-2686) - Low [95]

Description: {'vulners_cve_data_all': 'Ansible prior to 1.5.4 mishandles the evaluation of some strings.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2686 was patched at 2024-05-15

9968. Unknown Vulnerability Type - Unknown Product (CVE-2014-3219) - Low [95]

Description: {'vulners_cve_data_all': 'fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3219 was patched at 2024-05-15

9969. Unknown Vulnerability Type - Unknown Product (CVE-2014-3462) - Low [95]

Description: {'vulners_cve_data_all': 'The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3462 was patched at 2024-05-15

9970. Unknown Vulnerability Type - Unknown Product (CVE-2014-3495) - Low [95]

Description: {'vulners_cve_data_all': 'duplicity 0.6.24 has improper verification of SSL certificates', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3495 was patched at 2024-05-15

9971. Unknown Vulnerability Type - Unknown Product (CVE-2014-7271) - Low [95]

Description: {'vulners_cve_data_all': 'Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to log in as user "sddm" without authentication.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-7271 was patched at 2024-05-15

9972. Unknown Vulnerability Type - Unknown Product (CVE-2014-9651) - Low [95]

Description: {'vulners_cve_data_all': 'Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9651 was patched at 2024-05-15

9973. Unknown Vulnerability Type - Unknown Product (CVE-2014-9773) - Low [95]

Description: {'vulners_cve_data_all': 'modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9773 was patched at 2024-05-15

9974. Unknown Vulnerability Type - Unknown Product (CVE-2014-9970) - Low [95]

Description: {'vulners_cve_data_all': 'jasypt before 1.9.2 allows a timing attack against the password hash comparison.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9970 was patched at 2024-05-15

9975. Unknown Vulnerability Type - Unknown Product (CVE-2015-0234) - Low [95]

Description: {'vulners_cve_data_all': 'Multiple temporary file creation vulnerabilities in pki-core 10.2.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0234 was patched at 2024-05-15

9976. Unknown Vulnerability Type - Unknown Product (CVE-2015-0778) - Low [95]

Description: {'vulners_cve_data_all': 'osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0778 was patched at 2024-05-15

9977. Unknown Vulnerability Type - Unknown Product (CVE-2015-1378) - Low [95]

Description: {'vulners_cve_data_all': 'cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1378 was patched at 2024-05-15

9978. Unknown Vulnerability Type - Unknown Product (CVE-2015-1416) - Low [95]

Description: {'vulners_cve_data_all': 'Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1416 was patched at 2024-05-15

9979. Unknown Vulnerability Type - Unknown Product (CVE-2015-1590) - Low [95]

Description: {'vulners_cve_data_all': 'The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1590 was patched at 2024-05-15

9980. Unknown Vulnerability Type - Unknown Product (CVE-2015-1591) - Low [95]

Description: {'vulners_cve_data_all': 'The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1591 was patched at 2024-05-15

9981. Unknown Vulnerability Type - Unknown Product (CVE-2015-20001) - Low [95]

Description: {'vulners_cve_data_all': 'In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory safety violation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-20001 was patched at 2024-05-15

9982. Unknown Vulnerability Type - Unknown Product (CVE-2015-5228) - Low [95]

Description: {'vulners_cve_data_all': 'The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5228 was patched at 2024-05-15

9983. Unknown Vulnerability Type - Unknown Product (CVE-2015-5236) - Low [95]

Description: {'vulners_cve_data_all': 'It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5236 was patched at 2024-05-15

9984. Unknown Vulnerability Type - Unknown Product (CVE-2015-5705) - Low [95]

Description: {'vulners_cve_data_all': 'Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5705 was patched at 2024-05-15

9985. Unknown Vulnerability Type - Unknown Product (CVE-2015-6520) - Low [95]

Description: {'vulners_cve_data_all': 'IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-6520 was patched at 2024-05-15

9986. Unknown Vulnerability Type - Unknown Product (CVE-2015-6817) - Low [95]

Description: {'vulners_cve_data_all': 'PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-6817 was patched at 2024-05-15

9987. Unknown Vulnerability Type - Unknown Product (CVE-2015-8314) - Low [95]

Description: {'vulners_cve_data_all': 'The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8314 was patched at 2024-05-15

9988. Unknown Vulnerability Type - Unknown Product (CVE-2015-8559) - Low [95]

Description: {'vulners_cve_data_all': 'The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8559 was patched at 2024-05-15

9989. Unknown Vulnerability Type - Unknown Product (CVE-2016-0807) - Low [95]

Description: {'vulners_cve_data_all': 'The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-0807 was patched at 2024-05-15

9990. Unknown Vulnerability Type - Unknown Product (CVE-2016-10117) - Low [95]

Description: {'vulners_cve_data_all': 'Firejail does not restrict access to --tmpfs, which allows local users to gain privileges, as demonstrated by mounting over /etc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10117 was patched at 2024-05-15

9991. Unknown Vulnerability Type - Unknown Product (CVE-2016-10119) - Low [95]

Description: {'vulners_cve_data_all': 'Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10119 was patched at 2024-05-15

9992. Unknown Vulnerability Type - Unknown Product (CVE-2016-10120) - Low [95]

Description: {'vulners_cve_data_all': 'Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10120 was patched at 2024-05-15

9993. Unknown Vulnerability Type - Unknown Product (CVE-2016-10121) - Low [95]

Description: {'vulners_cve_data_all': 'Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10121 was patched at 2024-05-15

9994. Unknown Vulnerability Type - Unknown Product (CVE-2016-10123) - Low [95]

Description: {'vulners_cve_data_all': 'Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10123 was patched at 2024-05-15

9995. Unknown Vulnerability Type - Unknown Product (CVE-2016-10518) - Low [95]

Description: {'vulners_cve_data_all': 'A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a pong frame and the previously given payload of the ping frame. This is exactly what you expect, but internally ws always transforms all data that we need to send to a Buffer instance and that is where the vulnerability existed. ws didn't do any checks for the type of data it was sending. With buffers in node when you allocate it when a number instead of a string it will allocate the amount of bytes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10518 was patched at 2024-05-15

9996. Unknown Vulnerability Type - Unknown Product (CVE-2016-10730) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10730 was patched at 2024-05-15

9997. Unknown Vulnerability Type - Unknown Product (CVE-2016-1880) - Low [95]

Description: {'vulners_cve_data_all': 'The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1880 was patched at 2024-05-15

9998. Unknown Vulnerability Type - Unknown Product (CVE-2016-1883) - Low [95]

Description: {'vulners_cve_data_all': 'The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1883 was patched at 2024-05-15

9999. Unknown Vulnerability Type - Unknown Product (CVE-2016-2568) - Low [95]

Description: {'vulners_cve_data_all': 'pkexec, when used with --user nonpriv, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2568 was patched at 2024-05-15

10000. Unknown Vulnerability Type - Unknown Product (CVE-2016-2779) - Low [95]

Description: {'vulners_cve_data_all': 'runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2779 was patched at 2024-05-15

10001. Unknown Vulnerability Type - Unknown Product (CVE-2016-3096) - Low [95]

Description: {'vulners_cve_data_all': 'The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3096 was patched at 2024-05-15

10002. Unknown Vulnerability Type - Unknown Product (CVE-2016-3995) - Low [95]

Description: {'vulners_cve_data_all': 'The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may be optimized out by the compiler, which allows attackers to conduct timing attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3995 was patched at 2024-05-15

10003. Unknown Vulnerability Type - Unknown Product (CVE-2016-4383) - Low [95]

Description: {'vulners_cve_data_all': 'The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4383 was patched at 2024-05-15

10004. Unknown Vulnerability Type - Unknown Product (CVE-2016-5007) - Low [95]

Description: {'vulners_cve_data_all': 'Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5007 was patched at 2024-05-15

10005. Unknown Vulnerability Type - Unknown Product (CVE-2016-5697) - Low [95]

Description: {'vulners_cve_data_all': 'Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5697 was patched at 2024-05-15

10006. Unknown Vulnerability Type - Unknown Product (CVE-2016-6299) - Low [95]

Description: {'vulners_cve_data_all': 'The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6299 was patched at 2024-05-15

10007. Unknown Vulnerability Type - Unknown Product (CVE-2016-8686) - Low [95]

Description: {'vulners_cve_data_all': 'The bm_new function in bitmap.h in potrace 1.13 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-8686 was patched at 2024-05-15

10008. Unknown Vulnerability Type - Unknown Product (CVE-2016-9122) - Low [95]

Description: {'vulners_cve_data_all': 'go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For example, users of the library might mistakenly read protected header values from an attached signature that was different from the one originally validated.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9122 was patched at 2024-05-15

10009. Unknown Vulnerability Type - Unknown Product (CVE-2017-1000016) - Low [95]

Description: {'vulners_cve_data_all': 'A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000016 was patched at 2024-05-15

10010. Unknown Vulnerability Type - Unknown Product (CVE-2017-1000420) - Low [95]

Description: {'vulners_cve_data_all': 'Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000420 was patched at 2024-05-15

10011. Unknown Vulnerability Type - Unknown Product (CVE-2017-1081) - Low [95]

Description: {'vulners_cve_data_all': 'In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using "keep state" or "keep frags" options can cause a kernel panic when fed specially crafted packet fragments due to incorrect memory handling.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1081 was patched at 2024-05-15

10012. Unknown Vulnerability Type - Unknown Product (CVE-2017-1082) - Low [95]

Description: {'vulners_cve_data_all': 'In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the input follows the pathological pattern.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1082 was patched at 2024-05-15

10013. Unknown Vulnerability Type - Unknown Product (CVE-2017-1083) - Low [95]

Description: {'vulners_cve_data_all': 'In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1083 was patched at 2024-05-15

10014. Unknown Vulnerability Type - Unknown Product (CVE-2017-11164) - Low [95]

Description: {'vulners_cve_data_all': 'In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11164 was patched at 2024-05-15

10015. Unknown Vulnerability Type - Unknown Product (CVE-2017-11343) - Low [95]

Description: {'vulners_cve_data_all': 'Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, when inserted into the symbol table, will result in O(n) lookup time.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-11343 was patched at 2024-05-15

10016. Unknown Vulnerability Type - Unknown Product (CVE-2017-12067) - Low [95]

Description: {'vulners_cve_data_all': 'Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic function in mkbitmap.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12067 was patched at 2024-05-15

10017. Unknown Vulnerability Type - Unknown Product (CVE-2017-13709) - Low [95]

Description: {'vulners_cve_data_all': 'In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger subsystem allows one to overwrite any file via a resource that affects the contents of the global Property Tree.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-13709 was patched at 2024-05-15

10018. Unknown Vulnerability Type - Unknown Product (CVE-2017-14102) - Low [95]

Description: {'vulners_cve_data_all': 'MIMEDefang 2.80 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by the init-script.in and mimedefang-init.in scripts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14102 was patched at 2024-05-15

10019. Unknown Vulnerability Type - Unknown Product (CVE-2017-14178) - Low [95]

Description: {'vulners_cve_data_all': 'In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14178 was patched at 2024-05-15

10020. Unknown Vulnerability Type - Unknown Product (CVE-2017-14610) - Low [95]

Description: {'vulners_cve_data_all': 'bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14610 was patched at 2024-05-15

10021. Unknown Vulnerability Type - Unknown Product (CVE-2017-15928) - Low [95]

Description: {'vulners_cve_data_all': 'In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but has not confirmed a security implication.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15928 was patched at 2024-05-15

10022. Unknown Vulnerability Type - Unknown Product (CVE-2017-16667) - Low [95]

Description: {'vulners_cve_data_all': 'backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16667 was patched at 2024-05-15

10023. Unknown Vulnerability Type - Unknown Product (CVE-2017-17850) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and the PJSIP channel driver was used, Asterisk would crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled, a user would have to first be authorized before reaching the crash point.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17850 was patched at 2024-05-15

10024. Unknown Vulnerability Type - Unknown Product (CVE-2017-17916) - Low [95]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17916 was patched at 2024-05-15

10025. Unknown Vulnerability Type - Unknown Product (CVE-2017-17917) - Low [95]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17917 was patched at 2024-05-15

10026. Unknown Vulnerability Type - Unknown Product (CVE-2017-17919) - Low [95]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17919 was patched at 2024-05-15

10027. Unknown Vulnerability Type - Unknown Product (CVE-2017-17920) - Low [95]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-17920 was patched at 2024-05-15

10028. Unknown Vulnerability Type - Unknown Product (CVE-2017-2659) - Low [95]

Description: {'vulners_cve_data_all': 'It was found that dropbear before version 2013.59 with GSSAPI leaks whether given username is valid or invalid. When an invalid username is given, the GSSAPI authentication failure was incorrectly counted towards the maximum allowed number of password attempts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2659 was patched at 2024-05-15

10029. Unknown Vulnerability Type - Unknown Product (CVE-2017-3164) - Low [95]

Description: {'vulners_cve_data_all': 'Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-3164 was patched at 2024-05-15

10030. Unknown Vulnerability Type - Unknown Product (CVE-2017-3204) - Low [95]

Description: {'vulners_cve_data_all': 'The Go SSH library (x/crypto/ssh) by default does not verify host keys, facilitating man-in-the-middle attacks. Default behavior changed in commit e4e2799 to require explicitly registering a hostkey verification mechanism.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-3204 was patched at 2024-05-15

10031. Unknown Vulnerability Type - Unknown Product (CVE-2017-5188) - Low [95]

Description: {'vulners_cve_data_all': 'The bs_worker code in open build service before 20170320 followed relative symlinks, allowing reading of files outside of the package source directory during build, allowing leakage of private information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5188 was patched at 2024-05-15

10032. Unknown Vulnerability Type - Unknown Product (CVE-2017-5207) - Low [95]

Description: {'vulners_cve_data_all': 'Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5207 was patched at 2024-05-15

10033. Unknown Vulnerability Type - Unknown Product (CVE-2017-6100) - Low [95]

Description: {'vulners_cve_data_all': 'tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6100 was patched at 2024-05-15

10034. Unknown Vulnerability Type - Unknown Product (CVE-2017-6594) - Low [95]

Description: {'vulners_cve_data_all': 'The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6594 was patched at 2024-05-15

10035. Unknown Vulnerability Type - Unknown Product (CVE-2017-7435) - Low [95]

Description: {'vulners_cve_data_all': 'In libzypp before 20170803 it was possible to add unsigned YUM repositories without warning to the user that could lead to man in the middle or malicious servers to inject malicious RPM packages into a users system.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7435 was patched at 2024-05-15

10036. Unknown Vulnerability Type - Unknown Product (CVE-2017-7524) - Low [95]

Description: {'vulners_cve_data_all': 'tpm2-tools versions before 1.1.1 are vulnerable to a password leak due to transmitting password in plaintext from client to server when generating HMAC.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7524 was patched at 2024-05-15

10037. Unknown Vulnerability Type - Unknown Product (CVE-2017-7892) - Low [95]

Description: {'vulners_cve_data_all': 'Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a bounds check in such calculations is Apple LLVM version 8.1.0 (clang-802.0.41). The attack vector is a crafted far pointer within a message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7892 was patched at 2024-05-15

10038. Unknown Vulnerability Type - Unknown Product (CVE-2017-8108) - Low [95]

Description: {'vulners_cve_data_all': 'Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8108 was patched at 2024-05-15

10039. Unknown Vulnerability Type - Unknown Product (CVE-2017-8109) - Low [95]

Description: {'vulners_cve_data_all': 'The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 copied over configuration from the Salt Master without adjusting permissions, which might leak credentials to local attackers on configured minions (clients).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8109 was patched at 2024-05-15

10040. Unknown Vulnerability Type - Unknown Product (CVE-2017-8315) - Low [95]

Description: {'vulners_cve_data_all': 'Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8315 was patched at 2024-05-15

10041. Unknown Vulnerability Type - Unknown Product (CVE-2017-8855) - Low [95]

Description: {'vulners_cve_data_all': 'wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8855 was patched at 2024-05-15

10042. Unknown Vulnerability Type - Unknown Product (CVE-2017-9106) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun (depending on the sizes of the types on the current platform). Of course the inputs ought to be right. And there are pointers in there too, so perhaps one could say that the caller ought to check these things. It may be better to require the caller to make the pointer structure right, but to have the code here be defensive about (and tolerate with an error but without crashing) out-of-range integer values. So: it should defend each of these integer conversion sites with a check for the actual permitted range, and return adns_s_invaliddata if not. The lack of this check causes the SOA sign extension bug to be a serious security problem: the sign extended SOA value is out of range, and overruns the buffer when reconverted. This is related to sign extending SOA 32-bit integer fields, and use of a signed data type.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9106 was patched at 2024-05-15

10043. Unknown Vulnerability Type - Unknown Product (CVE-2017-9108) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9108 was patched at 2024-05-15

10044. Unknown Vulnerability Type - Unknown Product (CVE-2017-9358) - Low [95]

Description: {'vulners_cve_data_all': 'A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9358 was patched at 2024-05-15

10045. Unknown Vulnerability Type - Unknown Product (CVE-2017-9729) - Low [95]

Description: {'vulners_cve_data_all': 'In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) in the check_dst_limits_calc_pos_1 function in misc/regex/regexec.c when processing a crafted regular expression.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9729 was patched at 2024-05-15

10046. Unknown Vulnerability Type - Unknown Product (CVE-2017-9779) - Low [95]

Description: {'vulners_cve_data_all': 'OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9779 was patched at 2024-05-15

10047. Unknown Vulnerability Type - Unknown Product (CVE-2018-10936) - Low [95]

Description: {'vulners_cve_data_all': 'A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10936 was patched at 2024-05-15

10048. Unknown Vulnerability Type - Unknown Product (CVE-2018-11365) - Low [95]

Description: {'vulners_cve_data_all': 'sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11365 was patched at 2024-05-15

10049. Unknown Vulnerability Type - Unknown Product (CVE-2018-12019) - Low [95]

Description: {'vulners_cve_data_all': 'The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12019 was patched at 2024-05-15

10050. Unknown Vulnerability Type - Unknown Product (CVE-2018-12248) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in mruby 1.4.1. There is a heap-based buffer over-read associated with OP_ENTER because mrbgems/mruby-fiber/src/fiber.c does not extend the stack in cases of many arguments to fiber.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12248 was patched at 2024-05-15

10051. Unknown Vulnerability Type - Unknown Product (CVE-2018-12687) - Low [95]

Description: {'vulners_cve_data_all': 'tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12687 was patched at 2024-05-15

10052. Unknown Vulnerability Type - Unknown Product (CVE-2018-1279) - Low [95]

Description: {'vulners_cve_data_all': 'Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1279 was patched at 2024-05-15

10053. Unknown Vulnerability Type - Unknown Product (CVE-2018-14345) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus can therefore unlock any graphical session. This is related to daemon/Display.cpp and helper/backend/PamBackend.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14345 was patched at 2024-05-15

10054. Unknown Vulnerability Type - Unknown Product (CVE-2018-14722) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in evaluate_auto_mountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-{scrub,balance,trim} are set to auto in /etc/sysconfig/btrfsmaintenance (this is not the default, though).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14722 was patched at 2024-05-15

10055. Unknown Vulnerability Type - Unknown Product (CVE-2018-17567) - Low [95]

Description: {'vulners_cve_data_all': 'Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the "include" key in the "_config.yml" file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17567 was patched at 2024-05-15

10056. Unknown Vulnerability Type - Unknown Product (CVE-2018-17846) - Low [95]

Description: {'vulners_cve_data_all': 'The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and inSelectInTableIM do not comply with a specification.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17846 was patched at 2024-05-15

10057. Unknown Vulnerability Type - Unknown Product (CVE-2018-17847) - Low [95]

Description: {'vulners_cve_data_all': 'The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in node.go, called from (*parser).clearActiveFormattingElements, during an html.Parse call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17847 was patched at 2024-05-15

10058. Unknown Vulnerability Type - Unknown Product (CVE-2018-17848) - Low [95]

Description: {'vulners_cve_data_all': 'The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in node.go, called from inHeadIM, during an html.Parse call.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17848 was patched at 2024-05-15

10059. Unknown Vulnerability Type - Unknown Product (CVE-2018-18250) - Low [95]

Description: {'vulners_cve_data_all': 'Icinga Web 2 before 2.6.2 allows parameters that break navigation dashlets, as demonstrated by a single '$' character as the Name of a Navigation item.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18250 was patched at 2024-05-15

10060. Unknown Vulnerability Type - Unknown Product (CVE-2018-18838) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in Netdata 1.10.0. Log Injection (or Log Forgery) exists via a %0a sequence in the url parameter to api/v1/registry.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18838 was patched at 2024-05-15

10061. Unknown Vulnerability Type - Unknown Product (CVE-2018-19120) - Low [95]

Description: {'vulners_cve_data_all': 'The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19120 was patched at 2024-05-15

10062. Unknown Vulnerability Type - Unknown Product (CVE-2018-19214) - Low [95]

Description: {'vulners_cve_data_all': 'Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19214 was patched at 2024-05-15

10063. Unknown Vulnerability Type - Unknown Product (CVE-2018-19215) - Low [95]

Description: {'vulners_cve_data_all': 'Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19215 was patched at 2024-05-15

10064. Unknown Vulnerability Type - Unknown Product (CVE-2018-19801) - Low [95]

Description: {'vulners_cve_data_all': 'aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19801 was patched at 2024-05-15

10065. Unknown Vulnerability Type - Unknown Product (CVE-2018-19802) - Low [95]

Description: {'vulners_cve_data_all': 'aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19802 was patched at 2024-05-15

10066. Unknown Vulnerability Type - Unknown Product (CVE-2018-19865) - Low [95]

Description: {'vulners_cve_data_all': 'A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19865 was patched at 2024-05-15

10067. Unknown Vulnerability Type - Unknown Product (CVE-2018-20225) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20225 was patched at 2024-05-15

10068. Unknown Vulnerability Type - Unknown Product (CVE-2018-25023) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-25023 was patched at 2024-05-15

10069. Unknown Vulnerability Type - Unknown Product (CVE-2018-25060) - Low [95]

Description: {'vulners_cve_data_all': 'A vulnerability was found in Macaron csrf and classified as problematic. Affected by this issue is some unknown functionality of the file csrf.go. The manipulation of the argument Generate leads to sensitive cookie without secure attribute. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as dadd1711a617000b70e5e408a76531b73187031c. It is recommended to apply a patch to fix this issue. VDB-217058 is the identifier assigned to this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-25060 was patched at 2024-05-15

10070. Unknown Vulnerability Type - Unknown Product (CVE-2018-5698) - Low [95]

Description: {'vulners_cve_data_all': 'libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over-read via an unterminated string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-5698 was patched at 2024-05-15

10071. Unknown Vulnerability Type - Unknown Product (CVE-2018-6508) - Low [95]

Description: {'vulners_cve_data_all': 'Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6508 was patched at 2024-05-15

10072. Unknown Vulnerability Type - Unknown Product (CVE-2018-6532) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in Icinga 2.x through 2.8.1. By sending specially crafted (authenticated and unauthenticated) requests, an attacker can exhaust a lot of memory on the server side, triggering the OOM killer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6532 was patched at 2024-05-15

10073. Unknown Vulnerability Type - Unknown Product (CVE-2018-6533) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in Icinga 2.x through 2.8.1. By editing the init.conf file, Icinga 2 can be run as root. Following this the program can be used to run arbitrary code as root. This was fixed by no longer using init.conf to determine account information for any root-executed code (a larger issue than CVE-2017-16933).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6533 was patched at 2024-05-15

10074. Unknown Vulnerability Type - Unknown Product (CVE-2018-6535) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in Icinga 2.x through 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6535 was patched at 2024-05-15

10075. Unknown Vulnerability Type - Unknown Product (CVE-2018-6919) - Low [95]

Description: {'vulners_cve_data_all': 'In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, 10.4-RELEASE-p8 and 10.3-RELEASE-p28, due to insufficient initialization of memory copied to userland, small amounts of kernel memory may be disclosed to userland processes. Unprivileged users may be able to access small amounts privileged kernel data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6919 was patched at 2024-05-15

10076. Unknown Vulnerability Type - Unknown Product (CVE-2018-7685) - Low [95]

Description: {'vulners_cve_data_all': 'The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7685 was patched at 2024-05-15

10077. Unknown Vulnerability Type - Unknown Product (CVE-2018-8882) - Low [95]

Description: {'vulners_cve_data_all': 'Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-8882 was patched at 2024-05-15

10078. Unknown Vulnerability Type - Unknown Product (CVE-2018-8883) - Low [95]

Description: {'vulners_cve_data_all': 'Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-8883 was patched at 2024-05-15

10079. Unknown Vulnerability Type - Unknown Product (CVE-2019-1000021) - Low [95]

Description: {'vulners_cve_data_all': 'slixmpp version before commit 7cd73b594e8122dddf847953fcfc85ab4d316416 contains an incorrect Access Control vulnerability in XEP-0223 plugin (Persistent Storage of Private Data via PubSub) options profile, used for the configuration of default access model that can result in all of the contacts of the victim can see private data having been published to a PEP node. This attack appears to be exploitable if the user of this library publishes any private data on PEP, the node isn't configured to be private. This vulnerability appears to have been fixed in commit 7cd73b594e8122dddf847953fcfc85ab4d316416 which is included in slixmpp 1.4.2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1000021 was patched at 2024-05-15

10080. Unknown Vulnerability Type - Unknown Product (CVE-2019-10051) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in Suricata 4.1.3. If the function filetracker_newchunk encounters an unsafe "Some(sfcm) => { ft.new_chunk }" item, then the program enters an smb/files.rs error condition and crashes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10051 was patched at 2024-05-15

10081. Unknown Vulnerability Type - Unknown Product (CVE-2019-10054) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memory access and the program crashes within the nfs/nfs3.rs file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10054 was patched at 2024-05-15

10082. Unknown Vulnerability Type - Unknown Product (CVE-2019-10056) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and doesn't determine the current length. Specifically, if the packet is exactly 28 long, in the first iteration it subtracts 14 bytes. Then, it is working with a packet length of 14. At this point, the case distinction says it is a valid packet. After that it casts the packet, but this packet has no type, and the program crashes at the type case distinction.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10056 was patched at 2024-05-15

10083. Unknown Vulnerability Type - Unknown Product (CVE-2019-10691) - Low [95]

Description: {'vulners_cve_data_all': 'The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10691 was patched at 2024-05-15

10084. Unknown Vulnerability Type - Unknown Product (CVE-2019-10773) - Low [95]

Description: {'vulners_cve_data_all': 'In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10773 was patched at 2024-05-15

10085. Unknown Vulnerability Type - Unknown Product (CVE-2019-11502) - Low [95]

Description: {'vulners_cve_data_all': 'snap-confine in snapd before 2.38 incorrectly set the ownership of a snap application to the uid and gid of the first calling user. Consequently, that user had unintended access to a private /tmp directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11502 was patched at 2024-05-15

10086. Unknown Vulnerability Type - Unknown Product (CVE-2019-11503) - Low [95]

Description: {'vulners_cve_data_all': 'snap-confine as included in snapd before 2.39 did not guard against symlink races when performing the chdir() to the current working directory of the calling user, aka a "cwd restore permission bypass."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11503 was patched at 2024-05-15

10087. Unknown Vulnerability Type - Unknown Product (CVE-2019-12214) - Low [95]

Description: {'vulners_cve_data_all': 'In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12214 was patched at 2024-05-15

10088. Unknown Vulnerability Type - Unknown Product (CVE-2019-12760) - Low [95]

Description: {'vulners_cve_data_all': 'A deserialization vulnerability exists in the way parso through 0.4.0 handles grammar parsing from the cache. Cache loading relies on pickle and, provided that an evil pickle can be written to a cache grammar file and that its parsing can be triggered, this flaw leads to Arbitrary Code Execution. NOTE: This is disputed because "the cache directory is not under control of the attacker in any common configuration.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12760 was patched at 2024-05-15

10089. Unknown Vulnerability Type - Unknown Product (CVE-2019-13104) - Low [95]

Description: {'vulners_cve_data_all': 'In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-13104 was patched at 2024-05-15

10090. Unknown Vulnerability Type - Unknown Product (CVE-2019-13105) - Low [95]

Description: {'vulners_cve_data_all': 'Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-13105 was patched at 2024-05-15

10091. Unknown Vulnerability Type - Unknown Product (CVE-2019-13179) - Low [95]

Description: {'vulners_cve_data_all': 'Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /crypto_keyfile.bin (mode 0600 owned by root) to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption keys for LUKS containers created with Full Disk Encryption.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-13179 was patched at 2024-05-15

10092. Unknown Vulnerability Type - Unknown Product (CVE-2019-14381) - Low [95]

Description: {'vulners_cve_data_all': 'libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14381 was patched at 2024-05-15

10093. Unknown Vulnerability Type - Unknown Product (CVE-2019-14511) - Low [95]

Description: {'vulners_cve_data_all': 'Sphinx Technologies Sphinx 3.1.1 by default has no authentication and listens on 0.0.0.0, making it exposed to the internet (unless filtered by a firewall or reconfigured to listen to 127.0.0.1 only).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14511 was patched at 2024-05-15

10094. Unknown Vulnerability Type - Unknown Product (CVE-2019-14523) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14523 was patched at 2024-05-15

10095. Unknown Vulnerability Type - Unknown Product (CVE-2019-15553) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in the memoffset crate before 0.5.0 for Rust. offset_of and span_of can cause exposure of uninitialized memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15553 was patched at 2024-05-15

10096. Unknown Vulnerability Type - Unknown Product (CVE-2019-15947) - Low [95]

Description: {'vulners_cve_data_all': 'In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys, via a grep "6231 0500" command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15947 was patched at 2024-05-15

10097. Unknown Vulnerability Type - Unknown Product (CVE-2019-16137) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in the spin crate before 0.5.2 for Rust, when RwLock is used. Because memory ordering is mishandled, two writers can acquire the lock at the same time, violating mutual exclusion.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16137 was patched at 2024-05-15

10098. Unknown Vulnerability Type - Unknown Product (CVE-2019-16228) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16228 was patched at 2024-05-15

10099. Unknown Vulnerability Type - Unknown Product (CVE-2019-16760) - Low [95]

Description: {'vulners_cve_data_all': 'Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the `package` key to rename dependencies in `Cargo.toml` is ignored in Rust 1.25.0 and prior. When Rust 1.25.0 and prior is used Cargo may download the wrong dependency, which could be squatted on crates.io to be a malicious package. This not only affects manifests that you write locally yourself, but also manifests published to crates.io. Rust 1.0.0 through Rust 1.25.0 is affected by this advisory because Cargo will ignore the `package` key in manifests. Rust 1.26.0 through Rust 1.30.0 are not affected and typically will emit an error because the `package` key is unstable. Rust 1.31.0 and after are not affected because Cargo understands the `package` key. Users of the affected versions are strongly encouraged to update their compiler to the latest available one. Preventing this issue from happening requires updating your compiler to be either Rust 1.26.0 or newer. There will be no point release for Rust versions prior to 1.26.0. Users of Rust 1.19.0 to Rust 1.25.0 can instead apply linked patches to mitigate the issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16760 was patched at 2024-05-15

10100. Unknown Vulnerability Type - Unknown Product (CVE-2019-17068) - Low [95]

Description: {'vulners_cve_data_all': 'PuTTY before 0.73 mishandles the "bracketed paste mode" protection mechanism, which may allow a session to be affected by malicious clipboard content.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17068 was patched at 2024-05-15

10101. Unknown Vulnerability Type - Unknown Product (CVE-2019-17221) - Low [95]

Description: {'vulners_cve_data_all': 'PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open() function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HTML file, as user input, that allows reading arbitrary files on the filesystem. For example, if page.render() is the function callback, this generates a PDF or an image of the targeted file. NOTE: this product is no longer developed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17221 was patched at 2024-05-15

10102. Unknown Vulnerability Type - Unknown Product (CVE-2019-19191) - Low [95]

Description: {'vulners_cve_data_all': 'Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19191 was patched at 2024-05-15

10103. Unknown Vulnerability Type - Unknown Product (CVE-2019-19962) - Low [95]

Description: {'vulners_cve_data_all': 'wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19962 was patched at 2024-05-15

10104. Unknown Vulnerability Type - Unknown Product (CVE-2019-20176) - Low [95]

Description: {'vulners_cve_data_all': 'In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the listdir function in ls.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20176 was patched at 2024-05-15

10105. Unknown Vulnerability Type - Unknown Product (CVE-2019-3574) - Low [95]

Description: {'vulners_cve_data_all': 'In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-3574 was patched at 2024-05-15

10106. Unknown Vulnerability Type - Unknown Product (CVE-2019-5432) - Low [95]

Description: {'vulners_cve_data_all': 'A specifically malformed MQTT Subscribe packet crashes MQTT Brokers using the mqtt-packet module versions < 3.5.1, 4.0.0 - 4.1.3, 5.0.0 - 5.6.1, 6.0.0 - 6.1.2 for decoding.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5432 was patched at 2024-05-15

10107. Unknown Vulnerability Type - Unknown Product (CVE-2019-5448) - Low [95]

Description: {'vulners_cve_data_all': 'Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5448 was patched at 2024-05-15

10108. Unknown Vulnerability Type - Unknown Product (CVE-2019-5606) - Low [95]

Description: {'vulners_cve_data_all': 'In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r349806, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, code which handles close of a descriptor created by posix_openpt fails to undo a signal configuration. This causes an incorrect signal to be raised leading to a write after free of kernel memory allowing a malicious user to gain root privileges or escape a jail.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5606 was patched at 2024-05-15

10109. Unknown Vulnerability Type - Unknown Product (CVE-2019-5609) - Low [95]

Description: {'vulners_cve_data_all': 'In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5609 was patched at 2024-05-15

10110. Unknown Vulnerability Type - Unknown Product (CVE-2019-5612) - Low [95]

Description: {'vulners_cve_data_all': 'In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r351265, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, the kernel driver for /dev/midistat implements a read handler that is not thread-safe. A multi-threaded program can exploit races in the handler to copy out kernel memory outside the boundaries of midistat's data buffer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5612 was patched at 2024-05-15

10111. Unknown Vulnerability Type - Unknown Product (CVE-2019-7347) - Low [95]

Description: {'vulners_cve_data_all': 'A Time-of-check Time-of-use (TOCTOU) Race Condition exists in ZoneMinder through 1.32.3 as a session remains active for an authenticated user even after deletion from the users table. This allows a nonexistent user to access and modify records (add/delete Monitors, Users, etc.).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7347 was patched at 2024-05-15

10112. Unknown Vulnerability Type - Unknown Product (CVE-2019-9031) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in libmatio.a in matio (aka MAT File I/O Library) 1.5.13. There is a NULL pointer dereference in the function Mat_VarFree() in mat.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9031 was patched at 2024-05-15

10113. Unknown Vulnerability Type - Unknown Product (CVE-2020-10573) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10573 was patched at 2024-05-15

10114. Unknown Vulnerability Type - Unknown Product (CVE-2020-10648) - Low [95]

Description: {'vulners_cve_data_all': 'Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10648 was patched at 2024-05-15

10115. Unknown Vulnerability Type - Unknown Product (CVE-2020-11865) - Low [95]

Description: {'vulners_cve_data_all': 'libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11865 was patched at 2024-05-15

10116. Unknown Vulnerability Type - Unknown Product (CVE-2020-12667) - Low [95]

Description: {'vulners_cve_data_all': 'Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-12667 was patched at 2024-05-15

10117. Unknown Vulnerability Type - Unknown Product (CVE-2020-12758) - Low [95]

Description: {'vulners_cve_data_all': 'HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-12758 was patched at 2024-05-15

10118. Unknown Vulnerability Type - Unknown Product (CVE-2020-13170) - Low [95]

Description: {'vulners_cve_data_all': 'HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13170 was patched at 2024-05-15

10119. Unknown Vulnerability Type - Unknown Product (CVE-2020-13649) - Low [95]

Description: {'vulners_cve_data_all': 'parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13649 was patched at 2024-05-15

10120. Unknown Vulnerability Type - Unknown Product (CVE-2020-13898) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13898 was patched at 2024-05-15

10121. Unknown Vulnerability Type - Unknown Product (CVE-2020-13899) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13899 was patched at 2024-05-15

10122. Unknown Vulnerability Type - Unknown Product (CVE-2020-13900) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-13900 was patched at 2024-05-15

10123. Unknown Vulnerability Type - Unknown Product (CVE-2020-14004) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-14004 was patched at 2024-05-15

10124. Unknown Vulnerability Type - Unknown Product (CVE-2020-15396) - Low [95]

Description: {'vulners_cve_data_all': 'In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15396 was patched at 2024-05-15

10125. Unknown Vulnerability Type - Unknown Product (CVE-2020-16094) - Low [95]

Description: {'vulners_cve_data_all': 'In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-16094 was patched at 2024-05-15

10126. Unknown Vulnerability Type - Unknown Product (CVE-2020-17448) - Low [95]

Description: {'vulners_cve_data_all': 'Telegram Desktop through 2.1.13 allows a spoofed file type to bypass the Dangerous File Type Execution protection mechanism, as demonstrated by use of the chat window with a filename that lacks an extension.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-17448 was patched at 2024-05-15

10127. Unknown Vulnerability Type - Unknown Product (CVE-2020-17495) - Low [95]

Description: {'vulners_cve_data_all': 'django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may contain sensitive cleartext information that does not belong unencrypted in the database.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-17495 was patched at 2024-05-15

10128. Unknown Vulnerability Type - Unknown Product (CVE-2020-17497) - Low [95]

Description: {'vulners_cve_data_all': 'eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to trigger a PTK reinstallation by retransmitting EAPOL Msg4/4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-17497 was patched at 2024-05-15

10129. Unknown Vulnerability Type - Unknown Product (CVE-2020-21426) - Low [95]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21426 was patched at 2024-05-15

10130. Unknown Vulnerability Type - Unknown Product (CVE-2020-21722) - Low [95]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote attackers to run arbitrary code via opening of crafted ogg file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21722 was patched at 2024-05-15

10131. Unknown Vulnerability Type - Unknown Product (CVE-2020-21724) - Low [95]

Description: {'vulners_cve_data_all': 'Buffer Overflow vulnerability in ExtractorInformation function in streamExtractor.cpp in oggvideotools 0.9.1 allows remaote attackers to run arbitrary code via opening of crafted ogg file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21724 was patched at 2024-05-15

10132. Unknown Vulnerability Type - Unknown Product (CVE-2020-24342) - Low [95]

Description: {'vulners_cve_data_all': 'Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24342 was patched at 2024-05-15

10133. Unknown Vulnerability Type - Unknown Product (CVE-2020-24369) - Low [95]

Description: {'vulners_cve_data_all': 'ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24369 was patched at 2024-05-15

10134. Unknown Vulnerability Type - Unknown Product (CVE-2020-25031) - Low [95]

Description: {'vulners_cve_data_all': 'checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25031 was patched at 2024-05-15

10135. Unknown Vulnerability Type - Unknown Product (CVE-2020-25791) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25791 was patched at 2024-05-15

10136. Unknown Vulnerability Type - Unknown Product (CVE-2020-25792) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25792 was patched at 2024-05-15

10137. Unknown Vulnerability Type - Unknown Product (CVE-2020-25793) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25793 was patched at 2024-05-15

10138. Unknown Vulnerability Type - Unknown Product (CVE-2020-25794) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25794 was patched at 2024-05-15

10139. Unknown Vulnerability Type - Unknown Product (CVE-2020-25795) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insert_from can have a memory-safety issue upon a panic.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25795 was patched at 2024-05-15

10140. Unknown Vulnerability Type - Unknown Product (CVE-2020-25796) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation, an unaligned reference may be generated for a type that has a large alignment requirement.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25796 was patched at 2024-05-15

10141. Unknown Vulnerability Type - Unknown Product (CVE-2020-26160) - Low [95]

Description: {'vulners_cve_data_all': 'jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-26160 was patched at 2024-05-15

10142. Unknown Vulnerability Type - Unknown Product (CVE-2020-27796) - Low [95]

Description: {'vulners_cve_data_all': 'A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27796 was patched at 2024-05-15

10143. Unknown Vulnerability Type - Unknown Product (CVE-2020-27799) - Low [95]

Description: {'vulners_cve_data_all': 'A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27799 was patched at 2024-05-15

10144. Unknown Vulnerability Type - Unknown Product (CVE-2020-27800) - Low [95]

Description: {'vulners_cve_data_all': 'A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27800 was patched at 2024-05-15

10145. Unknown Vulnerability Type - Unknown Product (CVE-2020-27801) - Low [95]

Description: {'vulners_cve_data_all': 'A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27801 was patched at 2024-05-15

10146. Unknown Vulnerability Type - Unknown Product (CVE-2020-35450) - Low [95]

Description: {'vulners_cve_data_all': 'Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35450 was patched at 2024-05-15

10147. Unknown Vulnerability Type - Unknown Product (CVE-2020-35711) - Low [95]

Description: {'vulners_cve_data_all': 'An issue has been discovered in the arc-swap crate before 0.4.8 (and 1.x before 1.1.0) for Rust. Use of arc_swap::access::Map with the Constant test helper (or with a user-supplied implementation of the Access trait) could sometimes lead to dangling references being returned by the map.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35711 was patched at 2024-05-15

10148. Unknown Vulnerability Type - Unknown Product (CVE-2020-35766) - Low [95]

Description: {'vulners_cve_data_all': 'The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the "A number of self-test programs are included here for unit-testing the library" situation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35766 was patched at 2024-05-15

10149. Unknown Vulnerability Type - Unknown Product (CVE-2020-35861) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35861 was patched at 2024-05-15

10150. Unknown Vulnerability Type - Unknown Product (CVE-2020-36254) - Low [95]

Description: {'vulners_cve_data_all': 'scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36254 was patched at 2024-05-15

10151. Unknown Vulnerability Type - Unknown Product (CVE-2020-36604) - Low [95]

Description: {'vulners_cve_data_all': 'hoek before 8.5.1 and 9.x before 9.0.3 allows prototype poisoning in the clone function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36604 was patched at 2024-05-15

10152. Unknown Vulnerability Type - Unknown Product (CVE-2020-36649) - Low [95]

Description: {'vulners_cve_data_all': 'A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36649 was patched at 2024-05-15

10153. Unknown Vulnerability Type - Unknown Product (CVE-2020-5254) - Low [95]

Description: {'vulners_cve_data_all': 'In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5254 was patched at 2024-05-15

10154. Unknown Vulnerability Type - Unknown Product (CVE-2020-5275) - Low [95]

Description: {'vulners_cve_data_all': 'In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that should have been take into account in an unanimous strategy. The accessDecisionManager is now called with all attributes at once, allowing the unanimous strategy being applied on each attribute. This issue is patched in versions 4.4.7 and 5.0.7.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5275 was patched at 2024-05-15

10155. Unknown Vulnerability Type - Unknown Product (CVE-2020-7694) - Low [95]

Description: {'vulners_cve_data_all': 'This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to either the console or a log file. When attackers request crafted URLs with percent-encoded escape sequences, the logging component will log the URL after it's been processed with urllib.parse.unquote, therefore converting any percent-encoded characters into their single-character equivalent, which can have special meaning in terminal emulators. By requesting URLs with crafted paths, attackers can: * Pollute uvicorn's access logs, therefore jeopardising the integrity of such files. * Use ANSI sequence codes to attempt to interact with the terminal emulator that's displaying the logs (either in real time or from a file).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7694 was patched at 2024-05-15

10156. Unknown Vulnerability Type - Unknown Product (CVE-2020-7943) - Low [95]

Description: {'vulners_cve_data_all': 'Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE 2018.1.13 & 2019.5.0, Puppet Server 6.9.2 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default. This affects software versions: Puppet Enterprise 2018.1.x stream prior to 2018.1.13 Puppet Enterprise prior to 2019.5.0 Puppet Server prior to 6.9.2 Puppet Server prior to 5.3.12 PuppetDB prior to 6.9.1 PuppetDB prior to 5.2.13 Resolved in: Puppet Enterprise 2018.1.13 Puppet Enterprise 2019.5.0 Puppet Server 6.9.2 Puppet Server 5.3.12 PuppetDB 6.9.1 PuppetDB 5.2.13', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7943 was patched at 2024-05-15

10157. Unknown Vulnerability Type - Unknown Product (CVE-2020-8225) - Low [95]

Description: {'vulners_cve_data_all': 'A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-8225 was patched at 2024-05-15

10158. Unknown Vulnerability Type - Unknown Product (CVE-2020-9272) - Low [95]

Description: {'vulners_cve_data_all': 'ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-9272 was patched at 2024-05-15

10159. Unknown Vulnerability Type - Unknown Product (CVE-2020-9365) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-9365 was patched at 2024-05-15

10160. Unknown Vulnerability Type - Unknown Product (CVE-2021-20274) - Low [95]

Description: {'vulners_cve_data_all': 'A flaw was found in privoxy before 3.0.32. A crash may occur due a NULL-pointer dereference when the socks server misbehaves.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-20274 was patched at 2024-05-15

10161. Unknown Vulnerability Type - Unknown Product (CVE-2021-20304) - Low [95]

Description: {'vulners_cve_data_all': 'A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-20304 was patched at 2024-05-15

10162. Unknown Vulnerability Type - Unknown Product (CVE-2021-23556) - Low [95]

Description: {'vulners_cve_data_all': 'The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of execute_command and execute_command_by_uuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. **Note:** Exploitation requires the user to have installed another malicious program that will be able to send dbus signals or run terminal commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-23556 was patched at 2024-05-15

10163. Unknown Vulnerability Type - Unknown Product (CVE-2021-26717) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before 18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream, then Asterisk would crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26717 was patched at 2024-05-15

10164. Unknown Vulnerability Type - Unknown Product (CVE-2021-27097) - Low [95]

Description: {'vulners_cve_data_all': 'The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-27097 was patched at 2024-05-15

10165. Unknown Vulnerability Type - Unknown Product (CVE-2021-27138) - Low [95]

Description: {'vulners_cve_data_all': 'The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-27138 was patched at 2024-05-15

10166. Unknown Vulnerability Type - Unknown Product (CVE-2021-28117) - Low [95]

Description: {'vulners_cve_data_all': 'libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28117 was patched at 2024-05-15

10167. Unknown Vulnerability Type - Unknown Product (CVE-2021-28899) - Low [95]

Description: {'vulners_cve_data_all': 'Vulnerability in the AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses in Networks LIVE555 Streaming Media before 2021.3.16.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28899 was patched at 2024-05-15

10168. Unknown Vulnerability Type - Unknown Product (CVE-2021-28994) - Low [95]

Description: {'vulners_cve_data_all': 'kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28994 was patched at 2024-05-15

10169. Unknown Vulnerability Type - Unknown Product (CVE-2021-29632) - Low [95]

Description: {'vulners_cve_data_all': 'In FreeBSD 13.0-STABLE before n247428-9352de39c3dc, 12.2-STABLE before r370674, 13.0-RELEASE before p6, and 12.2-RELEASE before p12, certain conditions involving use of the highlight buffer while text is scrolling on the console, console data may overwrite data structures associated with the system console or other kernel memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29632 was patched at 2024-05-15

10170. Unknown Vulnerability Type - Unknown Product (CVE-2021-31523) - Low [95]

Description: {'vulners_cve_data_all': 'The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31523 was patched at 2024-05-15

10171. Unknown Vulnerability Type - Unknown Product (CVE-2021-32421) - Low [95]

Description: {'vulners_cve_data_all': 'dpic 2021.01.01 has a Heap Use-After-Free in thedeletestringbox() function in dpic.y.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32421 was patched at 2024-05-15

10172. Unknown Vulnerability Type - Unknown Product (CVE-2021-32773) - Low [95]

Description: {'vulners_cve_data_all': 'Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow system functions to be controlled by the attacker, giving access to facilities intended to be restricted. This problem is fixed in Racket version 8.2. A workaround is available, depending on system settings. For systems that provide arbitrary Racket evaluation, external sandboxing such as containers limit the impact of the problem. For multi-user evaluation systems, such as the `handin-server` system, it is not possible to work around this problem and upgrading is required.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32773 was patched at 2024-05-15

10173. Unknown Vulnerability Type - Unknown Product (CVE-2021-33589) - Low [95]

Description: {'vulners_cve_data_all': 'Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33589 was patched at 2024-05-15

10174. Unknown Vulnerability Type - Unknown Product (CVE-2021-34193) - Low [95]

Description: {'vulners_cve_data_all': 'Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-34193 was patched at 2024-05-15

10175. Unknown Vulnerability Type - Unknown Product (CVE-2021-35063) - Low [95]

Description: {'vulners_cve_data_all': 'Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-35063 was patched at 2024-05-15

10176. Unknown Vulnerability Type - Unknown Product (CVE-2021-3567) - Low [95]

Description: {'vulners_cve_data_all': 'A flaw was found in Caribou due to a regression of CVE-2020-25712 fix. An attacker could use this flaw to bypass screen-locking applications that leverage Caribou as an input mechanism. The highest threat from this vulnerability is to system availability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3567 was patched at 2024-05-15

10177. Unknown Vulnerability Type - Unknown Product (CVE-2021-37491) - Low [95]

Description: {'vulners_cve_data_all': 'An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction() function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37491 was patched at 2024-05-15

10178. Unknown Vulnerability Type - Unknown Product (CVE-2021-37819) - Low [95]

Description: {'vulners_cve_data_all': 'PDF Labs pdftk-java v3.2.3 was discovered to contain an infinite loop via the component /text/pdf/PdfReader.java.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37819 was patched at 2024-05-15

10179. Unknown Vulnerability Type - Unknown Product (CVE-2021-3842) - Low [95]

Description: {'vulners_cve_data_all': 'nltk is vulnerable to Inefficient Regular Expression Complexity', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3842 was patched at 2024-05-15

10180. Unknown Vulnerability Type - Unknown Product (CVE-2021-38511) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in the tar crate before 0.4.36 for Rust. When symlinks are present in a TAR archive, extraction can create arbitrary directories via .. traversal.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38511 was patched at 2024-05-15

10181. Unknown Vulnerability Type - Unknown Product (CVE-2021-40083) - Low [95]

Description: {'vulners_cve_data_all': 'Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40083 was patched at 2024-05-15

10182. Unknown Vulnerability Type - Unknown Product (CVE-2021-4041) - Low [95]

Description: {'vulners_cve_data_all': 'A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4041 was patched at 2024-05-15

10183. Unknown Vulnerability Type - Unknown Product (CVE-2021-4110) - Low [95]

Description: {'vulners_cve_data_all': 'mruby is vulnerable to NULL Pointer Dereference', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4110 was patched at 2024-05-15

10184. Unknown Vulnerability Type - Unknown Product (CVE-2021-41247) - Low [95]

Description: {'vulners_cve_data_all': 'JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials (for the single-user server only, not the Hub) reinstated after logout, if another active JupyterLab session is open while the logout takes place. Upgrade to JupyterHub 1.5. For distributed deployments, it is jupyterhub in the _user_ environment that needs patching. There are no patches necessary in the Hub environment. The only workaround is to make sure that only one JupyterLab tab is open when you log out.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41247 was patched at 2024-05-15

10185. Unknown Vulnerability Type - Unknown Product (CVE-2021-41490) - Low [95]

Description: {'vulners_cve_data_all': 'Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavior.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41490 was patched at 2024-05-15

10186. Unknown Vulnerability Type - Unknown Product (CVE-2021-41683) - Low [95]

Description: {'vulners_cve_data_all': 'There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_type in JerryScript 2.4.0', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41683 was patched at 2024-05-15

10187. Unknown Vulnerability Type - Unknown Product (CVE-2021-4249) - Low [95]

Description: {'vulners_cve_data_all': 'A vulnerability was found in xml-conduit. It has been classified as problematic. Affected is an unknown function of the file xml-conduit/src/Text/XML/Stream/Parse.hs of the component DOCTYPE Entity Expansion Handler. The manipulation leads to infinite loop. It is possible to launch the attack remotely. Upgrading to version 1.9.1.0 is able to address this issue. The name of the patch is 4be1021791dcdee8b164d239433a2043dc0939ea. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216204.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4249 was patched at 2024-05-15

10188. Unknown Vulnerability Type - Unknown Product (CVE-2021-4258) - Low [95]

Description: {'vulners_cve_data_all': 'A vulnerability was found in whohas. It has been rated as problematic. This issue affects some unknown processing of the component Package Information Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment. The name of the patch is 667c3e2e9178f15c23d7918b5db25cd0792c8472. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216251. NOTE: Most sources redirect to the encrypted site which limits the possibilities of an attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4258 was patched at 2024-05-15

10189. Unknown Vulnerability Type - Unknown Product (CVE-2021-42612) - Low [95]

Description: {'vulners_cve_data_all': 'A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42612 was patched at 2024-05-15

10190. Unknown Vulnerability Type - Unknown Product (CVE-2021-42614) - Low [95]

Description: {'vulners_cve_data_all': 'A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42614 was patched at 2024-05-15

10191. Unknown Vulnerability Type - Unknown Product (CVE-2021-43172) - Low [95]

Description: {'vulners_cve_data_all': 'NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of another CA using a different RRDP repository, a malicious CA can create a chain of CAs of de-facto infinite length. Routinator prior to version 0.10.2 did not contain a limit on the length of such a chain and will therefore continue to process this chain forever. As a result, the validation run will never finish, leading to Routinator continuing to serve the old data set or, if in the initial validation run directly after starting, never serve any data at all.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43172 was patched at 2024-05-15

10192. Unknown Vulnerability Type - Unknown Product (CVE-2021-4435) - Low [95]

Description: {'vulners_cve_data_all': 'An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4435 was patched at 2024-05-15

10193. Unknown Vulnerability Type - Unknown Product (CVE-2021-44495) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in YottaDB through r1.32 and V7.0-000 and FIS GT.M through V7.0-000. Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44495 was patched at 2024-05-15

10194. Unknown Vulnerability Type - Unknown Product (CVE-2021-44497) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, can cause the bounds of a for loop to be miscalculated, which leads to a use after free condition a pointer is pushed into previously free memory by the loop.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44497 was patched at 2024-05-15

10195. Unknown Vulnerability Type - Unknown Product (CVE-2021-44502) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can control the size of a memset that occurs in calls to util_format in sr_unix/util_output.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44502 was patched at 2024-05-15

10196. Unknown Vulnerability Type - Unknown Product (CVE-2021-44503) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a call to va_arg on an empty variadic parameter list, most likely causing a memory segmentation fault.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44503 was patched at 2024-05-15

10197. Unknown Vulnerability Type - Unknown Product (CVE-2021-44504) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a size variable, stored as an signed int, to equal an extremely large value, which is interpreted as a negative value during a check. This value is then used in a memcpy call on the stack, causing a memory segmentation fault.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44504 was patched at 2024-05-15

10198. Unknown Vulnerability Type - Unknown Product (CVE-2021-44505) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, an attacker can cause a NULL pointer dereference after calls to ZPrint.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44505 was patched at 2024-05-15

10199. Unknown Vulnerability Type - Unknown Product (CVE-2021-44506) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of input validation in calls to do_verify in sr_unix/do_verify.c allows attackers to attempt to jump to a NULL pointer by corrupting a function pointer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44506 was patched at 2024-05-15

10200. Unknown Vulnerability Type - Unknown Product (CVE-2021-44507) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). A lack of parameter validation in calls to memcpy in str_tok in sr_unix/ztimeoutroutines.c allows attackers to attempt to read from a NULL pointer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44507 was patched at 2024-05-15

10201. Unknown Vulnerability Type - Unknown Product (CVE-2021-44509) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause an integer underflow of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c in order to cause a segmentation fault and crash the application.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44509 was patched at 2024-05-15

10202. Unknown Vulnerability Type - Unknown Product (CVE-2021-44510) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in FIS GT.M through V7.0-000 (related to the YottaDB code base). Using crafted input, attackers can cause a calculation of the size of calls to memset in op_fnj3 in sr_port/op_fnj3.c to result in an extremely large value in order to cause a segmentation fault and crash the application.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44510 was patched at 2024-05-15

10203. Unknown Vulnerability Type - Unknown Product (CVE-2021-44541) - Low [95]

Description: {'vulners_cve_data_all': 'A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44541 was patched at 2024-05-15

10204. Unknown Vulnerability Type - Unknown Product (CVE-2021-45101) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon can discover secrets that could allow them to control other users' jobs and/or read their data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45101 was patched at 2024-05-15

10205. Unknown Vulnerability Type - Unknown Product (CVE-2021-45985) - Low [95]

Description: {'vulners_cve_data_all': 'In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45985 was patched at 2024-05-15

10206. Unknown Vulnerability Type - Unknown Product (CVE-2021-46170) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in JerryScript commit a6ab5e9. There is an Use-After-Free in lexer_compare_identifier_to_string in js-lexer.c file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46170 was patched at 2024-05-15

10207. Unknown Vulnerability Type - Unknown Product (CVE-2022-0240) - Low [95]

Description: {'vulners_cve_data_all': 'mruby is vulnerable to NULL Pointer Dereference', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-0240 was patched at 2024-05-15

10208. Unknown Vulnerability Type - Unknown Product (CVE-2022-0481) - Low [95]

Description: {'vulners_cve_data_all': 'NULL Pointer Dereference in Homebrew mruby prior to 3.2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-0481 was patched at 2024-05-15

10209. Unknown Vulnerability Type - Unknown Product (CVE-2022-1341) - Low [95]

Description: {'vulners_cve_data_all': 'An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write exists in get_cmdln_options() function in src/options.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1341 was patched at 2024-05-15

10210. Unknown Vulnerability Type - Unknown Product (CVE-2022-21689) - Low [95]

Description: {'vulners_cve_data_all': 'OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions the receive mode limits concurrent uploads to 100 per second and blocks other uploads in the same second, which can be triggered by a simple script. An adversary with access to the receive mode can block file upload for others. There is no way to block this attack in public mode due to the anonymity properties of the tor network.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-21689 was patched at 2024-05-15

10211. Unknown Vulnerability Type - Unknown Product (CVE-2022-22888) - Low [95]

Description: {'vulners_cve_data_all': 'Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_op_object_find_own in /ecma/operations/ecma-objects.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-22888 was patched at 2024-05-15

10212. Unknown Vulnerability Type - Unknown Product (CVE-2022-22893) - Low [95]

Description: {'vulners_cve_data_all': 'Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_loop.lto_priv.304 in /jerry-core/vm/vm.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-22893 was patched at 2024-05-15

10213. Unknown Vulnerability Type - Unknown Product (CVE-2022-22894) - Low [95]

Description: {'vulners_cve_data_all': 'Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_lcache_lookup in /jerry-core/ecma/base/ecma-lcache.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-22894 was patched at 2024-05-15

10214. Unknown Vulnerability Type - Unknown Product (CVE-2022-22895) - Low [95]

Description: {'vulners_cve_data_all': 'Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecma_utf8_string_to_number_by_radix in /jerry-core/ecma/base/ecma-helpers-conversion.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-22895 was patched at 2024-05-15

10215. Unknown Vulnerability Type - Unknown Product (CVE-2022-2327) - Low [95]

Description: {'vulners_cve_data_all': 'io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2327 was patched at 2024-05-15

10216. Unknown Vulnerability Type - Unknown Product (CVE-2022-24106) - Low [95]

Description: {'vulners_cve_data_all': 'In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24106 was patched at 2024-05-15

10217. Unknown Vulnerability Type - Unknown Product (CVE-2022-24757) - Low [95]

Description: {'vulners_cve_data_all': 'The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications. Prior to version 1.15.4, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter Server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter Server version 1.15.4 contains a patch for this issue. There are currently no known workarounds.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24757 was patched at 2024-05-15

10218. Unknown Vulnerability Type - Unknown Product (CVE-2022-24771) - Low [95]

Description: {'vulners_cve_data_all': 'Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24771 was patched at 2024-05-15

10219. Unknown Vulnerability Type - Unknown Product (CVE-2022-24772) - Low [95]

Description: {'vulners_cve_data_all': 'Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24772 was patched at 2024-05-15

10220. Unknown Vulnerability Type - Unknown Product (CVE-2022-24986) - Low [95]

Description: {'vulners_cve_data_all': 'KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24986 was patched at 2024-05-15

10221. Unknown Vulnerability Type - Unknown Product (CVE-2022-25834) - Low [95]

Description: {'vulners_cve_data_all': 'In Percona XtraBackup (PXB) through 2.2.24 and 3.x through 8.0.27-19, a crafted filename on the local file system could trigger unexpected command shell execution of arbitrary commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

ubuntu: CVE-2022-25834 was patched at 2024-04-22

10222. Unknown Vulnerability Type - Unknown Product (CVE-2022-27227) - Low [95]

Description: {'vulners_cve_data_all': 'In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-27227 was patched at 2024-05-15

10223. Unknown Vulnerability Type - Unknown Product (CVE-2022-27470) - Low [95]

Description: {'vulners_cve_data_all': 'SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-27470 was patched at 2024-05-15

10224. Unknown Vulnerability Type - Unknown Product (CVE-2022-27940) - Low [95]

Description: {'vulners_cve_data_all': 'tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-27940 was patched at 2024-05-15

10225. Unknown Vulnerability Type - Unknown Product (CVE-2022-27941) - Low [95]

Description: {'vulners_cve_data_all': 'tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-27941 was patched at 2024-05-15

10226. Unknown Vulnerability Type - Unknown Product (CVE-2022-27942) - Low [95]

Description: {'vulners_cve_data_all': 'tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-27942 was patched at 2024-05-15

10227. Unknown Vulnerability Type - Unknown Product (CVE-2022-2832) - Low [95]

Description: {'vulners_cve_data_all': 'A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2832 was patched at 2024-05-15

10228. Unknown Vulnerability Type - Unknown Product (CVE-2022-2833) - Low [95]

Description: {'vulners_cve_data_all': 'Endless Infinite loop in Blender-thumnailing due to logical bugs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2833 was patched at 2024-05-15

10229. Unknown Vulnerability Type - Unknown Product (CVE-2022-29153) - Low [95]

Description: {'vulners_cve_data_all': 'HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-29153 was patched at 2024-05-15

10230. Unknown Vulnerability Type - Unknown Product (CVE-2022-31008) - Low [95]

Description: {'vulners_cve_data_all': 'RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI obfuscation in their worker (link) state. The encryption key used to encrypt the URI was seeded with a predictable secret. This means that in case of certain exceptions related to Shovel and Federation plugins, reasonably easily deobfuscatable data could appear in the node log. Patched versions correctly use a cluster-wide secret for that purpose. This issue has been addressed and Patched versions: `3.10.2`, `3.9.18`, `3.8.32` are available. Users unable to upgrade should disable the Shovel and Federation plugins.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-31008 was patched at 2024-05-15

10231. Unknown Vulnerability Type - Unknown Product (CVE-2022-31033) - Low [95]

Description: {'vulners_cve_data_all': 'The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site. Users are advised to upgrade to Mechanize v2.8.5 or later. There are no known workarounds for this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-31033 was patched at 2024-05-15

10232. Unknown Vulnerability Type - Unknown Product (CVE-2022-32200) - Low [95]

Description: {'vulners_cve_data_all': 'libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-32200 was patched at 2024-05-15

10233. Unknown Vulnerability Type - Unknown Product (CVE-2022-34033) - Low [95]

Description: {'vulners_cve_data_all': 'HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-34033 was patched at 2024-05-15

10234. Unknown Vulnerability Type - Unknown Product (CVE-2022-34035) - Low [95]

Description: {'vulners_cve_data_all': 'HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-34035 was patched at 2024-05-15

10235. Unknown Vulnerability Type - Unknown Product (CVE-2022-34299) - Low [95]

Description: {'vulners_cve_data_all': 'There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-34299 was patched at 2024-05-15

10236. Unknown Vulnerability Type - Unknown Product (CVE-2022-34749) - Low [95]

Description: {'vulners_cve_data_all': 'In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-34749 was patched at 2024-05-15

10237. Unknown Vulnerability Type - Unknown Product (CVE-2022-34927) - Low [95]

Description: {'vulners_cve_data_all': 'MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. This vulnerability is triggered when the program is supplied a crafted XM module file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-34927 was patched at 2024-05-15

10238. Unknown Vulnerability Type - Unknown Product (CVE-2022-38150) - Low [95]

Description: {'vulners_cve_data_all': 'In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-38150 was patched at 2024-05-15

10239. Unknown Vulnerability Type - Unknown Product (CVE-2022-40299) - Low [95]

Description: {'vulners_cve_data_all': 'In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable /tmp pathnames; this CVE Record is not about the lack of a safe temporary-file creation capability in the Singular language.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-40299 was patched at 2024-05-15

10240. Unknown Vulnerability Type - Unknown Product (CVE-2022-40468) - Low [95]

Description: {'vulners_cve_data_all': 'Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-40468 was patched at 2024-05-15

10241. Unknown Vulnerability Type - Unknown Product (CVE-2022-42330) - Low [95]

Description: {'vulners_cve_data_all': 'Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g. for performing a kexec) the libxl based Xen toolstack will normally perform a XS_RELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XS_RELEASE will have the same impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-42330 was patched at 2024-05-15

10242. Unknown Vulnerability Type - Unknown Product (CVE-2022-42335) - Low [95]

Description: {'vulners_cve_data_all': 'x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handling it is possible for a guest with a PCI device passed through to cause the hypervisor to access an arbitrary pointer partially under guest control.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-42335 was patched at 2024-05-15

10243. Unknown Vulnerability Type - Unknown Product (CVE-2022-43281) - Low [95]

Description: {'vulners_cve_data_all': 'wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector<wabt::Type, std::allocator<wabt::Type>>::size() at /bits/stl_vector.h.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-43281 was patched at 2024-05-15

10244. Unknown Vulnerability Type - Unknown Product (CVE-2022-45197) - Low [95]

Description: {'vulners_cve_data_all': 'Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-45197 was patched at 2024-05-15

10245. Unknown Vulnerability Type - Unknown Product (CVE-2022-47069) - Low [95]

Description: {'vulners_cve_data_all': 'p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-47069 was patched at 2024-05-15

10246. Unknown Vulnerability Type - Unknown Product (CVE-2022-48570) - Low [95]

Description: {'vulners_cve_data_all': 'Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-48570 was patched at 2024-05-15

10247. Unknown Vulnerability Type - Unknown Product (CVE-2023-23108) - Low [95]

Description: {'vulners_cve_data_all': 'In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-23108 was patched at 2024-05-15

10248. Unknown Vulnerability Type - Unknown Product (CVE-2023-23109) - Low [95]

Description: {'vulners_cve_data_all': 'In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-23109 was patched at 2024-05-15

10249. Unknown Vulnerability Type - Unknown Product (CVE-2023-2617) - Low [95]

Description: {'vulners_cve_data_all': 'A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-2617 was patched at 2024-05-15

10250. Unknown Vulnerability Type - Unknown Product (CVE-2023-26735) - Low [95]

Description: {'vulners_cve_data_all': 'blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26735 was patched at 2024-05-15

10251. Unknown Vulnerability Type - Unknown Product (CVE-2023-26917) - Low [95]

Description: {'vulners_cve_data_all': 'libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26917 was patched at 2024-05-15

10252. Unknown Vulnerability Type - Unknown Product (CVE-2023-27117) - Low [95]

Description: {'vulners_cve_data_all': 'WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-27117 was patched at 2024-05-15

10253. Unknown Vulnerability Type - Unknown Product (CVE-2023-27781) - Low [95]

Description: {'vulners_cve_data_all': 'jpegoptim v1.5.2 was discovered to contain a heap overflow in the optimize function at jpegoptim.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-27781 was patched at 2024-05-15

10254. Unknown Vulnerability Type - Unknown Product (CVE-2023-2794) - Low [95]

Description: {'vulners_cve_data_all': 'A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_deliver().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-2794 was patched at 2024-05-15

10255. Unknown Vulnerability Type - Unknown Product (CVE-2023-29323) - Low [95]

Description: {'vulners_cve_data_all': 'ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29323 was patched at 2024-05-15

10256. Unknown Vulnerability Type - Unknown Product (CVE-2023-29458) - Low [95]

Description: {'vulners_cve_data_all': 'Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29458 was patched at 2024-05-15

10257. Unknown Vulnerability Type - Unknown Product (CVE-2023-29480) - Low [95]

Description: {'vulners_cve_data_all': 'Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29480 was patched at 2024-05-15

10258. Unknown Vulnerability Type - Unknown Product (CVE-2023-31724) - Low [95]

Description: {'vulners_cve_data_all': 'yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function do_directive at /nasm/nasm-pp.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31724 was patched at 2024-05-15

10259. Unknown Vulnerability Type - Unknown Product (CVE-2023-31906) - Low [95]

Description: {'vulners_cve_data_all': 'Jerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_identifier_to_chars at /jerry-core/parser/js/js-lexer.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31906 was patched at 2024-05-15

10260. Unknown Vulnerability Type - Unknown Product (CVE-2023-31907) - Low [95]

Description: {'vulners_cve_data_all': 'Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-util.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31907 was patched at 2024-05-15

10261. Unknown Vulnerability Type - Unknown Product (CVE-2023-31908) - Low [95]

Description: {'vulners_cve_data_all': 'Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedarray_prototype_sort.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31908 was patched at 2024-05-15

10262. Unknown Vulnerability Type - Unknown Product (CVE-2023-31910) - Low [95]

Description: {'vulners_cve_data_all': 'Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31910 was patched at 2024-05-15

10263. Unknown Vulnerability Type - Unknown Product (CVE-2023-34322) - Low [95]

Description: {'vulners_cve_data_all': 'For migration as well as to work around kernels unaware of L1TF (see\nXSA-273), PV guests may be run in shadow paging mode. Since Xen itself\nneeds to be mapped when PV guests run, Xen and shadowed PV guests run\ndirectly the respective shadow page tables. For 64-bit PV guests this\nmeans running on the shadow of the guest root page table.\n\nIn the course of dealing with shortage of memory in the shadow pool\nassociated with a domain, shadows of page tables may be torn down. This\ntearing down may include the shadow root page table that the CPU in\nquestion is presently running on. While a precaution exists to\nsupposedly prevent the tearing down of the underlying live page table,\nthe time window covered by that precaution isn't large enough.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34322 was patched at 2024-05-15

10264. Unknown Vulnerability Type - Unknown Product (CVE-2023-34326) - Low [95]

Description: {'vulners_cve_data_all': 'The caching invalidation guidelines from the AMD-Vi specification (48882—Rev\n3.07-PUB—Oct 2022) is incorrect on some hardware, as devices will malfunction\n(see stale DMA mappings) if some fields of the DTE are updated but the IOMMU\nTLB is not flushed.\n\nSuch stale DMA mappings can point to memory ranges not owned by the guest, thus\nallowing access to unindented memory regions.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34326 was patched at 2024-05-15

10265. Unknown Vulnerability Type - Unknown Product (CVE-2023-34867) - Low [95]

Description: {'vulners_cve_data_all': 'Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34867 was patched at 2024-05-15

10266. Unknown Vulnerability Type - Unknown Product (CVE-2023-34868) - Low [95]

Description: {'vulners_cve_data_all': 'Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34868 was patched at 2024-05-15

10267. Unknown Vulnerability Type - Unknown Product (CVE-2023-38285) - Low [95]

Description: {'vulners_cve_data_all': 'Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38285 was patched at 2024-05-15

10268. Unknown Vulnerability Type - Unknown Product (CVE-2023-39616) - Low [95]

Description: {'vulners_cve_data_all': 'AOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39616 was patched at 2024-05-15

10269. Unknown Vulnerability Type - Unknown Product (CVE-2023-39914) - Low [95]

Description: {'vulners_cve_data_all': 'NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-39914 was patched at 2024-05-15

10270. Unknown Vulnerability Type - Unknown Product (CVE-2023-41886) - Low [95]

Description: {'vulners_cve_data_all': 'OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-41886 was patched at 2024-05-15

10271. Unknown Vulnerability Type - Unknown Product (CVE-2023-4232) - Low [95]

Description: {'vulners_cve_data_all': 'A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_status_report() function during the SMS decoding. It is assumed that the attack scenario is accessible from a compromised modem, a malicious base station, or just SMS. There is a bound check for this memcpy length in decode_submit(), but it was forgotten in decode_status_report().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-4232 was patched at 2024-05-15

10272. Unknown Vulnerability Type - Unknown Product (CVE-2023-4237) - Low [95]

Description: {'vulners_cve_data_all': 'A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-4237 was patched at 2024-05-15

10273. Unknown Vulnerability Type - Unknown Product (CVE-2023-42805) - Low [95]

Description: {'vulners_cve_data_all': 'quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-42805 was patched at 2024-05-15

10274. Unknown Vulnerability Type - Unknown Product (CVE-2023-44690) - Low [95]

Description: {'vulners_cve_data_all': 'Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-44690 was patched at 2024-05-15

10275. Unknown Vulnerability Type - Unknown Product (CVE-2023-45667) - Low [95]

Description: {'vulners_cve_data_all': 'stb_image is a single file MIT licensed library for processing images.\n\nIf `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45667 was patched at 2024-05-15

10276. Unknown Vulnerability Type - Unknown Product (CVE-2023-46009) - Low [95]

Description: {'vulners_cve_data_all': 'gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46009 was patched at 2024-05-15

10277. Unknown Vulnerability Type - Unknown Product (CVE-2023-46303) - Low [95]

Description: {'vulners_cve_data_all': 'link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46303 was patched at 2024-05-15

10278. Unknown Vulnerability Type - Unknown Product (CVE-2023-46345) - Low [95]

Description: {'vulners_cve_data_all': 'Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46345 was patched at 2024-05-15

10279. Unknown Vulnerability Type - Unknown Product (CVE-2023-50472) - Low [95]

Description: {'vulners_cve_data_all': 'cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50472 was patched at 2024-05-15

ubuntu: CVE-2023-50472 was patched at 2024-05-23

10280. Unknown Vulnerability Type - Unknown Product (CVE-2023-51103) - Low [95]

Description: {'vulners_cve_data_all': 'A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon fz_new_pixmap_from_float_data() of pixmap.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51103 was patched at 2024-05-15

10281. Unknown Vulnerability Type - Unknown Product (CVE-2023-51104) - Low [95]

Description: {'vulners_cve_data_all': 'A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51104 was patched at 2024-05-15

10282. Unknown Vulnerability Type - Unknown Product (CVE-2023-51105) - Low [95]

Description: {'vulners_cve_data_all': 'A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function bmp_decompress_rle4() of load-bmp.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51105 was patched at 2024-05-15

10283. Unknown Vulnerability Type - Unknown Product (CVE-2023-51106) - Low [95]

Description: {'vulners_cve_data_all': 'A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51106 was patched at 2024-05-15

10284. Unknown Vulnerability Type - Unknown Product (CVE-2023-51107) - Low [95]

Description: {'vulners_cve_data_all': 'A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in functon compute_color() of jquant2.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51107 was patched at 2024-05-15

10285. Unknown Vulnerability Type - Unknown Product (CVE-2023-51890) - Low [95]

Description: {'vulners_cve_data_all': 'An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-51890 was patched at 2024-05-15

10286. Unknown Vulnerability Type - Unknown Product (CVE-2023-52354) - Low [95]

Description: {'vulners_cve_data_all': 'chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52354 was patched at 2024-05-15

10287. Unknown Vulnerability Type - Unknown Product (CVE-2024-2002) - Low [95]

Description: {'vulners_cve_data_all': 'A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-2002 was patched at 2024-05-15

10288. Unknown Vulnerability Type - Unknown Product (CVE-2024-25445) - Low [95]

Description: {'vulners_cve_data_all': 'Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25445 was patched at 2024-05-15

10289. Unknown Vulnerability Type - Unknown Product (CVE-2024-28870) - Low [95]

Description: {'vulners_cve_data_all': 'Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in alert records. This issue has been patched in versions 6.0.17 and 7.0.4.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28870 was patched at 2024-05-15

10290. Unknown Vulnerability Type - Unknown Product (CVE-2024-30258) - Low [95]

Description: {'vulners_cve_data_all': 'FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed `RTPS` packet, the subscriber crashes when creating `pthread`. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 8.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-30258 was patched at 2024-05-15

10291. Unknown Vulnerability Type - Unknown Product (CVE-2024-3574) - Low [95]

Description: {'vulners_cve_data_all': 'In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across domains. The exposure of the Authorization header to unauthorized actors could potentially allow for account hijacking.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3574 was patched at 2024-05-15

10292. Unknown Vulnerability Type - Unknown Product (CVE-2024-4068) - Low [95]

Description: {'vulners_cve_data_all': 'The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.810CVSS Base Score is 7.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-4068 was patched at 2024-05-15

10293. Unknown Vulnerability Type - Git (CVE-2024-22412) - Low [90]

Description: {'vulners_cve_data_all': 'ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the role based access controls and the policies being enforced on roles. In affected versions, the query cache only respects separate users, however this is not documented and not expected behavior. People relying on ClickHouse roles can have their access control lists bypassed if they are using query caching. Attackers who have control of a role could guess queries and see data they shouldn't have access to. Version 24.1 of ClickHouse and version 24.0.2.54535 of ClickHouse Cloud contain a patch for this issue. Based on the documentation, role based access control should be enforced regardless if query caching is enabled or not.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414Git
CVSS Base Score0.210CVSS Base Score is 2.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22412 was patched at 2024-05-15

10294. Incorrect Calculation - Unknown Product (CVE-2024-31031) - Low [89]

Description: {'vulners_cve_data_all': 'An issue in `coap_pdu.c` in libcoap 4.3.4 allows attackers to cause undefined behavior via a sequence of messages leading to unsigned integer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31031 was patched at 2024-05-15

10295. Incorrect Calculation - Unknown Product (CVE-2024-34402) - Low [89]

Description: {'vulners_cve_data_all': 'An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Incorrect Calculation
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-34402 was patched at 2024-05-15

10296. Memory Corruption - Unknown Product (CVE-2023-26793) - Low [89]

Description: {'vulners_cve_data_all': 'libmodbus v3.1.10 has a heap-based buffer overflow vulnerability in read_io_status function in src/modbus.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26793 was patched at 2024-05-15

10297. Memory Corruption - Unknown Product (CVE-2024-26540) - Low [89]

Description: {'vulners_cve_data_all': 'A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_load_analyze.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26540 was patched at 2024-05-15

10298. Memory Corruption - Unknown Product (CVE-2024-26609) - Low [89]

Description: {'vulners_cve_data_all': 'Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-26609 was patched at 2024-05-22

oraclelinux: CVE-2024-26609 was patched at 2024-05-02, 2024-05-23

redhat: CVE-2024-26609 was patched at 2024-05-22

10299. Memory Corruption - Unknown Product (CVE-2024-31583) - Low [89]

Description: {'vulners_cve_data_all': 'Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31583 was patched at 2024-05-15

10300. Memory Corruption - Unknown Product (CVE-2024-31584) - Low [89]

Description: {'vulners_cve_data_all': 'Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31584 was patched at 2024-05-15

10301. Memory Corruption - Unknown Product (CVE-2024-32615) - Low [89]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c, caused by the earlier use of an initialized pointer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32615 was patched at 2024-05-15

10302. Memory Corruption - Unknown Product (CVE-2024-32618) - Low [89]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__get_native_type in H5Tnative.c, resulting in the corruption of the instruction pointer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32618 was patched at 2024-05-15

10303. Memory Corruption - Unknown Product (CVE-2024-32619) - Low [89]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T_copy_reopen in H5T.c, resulting in the corruption of the instruction pointer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32619 was patched at 2024-05-15

10304. Memory Corruption - Unknown Product (CVE-2024-32621) - Low [89]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5HG_read in H5HG.c (called from H5VL__native_blob_get in H5VLnative_blob.c), resulting in the corruption of the instruction pointer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32621 was patched at 2024-05-15

10305. Memory Corruption - Unknown Product (CVE-2024-32622) - Low [89]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FL_arr_malloc in H5FL.c (called from H5S_set_extent_simple in H5S.c).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32622 was patched at 2024-05-15

10306. Memory Corruption - Unknown Product (CVE-2024-32623) - Low [89]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5VM_array_fill in H5VM.c (called from H5S_select_elements in H5Spoint.c).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32623 was patched at 2024-05-15

10307. Memory Corruption - Unknown Product (CVE-2024-32624) - Low [89]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__ref_mem_setnull in H5Tref.c (called from H5T__conv_ref in H5Tconv.c), resulting in the corruption of the instruction pointer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32624 was patched at 2024-05-15

10308. Memory Corruption - Unknown Product (CVE-2024-33873) - Low [89]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-33873 was patched at 2024-05-15

10309. Memory Corruption - Unknown Product (CVE-2024-33874) - Low [89]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 has a heap buffer overflow in H5O__mtime_new_encode in H5Omtime.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-33874 was patched at 2024-05-15

10310. Memory Corruption - Unknown Product (CVE-2024-33875) - Low [89]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5O__layout_encode in H5Olayout.c, resulting in the corruption of the instruction pointer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-33875 was patched at 2024-05-15

10311. Memory Corruption - Unknown Product (CVE-2024-33876) - Low [89]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 has a heap buffer overflow in H5S__point_deserialize in H5Spoint.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-33876 was patched at 2024-05-15

10312. Memory Corruption - Unknown Product (CVE-2024-33877) - Low [89]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type0.515Memory Corruption
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-33877 was patched at 2024-05-15

10313. Unknown Vulnerability Type - FRRouting (CVE-2024-31949) - Low [83]

Description: {'vulners_cve_data_all': 'In FRRouting (FRR) through 9.1, an infinite loop can occur when receiving a MP/GR capability as a dynamic capability because malformed data results in a pointer not advancing.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514Free Range Routing or FRRouting or FRR is a network routing software suite running on Unix-like platforms, particularly Linux, Solaris, OpenBSD, FreeBSD and NetBSD
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31949 was patched at 2024-05-15

10314. Unknown Vulnerability Type - TLS (CVE-2024-24783) - Low [83]

Description: {'vulners_cve_data_all': 'Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-24783 was patched at 2024-04-30, 2024-05-07, 2024-05-22, 2024-05-23

debian: CVE-2024-24783 was patched at 2024-05-15

oraclelinux: CVE-2024-24783 was patched at 2024-05-07, 2024-05-29

redhat: CVE-2024-24783 was patched at 2024-04-30, 2024-05-07, 2024-05-22, 2024-05-23

redos: CVE-2024-24783 was patched at 2024-04-22

10315. Unknown Vulnerability Type - TLS (CVE-2024-25714) - Low [83]

Description: {'vulners_cve_data_all': 'In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.514TLS
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25714 was patched at 2024-05-15

10316. Unknown Vulnerability Type - Unknown Product (CVE-2001-1562) - Low [83]

Description: {'vulners_cve_data_all': 'Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2001-1562 was patched at 2024-05-15

10317. Unknown Vulnerability Type - Unknown Product (CVE-2002-0740) - Low [83]

Description: {'vulners_cve_data_all': 'Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0740 was patched at 2024-05-15

10318. Unknown Vulnerability Type - Unknown Product (CVE-2002-0817) - Low [83]

Description: {'vulners_cve_data_all': 'Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0817 was patched at 2024-05-15

10319. Unknown Vulnerability Type - Unknown Product (CVE-2003-0144) - Low [83]

Description: {'vulners_cve_data_all': 'Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0144 was patched at 2024-05-15

10320. Unknown Vulnerability Type - Unknown Product (CVE-2003-0173) - Low [83]

Description: {'vulners_cve_data_all': 'xfsdq in xfsdump does not create quota information files securely, which allows local users to gain root privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0173 was patched at 2024-05-15

10321. Unknown Vulnerability Type - Unknown Product (CVE-2003-0188) - Low [83]

Description: {'vulners_cve_data_all': 'lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0188 was patched at 2024-05-15

10322. Unknown Vulnerability Type - Unknown Product (CVE-2003-0308) - Low [83]

Description: {'vulners_cve_data_all': 'The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0308 was patched at 2024-05-15

10323. Unknown Vulnerability Type - Unknown Product (CVE-2003-0385) - Low [83]

Description: {'vulners_cve_data_all': 'Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allows local users to gain root privileges via a long -language option.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0385 was patched at 2024-05-15

10324. Unknown Vulnerability Type - Unknown Product (CVE-2004-0536) - Low [83]

Description: {'vulners_cve_data_all': 'Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0536 was patched at 2024-05-15

10325. Unknown Vulnerability Type - Unknown Product (CVE-2004-0793) - Low [83]

Description: {'vulners_cve_data_all': 'The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0793 was patched at 2024-05-15

10326. Unknown Vulnerability Type - Unknown Product (CVE-2004-0984) - Low [83]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0984 was patched at 2024-05-15

10327. Unknown Vulnerability Type - Unknown Product (CVE-2004-1138) - Low [83]

Description: {'vulners_cve_data_all': 'VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1138 was patched at 2024-05-15

10328. Unknown Vulnerability Type - Unknown Product (CVE-2004-2148) - Low [83]

Description: {'vulners_cve_data_all': 'Unknown local vulnerability in the "change user" feature of Slava Astashonok Fprobe 1.0.5 and earlier has unknown impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2148 was patched at 2024-05-15

10329. Unknown Vulnerability Type - Unknown Product (CVE-2004-2265) - Low [83]

Description: {'vulners_cve_data_all': 'UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2265 was patched at 2024-05-15

10330. Unknown Vulnerability Type - Unknown Product (CVE-2005-1705) - Low [83]

Description: {'vulners_cve_data_all': 'gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1705 was patched at 2024-05-15

10331. Unknown Vulnerability Type - Unknown Product (CVE-2005-2876) - Low [83]

Description: {'vulners_cve_data_all': 'umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2876 was patched at 2024-05-15

10332. Unknown Vulnerability Type - Unknown Product (CVE-2005-3340) - Low [83]

Description: {'vulners_cve_data_all': 'The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and earlier creates temporary files insecurely, with unknown impact and attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3340 was patched at 2024-05-15

10333. Unknown Vulnerability Type - Unknown Product (CVE-2006-0045) - Low [83]

Description: {'vulners_cve_data_all': 'crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0045 was patched at 2024-05-15

10334. Unknown Vulnerability Type - Unknown Product (CVE-2006-1656) - Low [83]

Description: {'vulners_cve_data_all': 'vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1656 was patched at 2024-05-15

10335. Unknown Vulnerability Type - Unknown Product (CVE-2006-2607) - Low [83]

Description: {'vulners_cve_data_all': 'do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2607 was patched at 2024-05-15

10336. Unknown Vulnerability Type - Unknown Product (CVE-2006-3378) - Low [83]

Description: {'vulners_cve_data_all': 'passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3378 was patched at 2024-05-15

10337. Unknown Vulnerability Type - Unknown Product (CVE-2006-6008) - Low [83]

Description: {'vulners_cve_data_all': 'ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6008 was patched at 2024-05-15

10338. Unknown Vulnerability Type - Unknown Product (CVE-2006-7246) - Low [83]

Description: {'vulners_cve_data_all': 'NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-7246 was patched at 2024-05-15

10339. Unknown Vulnerability Type - Unknown Product (CVE-2007-1745) - Low [83]

Description: {'vulners_cve_data_all': 'The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1745 was patched at 2024-05-15

10340. Unknown Vulnerability Type - Unknown Product (CVE-2007-2766) - Low [83]

Description: {'vulners_cve_data_all': 'lib/backup-methods.sh in Backup Manager before 0.7.6 provides the MySQL password as a plaintext command line argument, which allows local users to obtain this password by listing the process and its arguments, related to lib/backup-methods.sh.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-2766 was patched at 2024-05-15

10341. Unknown Vulnerability Type - Unknown Product (CVE-2007-3912) - Low [83]

Description: {'vulners_cve_data_all': 'checkrestart in debian-goodies before 0.34 allows local users to gain privileges via shell metacharacters in the name of the executable file for a running process.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3912 was patched at 2024-05-15

10342. Unknown Vulnerability Type - Unknown Product (CVE-2007-4398) - Low [83]

Description: {'vulners_cve_data_all': 'Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and (2) xmms.pl 1.1 scripts for WeeChat allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4398 was patched at 2024-05-15

10343. Unknown Vulnerability Type - Unknown Product (CVE-2007-4400) - Low [83]

Description: {'vulners_cve_data_all': 'CRLF injection vulnerability in the included media script in Konversation allows user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences in the name of the song in a .mp3 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4400 was patched at 2024-05-15

10344. Unknown Vulnerability Type - Unknown Product (CVE-2007-5191) - Low [83]

Description: {'vulners_cve_data_all': 'mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5191 was patched at 2024-05-15

10345. Unknown Vulnerability Type - Unknown Product (CVE-2007-5380) - Low [83]

Description: {'vulners_cve_data_all': 'Session fixation vulnerability in Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers to hijack web sessions via unspecified vectors related to "URL-based sessions."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5380 was patched at 2024-05-15

10346. Unknown Vulnerability Type - Unknown Product (CVE-2007-5828) - Low [83]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5828 was patched at 2024-05-15

10347. Unknown Vulnerability Type - Unknown Product (CVE-2007-6077) - Low [83]

Description: {'vulners_cve_data_all': 'The session fixation protection mechanism in cgi_process.rb in Rails 1.2.4, as used in Ruby on Rails, removes the :cookie_only attribute from the DEFAULT_SESSION_OPTIONS constant, which effectively causes cookie_only to be applied only to the first instantiation of CgiRequest, which allows remote attackers to conduct session fixation attacks. NOTE: this is due to an incomplete fix for CVE-2007-5380.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6077 was patched at 2024-05-15

10348. Unknown Vulnerability Type - Unknown Product (CVE-2007-6328) - Low [83]

Description: {'vulners_cve_data_all': 'DOSBox 0.72 and earlier allows local users to obtain access to the filesystem on the host operating system via the mount command. NOTE: the researcher reports a vendor response stating that this is not a security problem', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6328 was patched at 2024-05-15

10349. Unknown Vulnerability Type - Unknown Product (CVE-2008-0008) - Low [83]

Description: {'vulners_cve_data_all': 'The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 build, does not check return values from (1) setresuid, (2) setreuid, (3) setuid, and (4) seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail via attacks such as resource exhaustion.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0008 was patched at 2024-05-15

10350. Unknown Vulnerability Type - Unknown Product (CVE-2008-0162) - Low [83]

Description: {'vulners_cve_data_all': 'misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0162 was patched at 2024-05-15

10351. Unknown Vulnerability Type - Unknown Product (CVE-2008-1570) - Low [83]

Description: {'vulners_cve_data_all': 'Race condition in the create_lockpath function in policyd-weight 0.1.14 beta-16 allows local users to modify or delete arbitrary files by creating the LOCKPATH directory, then modifying it after the symbolic link check occurs. NOTE: this is due to an incomplete fix for CVE-2008-1569.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1570 was patched at 2024-05-15

10352. Unknown Vulnerability Type - Unknown Product (CVE-2008-1637) - Low [83]

Description: {'vulners_cve_data_all': 'PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1637 was patched at 2024-05-15

10353. Unknown Vulnerability Type - Unknown Product (CVE-2008-1845) - Low [83]

Description: {'vulners_cve_data_all': 'The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not flush the tty's I/O when invoking mksh in a new terminal, which allows local users to gain privileges by opening a virtual terminal and entering command sequences, which might later be executed in opportunistic circumstances by a different user who launches mksh and specifies that terminal with the -T option.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1845 was patched at 2024-05-15

10354. Unknown Vulnerability Type - Unknown Product (CVE-2008-3217) - Low [83]

Description: {'vulners_cve_data_all': 'PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing CVE-2008-1637.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3217 was patched at 2024-05-15

10355. Unknown Vulnerability Type - Unknown Product (CVE-2008-3532) - Low [83]

Description: {'vulners_cve_data_all': 'The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3532 was patched at 2024-05-15

10356. Unknown Vulnerability Type - Unknown Product (CVE-2008-3907) - Low [83]

Description: {'vulners_cve_data_all': 'The open-in-browser command in newsbeuter before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a feed URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3907 was patched at 2024-05-15

10357. Unknown Vulnerability Type - Unknown Product (CVE-2008-3927) - Low [83]

Description: {'vulners_cve_data_all': 'genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3927 was patched at 2024-05-15

10358. Unknown Vulnerability Type - Unknown Product (CVE-2008-3970) - Low [83]

Description: {'vulners_cve_data_all': 'pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3970 was patched at 2024-05-15

10359. Unknown Vulnerability Type - Unknown Product (CVE-2008-4078) - Low [83]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4078 was patched at 2024-05-15

10360. Unknown Vulnerability Type - Unknown Product (CVE-2008-4242) - Low [83]

Description: {'vulners_cve_data_all': 'ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4242 was patched at 2024-05-15

10361. Unknown Vulnerability Type - Unknown Product (CVE-2008-4865) - Low [83]

Description: {'vulners_cve_data_all': 'Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4865 was patched at 2024-05-15

10362. Unknown Vulnerability Type - Unknown Product (CVE-2008-4964) - Low [83]

Description: {'vulners_cve_data_all': 'filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary files via a symlink attack on a /tmp/any-##### temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4964 was patched at 2024-05-15

10363. Unknown Vulnerability Type - Unknown Product (CVE-2008-5007) - Low [83]

Description: {'vulners_cve_data_all': 'create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to overwrite or delete arbitrary files via a symlink attack on a (1) /tmp/lazarus.tgz temporary file or a (2) /tmp/lazarus temporary directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5007 was patched at 2024-05-15

10364. Unknown Vulnerability Type - Unknown Product (CVE-2008-5150) - Low [83]

Description: {'vulners_cve_data_all': 'sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-*.#####.log temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5150 was patched at 2024-05-15

10365. Unknown Vulnerability Type - Unknown Product (CVE-2008-5299) - Low [83]

Description: {'vulners_cve_data_all': 'chm2pdf 0.9 allows user-assisted local users to delete arbitrary files via a symlink attack on .chm files in the (1) /tmp/chm2pdf/work or (2) /tmp/chm2pdf/orig temporary directories.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5299 was patched at 2024-05-15

10366. Unknown Vulnerability Type - Unknown Product (CVE-2008-7248) - Low [83]

Description: {'vulners_cve_data_all': 'Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify tokens for requests with certain content types, which allows remote attackers to bypass cross-site request forgery (CSRF) protection for requests to applications that rely on this protection, as demonstrated using text/plain.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7248 was patched at 2024-05-15

10367. Unknown Vulnerability Type - Unknown Product (CVE-2008-7277) - Low [83]

Description: {'vulners_cve_data_all': 'Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7277 was patched at 2024-05-15

10368. Unknown Vulnerability Type - Unknown Product (CVE-2008-7279) - Low [83]

Description: {'vulners_cve_data_all': 'The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7279 was patched at 2024-05-15

10369. Unknown Vulnerability Type - Unknown Product (CVE-2009-1142) - Low [83]

Description: {'vulners_cve_data_all': 'An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1142 was patched at 2024-05-15

10370. Unknown Vulnerability Type - Unknown Product (CVE-2009-1254) - Low [83]

Description: {'vulners_cve_data_all': 'James Stone Tunapie 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a stream URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1254 was patched at 2024-05-15

10371. Unknown Vulnerability Type - Unknown Product (CVE-2009-1299) - Low [83]

Description: {'vulners_cve_data_all': 'The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 and 0.9.19 allows local users to change the ownership and permissions of arbitrary files via a symlink attack on a /tmp/.esd-##### temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1299 was patched at 2024-05-15

10372. Unknown Vulnerability Type - Unknown Product (CVE-2009-1440) - Low [83]

Description: {'vulners_cve_data_all': 'Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule 2.2.4 allows remote attackers to conduct argument injection attacks into a command for mplayer via a crafted filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1440 was patched at 2024-05-15

10373. Unknown Vulnerability Type - Unknown Product (CVE-2009-1757) - Low [83]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1757 was patched at 2024-05-15

10374. Unknown Vulnerability Type - Unknown Product (CVE-2009-2461) - Low [83]

Description: {'vulners_cve_data_all': 'mathtex.cgi in mathTeX, when downloaded before 20090713, does not securely create temporary files, which has unspecified impact and local attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2461 was patched at 2024-05-15

10375. Unknown Vulnerability Type - Unknown Product (CVE-2009-3233) - Low [83]

Description: {'vulners_cve_data_all': 'changetrack 4.3 allows local users to execute arbitrary commands via CRLF sequences and shell metacharacters in a filename in a directory that is checked by changetrack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3233 was patched at 2024-05-15

10376. Unknown Vulnerability Type - Unknown Product (CVE-2009-4079) - Low [83]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and earlier allows remote attackers to hijack the authentication of users for requests that delete a ticket via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4079 was patched at 2024-05-15

10377. Unknown Vulnerability Type - Unknown Product (CVE-2009-5078) - Low [83]

Description: {'vulners_cve_data_all': 'contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5078 was patched at 2024-05-15

10378. Unknown Vulnerability Type - Unknown Product (CVE-2010-0393) - Low [83]

Description: {'vulners_cve_data_all': 'The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0393 was patched at 2024-05-15

10379. Unknown Vulnerability Type - Unknown Product (CVE-2010-0398) - Low [83]

Description: {'vulners_cve_data_all': 'The init script in autokey before 0.61.3-2 allows local attackers to write to arbitrary files via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0398 was patched at 2024-05-15

10380. Unknown Vulnerability Type - Unknown Product (CVE-2010-0438) - Low [83]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0438 was patched at 2024-05-15

10381. Unknown Vulnerability Type - Unknown Product (CVE-2010-1155) - Low [83]

Description: {'vulners_cve_data_all': 'Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1155 was patched at 2024-05-15

10382. Unknown Vulnerability Type - Unknown Product (CVE-2010-2449) - Low [83]

Description: {'vulners_cve_data_all': 'Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2449 was patched at 2024-05-15

10383. Unknown Vulnerability Type - Unknown Product (CVE-2010-2945) - Low [83]

Description: {'vulners_cve_data_all': 'The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2945 was patched at 2024-05-15

10384. Unknown Vulnerability Type - Unknown Product (CVE-2010-3299) - Low [83]

Description: {'vulners_cve_data_all': 'The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3299 was patched at 2024-05-15

10385. Unknown Vulnerability Type - Unknown Product (CVE-2010-3349) - Low [83]

Description: {'vulners_cve_data_all': 'Ardour 2.8.11 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3349 was patched at 2024-05-15

10386. Unknown Vulnerability Type - Unknown Product (CVE-2010-3351) - Low [83]

Description: {'vulners_cve_data_all': 'startBristol in Bristol 0.60.5 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3351 was patched at 2024-05-15

10387. Unknown Vulnerability Type - Unknown Product (CVE-2010-3363) - Low [83]

Description: {'vulners_cve_data_all': 'roarify in roaraudio 0.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3363 was patched at 2024-05-15

10388. Unknown Vulnerability Type - Unknown Product (CVE-2010-3364) - Low [83]

Description: {'vulners_cve_data_all': 'The vips-7.22 script in VIPS 7.22.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3364 was patched at 2024-05-15

10389. Unknown Vulnerability Type - Unknown Product (CVE-2010-3374) - Low [83]

Description: {'vulners_cve_data_all': 'Qt Creator before 2.0.1 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3374 was patched at 2024-05-15

10390. Unknown Vulnerability Type - Unknown Product (CVE-2010-3378) - Low [83]

Description: {'vulners_cve_data_all': 'The (1) scilab, (2) scilab-cli, and (3) scilab-adv-cli scripts in Scilab 5.2.2 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3378 was patched at 2024-05-15

10391. Unknown Vulnerability Type - Unknown Product (CVE-2010-3380) - Low [83]

Description: {'vulners_cve_data_all': 'The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before 2.1.14 place the . (dot) directory in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3380 was patched at 2024-05-15

10392. Unknown Vulnerability Type - Unknown Product (CVE-2010-3381) - Low [83]

Description: {'vulners_cve_data_all': 'The (1) tangerine and (2) tangerine-properties scripts in Tangerine 0.3.2.2 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3381 was patched at 2024-05-15

10393. Unknown Vulnerability Type - Unknown Product (CVE-2010-3384) - Low [83]

Description: {'vulners_cve_data_all': 'The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and (6) nfs2ac scripts in TORCS 1.3.1 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3384 was patched at 2024-05-15

10394. Unknown Vulnerability Type - Unknown Product (CVE-2010-3385) - Low [83]

Description: {'vulners_cve_data_all': 'TuxGuitar 1.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3385 was patched at 2024-05-15

10395. Unknown Vulnerability Type - Unknown Product (CVE-2010-3386) - Low [83]

Description: {'vulners_cve_data_all': 'usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3386 was patched at 2024-05-15

10396. Unknown Vulnerability Type - Unknown Product (CVE-2010-3387) - Low [83]

Description: {'vulners_cve_data_all': 'vdrleaktest in Video Disk Recorder (VDR) 1.6.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: a third party disputes this issue because the script erroneously uses a semicolon in a context where a colon was intended', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3387 was patched at 2024-05-15

10397. Unknown Vulnerability Type - Unknown Product (CVE-2010-3393) - Low [83]

Description: {'vulners_cve_data_all': 'magics-config in Magics++ 2.10.0 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3393 was patched at 2024-05-15

10398. Unknown Vulnerability Type - Unknown Product (CVE-2010-3999) - Low [83]

Description: {'vulners_cve_data_all': 'gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3999 was patched at 2024-05-15

10399. Unknown Vulnerability Type - Unknown Product (CVE-2010-4159) - Low [83]

Description: {'vulners_cve_data_all': 'Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4159 was patched at 2024-05-15

10400. Unknown Vulnerability Type - Unknown Product (CVE-2010-4763) - Low [83]

Description: {'vulners_cve_data_all': 'The ACL-customer-status Ticket Type setting in Open Ticket Request System (OTRS) before 3.0.0-beta1 does not restrict the ticket options after an AJAX reload, which allows remote authenticated users to bypass intended ACL restrictions on the (1) Status, (2) Service, and (3) Queue via selections.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4763 was patched at 2024-05-15

10401. Unknown Vulnerability Type - Unknown Product (CVE-2010-5142) - Low [83]

Description: {'vulners_cve_data_all': 'chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-5142 was patched at 2024-05-15

10402. Unknown Vulnerability Type - Unknown Product (CVE-2011-0402) - Low [83]

Description: {'vulners_cve_data_all': 'dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via a symlink attack on unspecified files in the .pc directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0402 was patched at 2024-05-15

10403. Unknown Vulnerability Type - Unknown Product (CVE-2011-2085) - Low [83]

Description: {'vulners_cve_data_all': 'Multiple cross-site request forgery (CSRF) vulnerabilities in Best Practical Solutions RT before 3.8.12 and 4.x before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2085 was patched at 2024-05-15

10404. Unknown Vulnerability Type - Unknown Product (CVE-2011-3617) - Low [83]

Description: {'vulners_cve_data_all': 'Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3617 was patched at 2024-05-15

10405. Unknown Vulnerability Type - Unknown Product (CVE-2011-3628) - Low [83]

Description: {'vulners_cve_data_all': 'Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.04 LTS, when using certain configurations such as "session optional pam_motd.so", allows local users to gain privileges by modifying the PATH environment variable to reference a malicious command, as demonstrated via uname.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3628 was patched at 2024-05-15

10406. Unknown Vulnerability Type - Unknown Product (CVE-2011-4356) - Low [83]

Description: {'vulners_cve_data_all': 'Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving crafted code that is executed by the worker process.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4356 was patched at 2024-05-15

10407. Unknown Vulnerability Type - Unknown Product (CVE-2011-4460) - Low [83]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4460 was patched at 2024-05-15

10408. Unknown Vulnerability Type - Unknown Product (CVE-2011-4945) - Low [83]

Description: {'vulners_cve_data_all': 'PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4945 was patched at 2024-05-15

10409. Unknown Vulnerability Type - Unknown Product (CVE-2011-5098) - Low [83]

Description: {'vulners_cve_data_all': 'chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the validation key and executing a knife client create command with the --admin option.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-5098 was patched at 2024-05-15

10410. Unknown Vulnerability Type - Unknown Product (CVE-2012-0523) - Low [83]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to sgepasswd.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0523 was patched at 2024-05-15

10411. Unknown Vulnerability Type - Unknown Product (CVE-2012-2085) - Low [83]

Description: {'vulners_cve_data_all': 'The exec_command function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2085 was patched at 2024-05-15

10412. Unknown Vulnerability Type - Unknown Product (CVE-2012-2104) - Low [83]

Description: {'vulners_cve_data_all': 'cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2104 was patched at 2024-05-15

10413. Unknown Vulnerability Type - Unknown Product (CVE-2012-2144) - Low [83]

Description: {'vulners_cve_data_all': 'Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack web sessions via the sessionid cookie.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2144 was patched at 2024-05-15

10414. Unknown Vulnerability Type - Unknown Product (CVE-2012-3384) - Low [83]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3384 was patched at 2024-05-15

10415. Unknown Vulnerability Type - Unknown Product (CVE-2012-4225) - Low [83]

Description: {'vulners_cve_data_all': 'NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows local users to write to arbitrary physical memory locations and gain privileges by modifying the VGA window using /dev/nvidia0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4225 was patched at 2024-05-15

10416. Unknown Vulnerability Type - Unknown Product (CVE-2012-4732) - Low [83]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authentication of users for requests that toggle ticket bookmarks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4732 was patched at 2024-05-15

10417. Unknown Vulnerability Type - Unknown Product (CVE-2013-0208) - Low [83]

Description: {'vulners_cve_data_all': 'The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0208 was patched at 2024-05-15

10418. Unknown Vulnerability Type - Unknown Product (CVE-2013-0347) - Low [83]

Description: {'vulners_cve_data_all': 'The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0347 was patched at 2024-05-15

10419. Unknown Vulnerability Type - Unknown Product (CVE-2013-1790) - Low [83]

Description: {'vulners_cve_data_all': 'poppler/Stream.cc in poppler before 0.22.1 allows context-dependent attackers to have an unspecified impact via vectors that trigger a read of uninitialized memory by the CCITTFaxStream::lookChar function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1790 was patched at 2024-05-15

10420. Unknown Vulnerability Type - Unknown Product (CVE-2013-2208) - Low [83]

Description: {'vulners_cve_data_all': 'tpp 1.3.1 allows remote attackers to execute arbitrary commands via a --exec command in a TPP template file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2208 was patched at 2024-05-15

10421. Unknown Vulnerability Type - Unknown Product (CVE-2013-2233) - Low [83]

Description: {'vulners_cve_data_all': 'Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2233 was patched at 2024-05-15

10422. Unknown Vulnerability Type - Unknown Product (CVE-2013-2625) - Low [83]

Description: {'vulners_cve_data_all': 'An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2625 was patched at 2024-05-15

10423. Unknown Vulnerability Type - Unknown Product (CVE-2013-4422) - Low [83]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \\ (backslash) in a message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4422 was patched at 2024-05-15

10424. Unknown Vulnerability Type - Unknown Product (CVE-2013-5987) - Low [83]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-5987 was patched at 2024-05-15

10425. Unknown Vulnerability Type - Unknown Product (CVE-2013-6825) - Low [83]

Description: {'vulners_cve_data_all': '(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6825 was patched at 2024-05-15

10426. Unknown Vulnerability Type - Unknown Product (CVE-2014-2576) - Low [83]

Description: {'vulners_cve_data_all': 'plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2576 was patched at 2024-05-15

10427. Unknown Vulnerability Type - Unknown Product (CVE-2014-5272) - Low [83]

Description: {'vulners_cve_data_all': 'libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5272 was patched at 2024-05-15

10428. Unknown Vulnerability Type - Unknown Product (CVE-2014-8417) - Low [83]

Description: {'vulners_cve_data_all': 'ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 11.6 before 11.6-cert8 allows remote authenticated users to (1) gain privileges via vectors related to an external protocol to the CONFBRIDGE dialplan function or (2) execute arbitrary system commands via a crafted ConfbridgeStartRecord AMI action.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8417 was patched at 2024-05-15

10429. Unknown Vulnerability Type - Unknown Product (CVE-2015-1195) - Low [83]

Description: {'vulners_cve_data_all': 'The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1195 was patched at 2024-05-15

10430. Unknown Vulnerability Type - Unknown Product (CVE-2015-2058) - Low [83]

Description: {'vulners_cve_data_all': 'c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2058 was patched at 2024-05-15

10431. Unknown Vulnerability Type - Unknown Product (CVE-2015-5694) - Low [83]

Description: {'vulners_cve_data_all': 'Designate does not enforce the DNS protocol limit concerning record set sizes', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5694 was patched at 2024-05-15

10432. Unknown Vulnerability Type - Unknown Product (CVE-2016-10205) - Low [83]

Description: {'vulners_cve_data_all': 'Session fixation vulnerability in Zoneminder 1.30 and earlier allows remote attackers to hijack web sessions via the ZMSESSID cookie.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10205 was patched at 2024-05-15

10433. Unknown Vulnerability Type - Unknown Product (CVE-2016-2312) - Low [83]

Description: {'vulners_cve_data_all': 'Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2312 was patched at 2024-05-15

10434. Unknown Vulnerability Type - Unknown Product (CVE-2016-2781) - Low [83]

Description: {'vulners_cve_data_all': 'chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-2781 was patched at 2024-05-15

10435. Unknown Vulnerability Type - Unknown Product (CVE-2016-3066) - Low [83]

Description: {'vulners_cve_data_all': 'The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3066 was patched at 2024-05-15

10436. Unknown Vulnerability Type - Unknown Product (CVE-2016-3890) - Low [83]

Description: {'vulners_cve_data_all': 'The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3890 was patched at 2024-05-15

10437. Unknown Vulnerability Type - Unknown Product (CVE-2016-7965) - Low [83]

Description: {'vulners_cve_data_all': 'DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the baseurl setting as part of the password-reset URL. This can lead to phishing attacks. (A remote unauthenticated attacker can change the URL's hostname via the HTTP Host header.) The vulnerability can be triggered only if the Host header is not part of the web server routing process (e.g., if several domains are served by the same web server).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7965 was patched at 2024-05-15

10438. Unknown Vulnerability Type - Unknown Product (CVE-2016-8659) - Low [83]

Description: {'vulners_cve_data_all': 'Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-8659 was patched at 2024-05-15

10439. Unknown Vulnerability Type - Unknown Product (CVE-2016-9384) - Low [83]

Description: {'vulners_cve_data_all': 'Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9384 was patched at 2024-05-15

10440. Unknown Vulnerability Type - Unknown Product (CVE-2017-15091) - Low [83]

Description: {'vulners_cve_data_all': 'An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15091 was patched at 2024-05-15

10441. Unknown Vulnerability Type - Unknown Product (CVE-2017-16933) - Low [83]

Description: {'vulners_cve_data_all': 'etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16933 was patched at 2024-05-15

10442. Unknown Vulnerability Type - Unknown Product (CVE-2018-1000089) - Low [83]

Description: {'vulners_cve_data_all': 'Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOK_AUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your Django error reports, an attacker could discover your ANYMAIL_WEBHOOK setting and use this to post fabricated or malicious Anymail tracking/inbound events to your app. This vulnerability appears to have been fixed in v1.4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000089 was patched at 2024-05-15

10443. Unknown Vulnerability Type - Unknown Product (CVE-2018-1000636) - Low [83]

Description: {'vulners_cve_data_all': 'JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it seems that the issue has been present since commit 64a340ffeb8809b2b66bbe32fd443a8b79fdd860 contains a CWE-476: NULL Pointer Dereference vulnerability in Triggering undefined behavior at jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c:598 (passing NULL to memcpy as 2nd argument) results in null pointer dereference (segfault) at jerry-core/jmem/jmem-heap.c:463 that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute specially crafted javascript code. This vulnerability appears to have been fixed in after commit 87897849f6879df10e8ad68a41bf8cf507edf710.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000636 was patched at 2024-05-15

10444. Unknown Vulnerability Type - Unknown Product (CVE-2018-1000872) - Low [83]

Description: {'vulners_cve_data_all': 'OpenKMIP PyKMIP version All versions before 0.8.0 contains a CWE 399: Resource Management Errors (similar issue to CVE-2015-5262) vulnerability in PyKMIP server that can result in DOS: the server can be made unavailable by one or more clients opening all of the available sockets. This attack appear to be exploitable via A client or clients open sockets with the server and then never close them. This vulnerability appears to have been fixed in 0.8.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000872 was patched at 2024-05-15

10445. Unknown Vulnerability Type - Unknown Product (CVE-2018-10126) - Low [83]

Description: {'vulners_cve_data_all': 'LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 function in jfdctint.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10126 was patched at 2024-05-15

10446. Unknown Vulnerability Type - Unknown Product (CVE-2018-10920) - Low [83]

Description: {'vulners_cve_data_all': 'Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10920 was patched at 2024-05-15

10447. Unknown Vulnerability Type - Unknown Product (CVE-2018-12466) - Low [83]

Description: {'vulners_cve_data_all': 'openSUSE openbuildservice before 9.2.4 allowed authenticated users to delete packages on specific projects with project links.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12466 was patched at 2024-05-15

10448. Unknown Vulnerability Type - Unknown Product (CVE-2018-12467) - Low [83]

Description: {'vulners_cve_data_all': 'Authorized users of the openbuildservice before 2.9.4 could delete packages by using a malicious request against projects having the OBS:InitializeDevelPackage attribute, a similar issue to CVE-2018-7689.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12467 was patched at 2024-05-15

10449. Unknown Vulnerability Type - Unknown Product (CVE-2018-12563) - Low [83]

Description: {'vulners_cve_data_all': 'An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12563 was patched at 2024-05-15

10450. Unknown Vulnerability Type - Unknown Product (CVE-2018-14774) - Low [83]

Description: {'vulners_cve_data_all': 'An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using HttpCache, the values of the X-Forwarded-Host headers are implicitly set as trusted while this should be forbidden, leading to potential host header injection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14774 was patched at 2024-05-15

10451. Unknown Vulnerability Type - Unknown Product (CVE-2018-15586) - Low [83]

Description: {'vulners_cve_data_all': 'Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-15586 was patched at 2024-05-15

10452. Unknown Vulnerability Type - Unknown Product (CVE-2018-16477) - Low [83]

Description: {'vulners_cve_data_all': 'A bypass vulnerability in Active Storage >= 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the `content-disposition` and `content-type` parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as cookie bombing and specially crafted AppCache manifests, an attacker can gain access to private signed URLs within a specific storage path. This vulnerability has been fixed in version 5.2.1.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16477 was patched at 2024-05-15

10453. Unknown Vulnerability Type - Unknown Product (CVE-2018-18064) - Low [83]

Description: {'vulners_cve_data_all': 'cairo through 1.15.14 has an out-of-bounds stack-memory write during processing of a crafted document by WebKitGTK+ because of the interaction between cairo-rectangular-scan-converter.c (the generate and render_rows functions) and cairo-image-compositor.c (the _cairo_image_spans_and_zero function).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18064 was patched at 2024-05-15

10454. Unknown Vulnerability Type - Unknown Product (CVE-2018-18192) - Low [83]

Description: {'vulners_cve_data_all': 'An issue was discovered in libgig 4.1.0. There is a NULL pointer dereference in the function DLS::File::GetFirstSample() in DLS.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18192 was patched at 2024-05-15

10455. Unknown Vulnerability Type - Unknown Product (CVE-2018-18195) - Low [83]

Description: {'vulners_cve_data_all': 'An issue was discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18195 was patched at 2024-05-15

10456. Unknown Vulnerability Type - Unknown Product (CVE-2018-18246) - Low [83]

Description: {'vulners_cve_data_all': 'Icinga Web 2 before 2.6.2 has CSRF via /icingaweb2/config/moduledisable?name=monitoring to disable the monitoring module, or via /icingaweb2/config/moduleenable?name=setup to enable the setup module.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18246 was patched at 2024-05-15

10457. Unknown Vulnerability Type - Unknown Product (CVE-2018-18836) - Low [83]

Description: {'vulners_cve_data_all': 'An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18836 was patched at 2024-05-15

10458. Unknown Vulnerability Type - Unknown Product (CVE-2018-20797) - Low [83]

Description: {'vulners_cve_data_all': 'An issue was discovered in PoDoFo 0.9.6. There is an attempted excessive memory allocation in PoDoFo::podofo_calloc in base/PdfMemoryManagement.cpp when called from PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder in base/PdfFiltersPrivate.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20797 was patched at 2024-05-15

10459. Unknown Vulnerability Type - Unknown Product (CVE-2018-20800) - Low [83]

Description: {'vulners_cve_data_all': 'An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20800 was patched at 2024-05-15

10460. Unknown Vulnerability Type - Unknown Product (CVE-2018-20860) - Low [83]

Description: {'vulners_cve_data_all': 'libopenmpt before 0.3.13 allows a crash with malformed MED files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20860 was patched at 2024-05-15

10461. Unknown Vulnerability Type - Unknown Product (CVE-2018-20861) - Low [83]

Description: {'vulners_cve_data_all': 'libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20861 was patched at 2024-05-15

10462. Unknown Vulnerability Type - Unknown Product (CVE-2018-3721) - Low [83]

Description: {'vulners_cve_data_all': 'lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-3721 was patched at 2024-05-15

10463. Unknown Vulnerability Type - Unknown Product (CVE-2018-3968) - Low [83]

Description: {'vulners_cve_data_all': 'An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-3968 was patched at 2024-05-15

10464. Unknown Vulnerability Type - Unknown Product (CVE-2018-6542) - Low [83]

Description: {'vulners_cve_data_all': 'In ZZIPlib 0.13.67, there is a bus error (when handling a disk64_trailer seek value) caused by loading of a misaligned address in the zzip_disk_findfirst function of zzip/mmapped.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6542 was patched at 2024-05-15

10465. Unknown Vulnerability Type - Unknown Product (CVE-2018-6558) - Low [83]

Description: {'vulners_cve_data_all': 'The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6558 was patched at 2024-05-15

10466. Unknown Vulnerability Type - Unknown Product (CVE-2018-7688) - Low [83]

Description: {'vulners_cve_data_all': 'A missing permission check in the review handling of openSUSE Open Build Service before 2.9.3 allowed all authenticated users to modify sources in projects where they do not have write permissions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7688 was patched at 2024-05-15

10467. Unknown Vulnerability Type - Unknown Product (CVE-2018-7689) - Low [83]

Description: {'vulners_cve_data_all': 'Lack of permission checks in the InitializeDevelPackage function in openSUSE Open Build Service before 2.9.3 allowed authenticated users to modify packages where they do not have write permissions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-7689 was patched at 2024-05-15

10468. Unknown Vulnerability Type - Unknown Product (CVE-2019-1000016) - Low [83]

Description: {'vulners_cve_data_all': 'FFMPEG version 4.1 contains a CWE-129: Improper Validation of Array Index vulnerability in libavcodec/cbs_av1.c that can result in Denial of service. This attack appears to be exploitable via specially crafted AV1 file has to be provided as input. This vulnerability appears to have been fixed in after commit b97a4b658814b2de8b9f2a3bce491c002d34de31.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1000016 was patched at 2024-05-15

10469. Unknown Vulnerability Type - Unknown Product (CVE-2019-11026) - Low [83]

Description: {'vulners_cve_data_all': 'FontInfoScanner::scanFonts in FontInfo.cc in Poppler 0.75.0 has infinite recursion, leading to a call to the error function in Error.cc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11026 was patched at 2024-05-15

10470. Unknown Vulnerability Type - Unknown Product (CVE-2019-11783) - Low [83]

Description: {'vulners_cve_data_all': 'Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11783 was patched at 2024-05-15

10471. Unknown Vulnerability Type - Unknown Product (CVE-2019-11784) - Low [83]

Description: {'vulners_cve_data_all': 'Improper access control in mail module (notifications) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11784 was patched at 2024-05-15

10472. Unknown Vulnerability Type - Unknown Product (CVE-2019-13103) - Low [83]

Description: {'vulners_cve_data_all': 'A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-13103 was patched at 2024-05-15

10473. Unknown Vulnerability Type - Unknown Product (CVE-2019-14382) - Low [83]

Description: {'vulners_cve_data_all': 'DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14382 was patched at 2024-05-15

10474. Unknown Vulnerability Type - Unknown Product (CVE-2019-14383) - Low [83]

Description: {'vulners_cve_data_all': 'J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14383 was patched at 2024-05-15

10475. Unknown Vulnerability Type - Unknown Product (CVE-2019-14871) - Low [83]

Description: {'vulners_cve_data_all': 'The REENT_CHECK macro (see newlib/libc/include/sys/reent.h) as used by REENT_CHECK_TM, REENT_CHECK_MISC, REENT_CHECK_MP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset (as is the case in production firmware builds).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14871 was patched at 2024-05-15

10476. Unknown Vulnerability Type - Unknown Product (CVE-2019-14872) - Low [83]

Description: {'vulners_cve_data_all': 'The _dtoa_r function of the newlib libc library, prior to version 3.3.0, performs multiple memory allocations without checking their return value. This could result in NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14872 was patched at 2024-05-15

10477. Unknown Vulnerability Type - Unknown Product (CVE-2019-14873) - Low [83]

Description: {'vulners_cve_data_all': 'In the __multadd function of the newlib libc library, prior to versions 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. This will trigger a null pointer dereference bug in case of a memory allocation failure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14873 was patched at 2024-05-15

10478. Unknown Vulnerability Type - Unknown Product (CVE-2019-14874) - Low [83]

Description: {'vulners_cve_data_all': 'In the __i2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _ x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14874 was patched at 2024-05-15

10479. Unknown Vulnerability Type - Unknown Product (CVE-2019-14875) - Low [83]

Description: {'vulners_cve_data_all': 'In the __multiply function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access of _x[0] will trigger a null pointer dereference bug in case of a memory allocation failure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14875 was patched at 2024-05-15

10480. Unknown Vulnerability Type - Unknown Product (CVE-2019-14876) - Low [83]

Description: {'vulners_cve_data_all': 'In the __lshift function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. The access to b1 will trigger a null pointer dereference bug in case of a memory allocation failure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14876 was patched at 2024-05-15

10481. Unknown Vulnerability Type - Unknown Product (CVE-2019-14877) - Low [83]

Description: {'vulners_cve_data_all': 'In the __mdiff function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate big integers, however no check is performed to verify if the allocation succeeded or not. The access to _wds and _sign will trigger a null pointer dereference bug in case of a memory allocation failure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14877 was patched at 2024-05-15

10482. Unknown Vulnerability Type - Unknown Product (CVE-2019-14878) - Low [83]

Description: {'vulners_cve_data_all': 'In the __d2b function of the newlib libc library, all versions prior to 3.3.0 (see newlib/libc/stdlib/mprec.c), Balloc is used to allocate a big integer, however no check is performed to verify if the allocation succeeded or not. Accessing _x will trigger a null pointer dereference bug in case of a memory allocation failure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14878 was patched at 2024-05-15

10483. Unknown Vulnerability Type - Unknown Product (CVE-2019-15297) - Low [83]

Description: {'vulners_cve_data_all': 'res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15297 was patched at 2024-05-15

10484. Unknown Vulnerability Type - Unknown Product (CVE-2019-16166) - Low [83]

Description: {'vulners_cve_data_all': 'GNU cflow through 1.6 has a heap-based buffer over-read in the nexttoken function in parser.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-16166 was patched at 2024-05-15

10485. Unknown Vulnerability Type - Unknown Product (CVE-2019-18797) - Low [83]

Description: {'vulners_cve_data_all': 'LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator()(Sass::Binary_Expression*) in eval.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-18797 was patched at 2024-05-15

10486. Unknown Vulnerability Type - Unknown Product (CVE-2019-18798) - Low [83]

Description: {'vulners_cve_data_all': 'LibSass before 3.6.3 allows a heap-based buffer over-read in Sass::weaveParents in ast_sel_weave.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-18798 was patched at 2024-05-15

10487. Unknown Vulnerability Type - Unknown Product (CVE-2019-18799) - Low [83]

Description: {'vulners_cve_data_all': 'LibSass before 3.6.3 allows a NULL pointer dereference in Sass::Parser::parseCompoundSelector in parser_selectors.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-18799 was patched at 2024-05-15

10488. Unknown Vulnerability Type - Unknown Product (CVE-2019-19118) - Low [83]

Description: {'vulners_cve_data_all': 'Django 2.1 before 2.1.15 and 2.2 before 2.2.8 allows unintended model editing. A Django model admin displaying inline related models, where the user has view-only permissions to a parent model but edit permissions to the inline model, would be presented with an editing UI, allowing POST requests, for updating the inline model. Directly editing the view-only parent model was not possible, but the parent model's save() method was called, triggering potential side effects, and causing pre and post-save signal handlers to be invoked. (To resolve this, the Django admin is adjusted to require edit permissions on the parent model in order for inline models to be editable.)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19118 was patched at 2024-05-15

10489. Unknown Vulnerability Type - Unknown Product (CVE-2019-20017) - Low [83]

Description: {'vulners_cve_data_all': 'A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5 in mat5.c in matio 1.5.17.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20017 was patched at 2024-05-15

10490. Unknown Vulnerability Type - Unknown Product (CVE-2019-20018) - Low [83]

Description: {'vulners_cve_data_all': 'A stack-based buffer over-read was discovered in ReadNextCell in mat5.c in matio 1.5.17.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20018 was patched at 2024-05-15

10491. Unknown Vulnerability Type - Unknown Product (CVE-2019-20019) - Low [83]

Description: {'vulners_cve_data_all': 'An attempted excessive memory allocation was discovered in Mat_VarRead5 in mat5.c in matio 1.5.17.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20019 was patched at 2024-05-15

10492. Unknown Vulnerability Type - Unknown Product (CVE-2019-20020) - Low [83]

Description: {'vulners_cve_data_all': 'A stack-based buffer over-read was discovered in ReadNextStructField in mat5.c in matio 1.5.17.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20020 was patched at 2024-05-15

10493. Unknown Vulnerability Type - Unknown Product (CVE-2019-20022) - Low [83]

Description: {'vulners_cve_data_all': 'An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20022 was patched at 2024-05-15

10494. Unknown Vulnerability Type - Unknown Product (CVE-2019-20198) - Low [83]

Description: {'vulners_cve_data_all': 'An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20198 was patched at 2024-05-15

10495. Unknown Vulnerability Type - Unknown Product (CVE-2019-5601) - Low [83]

Description: {'vulners_cve_data_all': 'In FreeBSD 12.0-STABLE before r347474, 12.0-RELEASE before 12.0-RELEASE-p7, 11.2-STABLE before r347475, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the FFS implementation causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5601 was patched at 2024-05-15

10496. Unknown Vulnerability Type - Unknown Product (CVE-2019-5605) - Low [83]

Description: {'vulners_cve_data_all': 'In FreeBSD 11.3-STABLE before r350217, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, due to insufficient initialization of memory copied to userland in the freebsd32_ioctl interface, small amounts of kernel memory may be disclosed to userland processes. This may allow an attacker to leverage this information to obtain elevated privileges either directly or indirectly.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-5605 was patched at 2024-05-15

10497. Unknown Vulnerability Type - Unknown Product (CVE-2019-6455) - Low [83]

Description: {'vulners_cve_data_all': 'An issue was discovered in GNU Recutils 1.8. There is a double-free problem in the function rec_mset_elem_destroy() in the file rec-mset.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6455 was patched at 2024-05-15

10498. Unknown Vulnerability Type - Unknown Product (CVE-2019-6456) - Low [83]

Description: {'vulners_cve_data_all': 'An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_fex_size() in the file rec-fex.c of librec.a.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6456 was patched at 2024-05-15

10499. Unknown Vulnerability Type - Unknown Product (CVE-2019-6460) - Low [83]

Description: {'vulners_cve_data_all': 'An issue was discovered in GNU Recutils 1.8. There is a NULL pointer dereference in the function rec_field_set_name() in the file rec-field.c in librec.a.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6460 was patched at 2024-05-15

10500. Unknown Vulnerability Type - Unknown Product (CVE-2019-6461) - Low [83]

Description: {'vulners_cve_data_all': 'An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6461 was patched at 2024-05-15

10501. Unknown Vulnerability Type - Unknown Product (CVE-2019-6472) - Low [83]

Description: {'vulners_cve_data_all': 'A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6472 was patched at 2024-05-15

10502. Unknown Vulnerability Type - Unknown Product (CVE-2019-6473) - Low [83]

Description: {'vulners_cve_data_all': 'An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6473 was patched at 2024-05-15

10503. Unknown Vulnerability Type - Unknown Product (CVE-2019-7156) - Low [83]

Description: {'vulners_cve_data_all': 'In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7156 was patched at 2024-05-15

10504. Unknown Vulnerability Type - Unknown Product (CVE-2019-7350) - Low [83]

Description: {'vulners_cve_data_all': 'Session fixation exists in ZoneMinder through 1.32.3, as an attacker can fixate his own session cookies to the next logged-in user, thereby hijacking the victim's account. This occurs because a set of multiple cookies (between 3 and 5) is being generated when a user successfully logs in, and these sets overlap for successive logins.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7350 was patched at 2024-05-15

10505. Unknown Vulnerability Type - Unknown Product (CVE-2019-7351) - Low [83]

Description: {'vulners_cve_data_all': 'Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7351 was patched at 2024-05-15

10506. Unknown Vulnerability Type - Unknown Product (CVE-2019-7704) - Low [83]

Description: {'vulners_cve_data_all': 'wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7704 was patched at 2024-05-15

10507. Unknown Vulnerability Type - Unknown Product (CVE-2020-11880) - Low [83]

Description: {'vulners_cve_data_all': 'An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11880 was patched at 2024-05-15

10508. Unknown Vulnerability Type - Unknown Product (CVE-2020-15309) - Low [83]

Description: {'vulners_cve_data_all': 'An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15309 was patched at 2024-05-15

10509. Unknown Vulnerability Type - Unknown Product (CVE-2020-15693) - Low [83]

Description: {'vulners_cve_data_all': 'In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as httpClient.get or httpClient.post), the User-Agent header value, or custom HTTP header names or values.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15693 was patched at 2024-05-15

10510. Unknown Vulnerability Type - Unknown Product (CVE-2020-19668) - Low [83]

Description: {'vulners_cve_data_all': 'Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-19668 was patched at 2024-05-15

10511. Unknown Vulnerability Type - Unknown Product (CVE-2020-21583) - Low [83]

Description: {'vulners_cve_data_all': 'An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-21583 was patched at 2024-05-15

10512. Unknown Vulnerability Type - Unknown Product (CVE-2020-23922) - Low [83]

Description: {'vulners_cve_data_all': 'An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23922 was patched at 2024-05-15

10513. Unknown Vulnerability Type - Unknown Product (CVE-2020-24344) - Low [83]

Description: {'vulners_cve_data_all': 'JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24344 was patched at 2024-05-15

10514. Unknown Vulnerability Type - Unknown Product (CVE-2020-27742) - Low [83]

Description: {'vulners_cve_data_all': 'An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27742 was patched at 2024-05-15

10515. Unknown Vulnerability Type - Unknown Product (CVE-2020-28053) - Low [83]

Description: {'vulners_cve_data_all': 'HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28053 was patched at 2024-05-15

10516. Unknown Vulnerability Type - Unknown Product (CVE-2020-28498) - Low [83]

Description: {'vulners_cve_data_all': 'The package elliptic before 6.5.4 are vulnerable to Cryptographic Issues via the secp256k1 implementation in elliptic/ec/key.js. There is no check to confirm that the public key point passed into the derive function actually exists on the secp256k1 curve. This results in the potential for the private key used in this implementation to be revealed after a number of ECDH operations are performed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28498 was patched at 2024-05-15

10517. Unknown Vulnerability Type - Unknown Product (CVE-2020-36148) - Low [83]

Description: {'vulners_cve_data_all': 'Incorrect handling of input data in verifyAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36148 was patched at 2024-05-15

10518. Unknown Vulnerability Type - Unknown Product (CVE-2020-36149) - Low [83]

Description: {'vulners_cve_data_all': 'Incorrect handling of input data in changeAttribute function in the libmysofa library 0.5 - 1.1 will lead to NULL pointer dereference and segmentation fault error in case of restrictive memory protection or near NULL pointer overwrite in case of no memory restrictions (e.g. in embedded environments).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36149 was patched at 2024-05-15

10519. Unknown Vulnerability Type - Unknown Product (CVE-2020-4042) - Low [83]

Description: {'vulners_cve_data_all': 'Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-4042 was patched at 2024-05-15

10520. Unknown Vulnerability Type - Unknown Product (CVE-2020-7459) - Low [83]

Description: {'vulners_cve_data_all': 'In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, missing length validation code common to mulitple USB network drivers allows a malicious USB device to write beyond the end of an allocated network packet buffer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7459 was patched at 2024-05-15

10521. Unknown Vulnerability Type - Unknown Product (CVE-2020-7751) - Low [83]

Description: {'vulners_cve_data_all': 'pathval before version 1.1.1 is vulnerable to prototype pollution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7751 was patched at 2024-05-15

10522. Unknown Vulnerability Type - Unknown Product (CVE-2020-8227) - Low [83]

Description: {'vulners_cve_data_all': 'Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-8227 was patched at 2024-05-15

10523. Unknown Vulnerability Type - Unknown Product (CVE-2021-28703) - Low [83]

Description: {'vulners_cve_data_all': 'grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated when a guest switched (back) from v2 to v1. The freeing of such pages requires that the hypervisor know where in the guest these pages were mapped. The hypervisor tracks only one use within guest space, but racing requests from the guest to insert mappings of these pages may result in any of them to become mapped in multiple locations. Upon switching back from v2 to v1, the guest would then retain access to a page that was freed and perhaps re-used for other purposes. This bug was fortuitously fixed by code cleanup in Xen 4.14, and backported to security-supported Xen branches as a prerequisite of the fix for XSA-378.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28703 was patched at 2024-05-15

10524. Unknown Vulnerability Type - Unknown Product (CVE-2021-31855) - Low [83]

Description: {'vulners_cve_data_all': 'KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote server. With a crafted message, a user could be tricked into decrypting an encrypted message and then deleting an attachment attached to this message. If the attacker has access to the messages stored on the email server, then the attacker could read the decrypted content of the encrypted message. This occurs in ViewerPrivate::deleteAttachment in messageviewer/src/viewer/viewer_p.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31855 was patched at 2024-05-15

10525. Unknown Vulnerability Type - Unknown Product (CVE-2021-32796) - Low [83]

Description: {'vulners_cve_data_all': 'xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This issue has been resolved in version 0.7.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32796 was patched at 2024-05-15

10526. Unknown Vulnerability Type - Unknown Product (CVE-2021-3563) - Low [83]

Description: {'vulners_cve_data_all': 'A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3563 was patched at 2024-05-15

10527. Unknown Vulnerability Type - Unknown Product (CVE-2021-3746) - Low [83]

Description: {'vulners_cve_data_all': 'A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability is to system availability. This issue affects libtpms versions before 0.8.5, before 0.7.9 and before 0.6.6.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3746 was patched at 2024-05-15

10528. Unknown Vulnerability Type - Unknown Product (CVE-2021-3801) - Low [83]

Description: {'vulners_cve_data_all': 'prism is vulnerable to Inefficient Regular Expression Complexity', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3801 was patched at 2024-05-15

10529. Unknown Vulnerability Type - Unknown Product (CVE-2021-38698) - Low [83]

Description: {'vulners_cve_data_all': 'HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38698 was patched at 2024-05-15

10530. Unknown Vulnerability Type - Unknown Product (CVE-2021-40262) - Low [83]

Description: {'vulners_cve_data_all': 'A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40262 was patched at 2024-05-15

10531. Unknown Vulnerability Type - Unknown Product (CVE-2021-40264) - Low [83]

Description: {'vulners_cve_data_all': 'NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40264 was patched at 2024-05-15

10532. Unknown Vulnerability Type - Unknown Product (CVE-2021-40266) - Low [83]

Description: {'vulners_cve_data_all': 'FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40266 was patched at 2024-05-15

10533. Unknown Vulnerability Type - Unknown Product (CVE-2021-4287) - Low [83]

Description: {'vulners_cve_data_all': 'A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 is able to address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4287 was patched at 2024-05-15

10534. Unknown Vulnerability Type - Unknown Product (CVE-2021-43861) - Low [83]

Description: {'vulners_cve_data_all': 'Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers' machines. Users should upgrade to version 8.13.8 to receive a patch. There are no known workarounds aside from upgrading.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43861 was patched at 2024-05-15

10535. Unknown Vulnerability Type - Unknown Product (CVE-2021-44512) - Low [83]

Description: {'vulners_cve_data_all': 'World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session symlink in this directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44512 was patched at 2024-05-15

10536. Unknown Vulnerability Type - Unknown Product (CVE-2021-44513) - Low [83]

Description: {'vulners_cve_data_all': 'Insecure creation of temporary directories in tmate-ssh-server 2.3.0 allows a local attacker to compromise the integrity of session handling.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-44513 was patched at 2024-05-15

10537. Unknown Vulnerability Type - Unknown Product (CVE-2021-46700) - Low [83]

Description: {'vulners_cve_data_all': 'In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46700 was patched at 2024-05-15

10538. Unknown Vulnerability Type - Unknown Product (CVE-2022-2308) - Low [83]

Description: {'vulners_cve_data_all': 'A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2308 was patched at 2024-05-15

10539. Unknown Vulnerability Type - Unknown Product (CVE-2022-23132) - Low [83]

Description: {'vulners_cve_data_all': 'During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-23132 was patched at 2024-05-15

10540. Unknown Vulnerability Type - Unknown Product (CVE-2022-23437) - Low [83]

Description: {'vulners_cve_data_all': 'There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, which may sometimes consume system resources for prolonged duration. This vulnerability is present within XercesJ version 2.12.1 and the previous versions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-23437 was patched at 2024-05-15

10541. Unknown Vulnerability Type - Unknown Product (CVE-2022-2447) - Low [83]

Description: {'vulners_cve_data_all': 'A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2447 was patched at 2024-05-15

10542. Unknown Vulnerability Type - Unknown Product (CVE-2022-24687) - Low [83]

Description: {'vulners_cve_data_all': 'HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24687 was patched at 2024-05-15

10543. Unknown Vulnerability Type - Unknown Product (CVE-2022-24737) - Low [83]

Description: {'vulners_cve_data_all': 'HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24737 was patched at 2024-05-15

10544. Unknown Vulnerability Type - Unknown Product (CVE-2022-30295) - Low [83]

Description: {'vulners_cve_data_all': 'uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-30295 was patched at 2024-05-15

10545. Unknown Vulnerability Type - Unknown Product (CVE-2022-32325) - Low [83]

Description: {'vulners_cve_data_all': 'JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-32325 was patched at 2024-05-15

10546. Unknown Vulnerability Type - Unknown Product (CVE-2022-35022) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35022 was patched at 2024-05-15

10547. Unknown Vulnerability Type - Unknown Product (CVE-2022-35023) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a segmentation violation via /lib/x86_64-linux-gnu/libc.so.6+0xbb384.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35023 was patched at 2024-05-15

10548. Unknown Vulnerability Type - Unknown Product (CVE-2022-35024) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35024 was patched at 2024-05-15

10549. Unknown Vulnerability Type - Unknown Product (CVE-2022-35025) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x5266a8.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35025 was patched at 2024-05-15

10550. Unknown Vulnerability Type - Unknown Product (CVE-2022-35026) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbc0b.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35026 was patched at 2024-05-15

10551. Unknown Vulnerability Type - Unknown Product (CVE-2022-35027) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe9a7.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35027 was patched at 2024-05-15

10552. Unknown Vulnerability Type - Unknown Product (CVE-2022-35028) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbbb6.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35028 was patched at 2024-05-15

10553. Unknown Vulnerability Type - Unknown Product (CVE-2022-35029) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35029 was patched at 2024-05-15

10554. Unknown Vulnerability Type - Unknown Product (CVE-2022-35030) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35030 was patched at 2024-05-15

10555. Unknown Vulnerability Type - Unknown Product (CVE-2022-35031) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x703969.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35031 was patched at 2024-05-15

10556. Unknown Vulnerability Type - Unknown Product (CVE-2022-35032) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6b6a8f.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35032 was patched at 2024-05-15

10557. Unknown Vulnerability Type - Unknown Product (CVE-2022-35065) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35065 was patched at 2024-05-15

10558. Unknown Vulnerability Type - Unknown Product (CVE-2022-35469) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a segmentation violation via /x86_64-linux-gnu/libc.so.6+0xbb384.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35469 was patched at 2024-05-15

10559. Unknown Vulnerability Type - Unknown Product (CVE-2022-35472) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a global overflow via /release-x64/otfccdump+0x718693.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35472 was patched at 2024-05-15

10560. Unknown Vulnerability Type - Unknown Product (CVE-2022-35473) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe9a7.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35473 was patched at 2024-05-15

10561. Unknown Vulnerability Type - Unknown Product (CVE-2022-35476) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbc0b.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35476 was patched at 2024-05-15

10562. Unknown Vulnerability Type - Unknown Product (CVE-2022-35477) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35477 was patched at 2024-05-15

10563. Unknown Vulnerability Type - Unknown Product (CVE-2022-35478) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35478 was patched at 2024-05-15

10564. Unknown Vulnerability Type - Unknown Product (CVE-2022-35479) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbbb6.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35479 was patched at 2024-05-15

10565. Unknown Vulnerability Type - Unknown Product (CVE-2022-35481) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35481 was patched at 2024-05-15

10566. Unknown Vulnerability Type - Unknown Product (CVE-2022-35482) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35482 was patched at 2024-05-15

10567. Unknown Vulnerability Type - Unknown Product (CVE-2022-35483) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x5266a8.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35483 was patched at 2024-05-15

10568. Unknown Vulnerability Type - Unknown Product (CVE-2022-35484) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6b6a8f.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35484 was patched at 2024-05-15

10569. Unknown Vulnerability Type - Unknown Product (CVE-2022-35485) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x703969.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35485 was patched at 2024-05-15

10570. Unknown Vulnerability Type - Unknown Product (CVE-2022-35486) - Low [83]

Description: {'vulners_cve_data_all': 'OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35486 was patched at 2024-05-15

10571. Unknown Vulnerability Type - Unknown Product (CVE-2022-4055) - Low [83]

Description: {'vulners_cve_data_all': 'When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-4055 was patched at 2024-05-15

10572. Unknown Vulnerability Type - Unknown Product (CVE-2022-42327) - Low [83]

Description: {'vulners_cve_data_all': 'x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist between two guests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-42327 was patched at 2024-05-15

10573. Unknown Vulnerability Type - Unknown Product (CVE-2023-0475) - Low [83]

Description: {'vulners_cve_data_all': 'HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-0475 was patched at 2024-05-15

10574. Unknown Vulnerability Type - Unknown Product (CVE-2023-22332) - Low [83]

Description: {'vulners_cve_data_all': 'Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22332 was patched at 2024-05-15

10575. Unknown Vulnerability Type - Unknown Product (CVE-2023-28997) - Low [83]

Description: {'vulners_cve_data_all': 'The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-28997 was patched at 2024-05-15

10576. Unknown Vulnerability Type - Unknown Product (CVE-2023-28998) - Low [83]

Description: {'vulners_cve_data_all': 'The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new files.\u200b Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-28998 was patched at 2024-05-15

10577. Unknown Vulnerability Type - Unknown Product (CVE-2023-29000) - Low [83]

Description: {'vulners_cve_data_all': 'The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt files with a key known to the attacker. This issue is fixed in Nextcloud Desktop 3.7.0. No known workarounds are available.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29000 was patched at 2024-05-15

10578. Unknown Vulnerability Type - Unknown Product (CVE-2023-29420) - Low [83]

Description: {'vulners_cve_data_all': 'An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3_decode_block.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29420 was patched at 2024-05-15

10579. Unknown Vulnerability Type - Unknown Product (CVE-2023-33956) - Low [83]

Description: {'vulners_cve_data_all': 'Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to an Insecure direct object reference (IDOR) vulnerability present in the application's URL parameter. This vulnerability enables any user to read files uploaded by any other user, regardless of their privileges or restrictions. By Changing the file_id any user can render all the files where MimeType is image uploaded under **/files** directory regard less of uploaded by any user. This vulnerability poses a significant impact and severity to the application's security. By manipulating the URL parameter, an attacker can access sensitive files that should only be available to authorized users. This includes confidential documents or any other type of file stored within the application. The ability to read these files can lead to various detrimental consequences, such as unauthorized disclosure of sensitive information, privacy breaches, intellectual property theft, or exposure of trade secrets. Additionally, it could result in legal and regulatory implications, reputation damage, financial losses, and potential compromise of user trust. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-33956 was patched at 2024-05-15

10580. Unknown Vulnerability Type - Unknown Product (CVE-2023-33970) - Low [83]

Description: {'vulners_cve_data_all': 'Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a `missing access control` was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or it's a personal project. This could also lead to private/critical information being leaked if such information is in the title. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-33970 was patched at 2024-05-15

10581. Unknown Vulnerability Type - Unknown Product (CVE-2023-3726) - Low [83]

Description: {'vulners_cve_data_all': 'OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-3726 was patched at 2024-05-15

10582. Unknown Vulnerability Type - Unknown Product (CVE-2023-37365) - Low [83]

Description: {'vulners_cve_data_all': 'Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-37365 was patched at 2024-05-15

10583. Unknown Vulnerability Type - Unknown Product (CVE-2023-37769) - Low [83]

Description: {'vulners_cve_data_all': 'stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-37769 was patched at 2024-05-15

10584. Unknown Vulnerability Type - Unknown Product (CVE-2023-45661) - Low [83]

Description: {'vulners_cve_data_all': 'stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45661 was patched at 2024-05-15

10585. Unknown Vulnerability Type - Unknown Product (CVE-2023-46446) - Low [83]

Description: {'vulners_cve_data_all': 'An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46446 was patched at 2024-05-15

10586. Unknown Vulnerability Type - Unknown Product (CVE-2023-48052) - Low [83]

Description: {'vulners_cve_data_all': 'Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 7.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-48052 was patched at 2024-05-15

10587. Unknown Vulnerability Type - Unknown Product (CVE-2023-49295) - Low [83]

Description: {'vulners_cve_data_all': 'quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE frame with a PATH_RESPONSE frame. The attacker can prevent the receiver from sending out (the vast majority of) these PATH_RESPONSE frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. This vulnerability has been patched in versions 0.37.7, 0.38.2 and 0.39.4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49295 was patched at 2024-05-15

10588. Unknown Vulnerability Type - Unknown Product (CVE-2024-1313) - Low [83]

Description: {'vulners_cve_data_all': 'It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/<key> using its view key. This functionality is intended to only be available to individuals with the permission to write/edit to the snapshot in question, but due to a bug in the authorization logic, deletion requests issued by an unprivileged user in a different organization than the snapshot owner are treated as authorized.\n\nGrafana Labs would like to thank Ravid Mazon and Jay Chen of Palo \nAlto Research for discovering and disclosing this vulnerability.\n\nThis issue affects Grafana: from 9.5.0 before 9.5.18, from 10.0.0 before 10.0.13, from 10.1.0 before 10.1.9, from 10.2.0 before 10.2.6, from 10.3.0 before 10.3.5.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-1313 was patched at 2024-04-30, 2024-05-22

oraclelinux: CVE-2024-1313 was patched at 2024-05-07, 2024-05-29

redhat: CVE-2024-1313 was patched at 2024-04-30, 2024-05-22

redos: CVE-2024-1313 was patched at 2024-05-21

10589. Unknown Vulnerability Type - Unknown Product (CVE-2024-28243) - Low [83]

Description: {'vulners_cve_data_all': 'KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28243 was patched at 2024-05-15

10590. Unknown Vulnerability Type - Unknown Product (CVE-2024-28244) - Low [83]

Description: {'vulners_cve_data_all': 'KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\\def` or `\\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX supports an option named maxExpand which aims to prevent infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. Unfortunately, support for "Unicode (sub|super)script characters" allows an attacker to bypass this limit. Each sub/superscript group instantiated a separate Parser with its own limit on macro executions, without inheriting the current count of macro executions from its parent. This has been corrected in KaTeX v0.16.10.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.710CVSS Base Score is 6.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28244 was patched at 2024-05-15

10591. Unknown Vulnerability Type - Unknown Product (CVE-2002-0658) - Low [71]

Description: {'vulners_cve_data_all': 'OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0658 was patched at 2024-05-15

10592. Unknown Vulnerability Type - Unknown Product (CVE-2003-0517) - Low [71]

Description: {'vulners_cve_data_all': 'faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0517 was patched at 2024-05-15

10593. Unknown Vulnerability Type - Unknown Product (CVE-2003-0935) - Low [71]

Description: {'vulners_cve_data_all': 'Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0935 was patched at 2024-05-15

10594. Unknown Vulnerability Type - Unknown Product (CVE-2004-2714) - Low [71]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2714 was patched at 2024-05-15

10595. Unknown Vulnerability Type - Unknown Product (CVE-2005-0406) - Low [71]

Description: {'vulners_cve_data_all': 'A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information that had been removed from the main JPEG image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0406 was patched at 2024-05-15

10596. Unknown Vulnerability Type - Unknown Product (CVE-2005-2147) - Low [71]

Description: {'vulners_cve_data_all': 'Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2147 was patched at 2024-05-15

10597. Unknown Vulnerability Type - Unknown Product (CVE-2006-1058) - Low [71]

Description: {'vulners_cve_data_all': 'BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1058 was patched at 2024-05-15

10598. Unknown Vulnerability Type - Unknown Product (CVE-2006-3412) - Low [71]

Description: {'vulners_cve_data_all': 'Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictions for dirservers, direct connections, or proxy servers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3412 was patched at 2024-05-15

10599. Unknown Vulnerability Type - Unknown Product (CVE-2006-3415) - Low [71]

Description: {'vulners_cve_data_all': 'Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3415 was patched at 2024-05-15

10600. Unknown Vulnerability Type - Unknown Product (CVE-2006-3417) - Low [71]

Description: {'vulners_cve_data_all': 'Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard" (is_guard) systems by directory authorities.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3417 was patched at 2024-05-15

10601. Unknown Vulnerability Type - Unknown Product (CVE-2006-6852) - Low [71]

Description: {'vulners_cve_data_all': 'Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6852 was patched at 2024-05-15

10602. Unknown Vulnerability Type - Unknown Product (CVE-2007-5626) - Low [71]

Description: {'vulners_cve_data_all': 'make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5626 was patched at 2024-05-15

10603. Unknown Vulnerability Type - Unknown Product (CVE-2007-6746) - Low [71]

Description: {'vulners_cve_data_all': 'telepathy-idle before 0.1.15 does not verify (1) that the issuer is a trusted CA, (2) that the server hostname matches a domain name in the subject's Common Name (CN), or (3) the expiration date of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6746 was patched at 2024-05-15

10604. Unknown Vulnerability Type - Unknown Product (CVE-2007-6755) - Low [71]

Description: {'vulners_cve_data_all': 'The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6755 was patched at 2024-05-15

10605. Unknown Vulnerability Type - Unknown Product (CVE-2008-1515) - Low [71]

Description: {'vulners_cve_data_all': 'The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1515 was patched at 2024-05-15

10606. Unknown Vulnerability Type - Unknown Product (CVE-2008-2544) - Low [71]

Description: {'vulners_cve_data_all': 'Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2544 was patched at 2024-05-15

10607. Unknown Vulnerability Type - Unknown Product (CVE-2008-2951) - Low [71]

Description: {'vulners_cve_data_all': 'Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2951 was patched at 2024-05-15

10608. Unknown Vulnerability Type - Unknown Product (CVE-2008-3909) - Low [71]

Description: {'vulners_cve_data_all': 'The administration application in Django 0.91, 0.95, and 0.96 stores unauthenticated HTTP POST requests and processes them after successful authentication occurs, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and delete or modify data via unspecified requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3909 was patched at 2024-05-15

10609. Unknown Vulnerability Type - Unknown Product (CVE-2008-4325) - Low [71]

Description: {'vulners_cve_data_all': 'lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the HTTP request for the Content-Type header in the HTTP response, which allows remote attackers to cause content to be misinterpreted by the browser via a content-type parameter that is inconsistent with the requested object. NOTE: this issue might not be a vulnerability, since it requires attacker access to the repository that is being viewed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4325 was patched at 2024-05-15

10610. Unknown Vulnerability Type - Unknown Product (CVE-2008-7283) - Low [71]

Description: {'vulners_cve_data_all': 'Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7283 was patched at 2024-05-15

10611. Unknown Vulnerability Type - Unknown Product (CVE-2009-0858) - Low [71]

Description: {'vulners_cve_data_all': 'The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-party subdomain served by tinydns and axfrdns, to trigger DNS responses containing arbitrary records via crafted zone data for this subdomain.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0858 was patched at 2024-05-15

10612. Unknown Vulnerability Type - Unknown Product (CVE-2009-2701) - Low [71]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2701 was patched at 2024-05-15

10613. Unknown Vulnerability Type - Unknown Product (CVE-2009-3897) - Low [71]

Description: {'vulners_cve_data_all': 'Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3897 was patched at 2024-05-15

10614. Unknown Vulnerability Type - Unknown Product (CVE-2009-5020) - Low [71]

Description: {'vulners_cve_data_all': 'Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5020 was patched at 2024-05-15

10615. Unknown Vulnerability Type - Unknown Product (CVE-2010-2496) - Low [71]

Description: {'vulners_cve_data_all': 'stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2496 was patched at 2024-05-15

10616. Unknown Vulnerability Type - Unknown Product (CVE-2010-3304) - Low [71]

Description: {'vulners_cve_data_all': 'The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3304 was patched at 2024-05-15

10617. Unknown Vulnerability Type - Unknown Product (CVE-2010-3312) - Low [71]

Description: {'vulners_cve_data_all': 'Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3312 was patched at 2024-05-15

10618. Unknown Vulnerability Type - Unknown Product (CVE-2010-3373) - Low [71]

Description: {'vulners_cve_data_all': 'paxtest handles temporary files insecurely', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3373 was patched at 2024-05-15

10619. Unknown Vulnerability Type - Unknown Product (CVE-2010-3706) - Low [71]

Description: {'vulners_cve_data_all': 'plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3706 was patched at 2024-05-15

10620. Unknown Vulnerability Type - Unknown Product (CVE-2010-3900) - Low [71]

Description: {'vulners_cve_data_all': 'Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before 2.29.91 is used, does not verify X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted server certificate, a related issue to CVE-2010-3312.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3900 was patched at 2024-05-15

10621. Unknown Vulnerability Type - Unknown Product (CVE-2010-4237) - Low [71]

Description: {'vulners_cve_data_all': 'Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4237 was patched at 2024-05-15

10622. Unknown Vulnerability Type - Unknown Product (CVE-2010-4338) - Low [71]

Description: {'vulners_cve_data_all': 'ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify arbitrary files via a symlink attack on temporary files that are generated when Cuneiform is invoked as the OCR engine.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4338 was patched at 2024-05-15

10623. Unknown Vulnerability Type - Unknown Product (CVE-2010-4532) - Low [71]

Description: {'vulners_cve_data_all': 'offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4532 was patched at 2024-05-15

10624. Unknown Vulnerability Type - Unknown Product (CVE-2010-4817) - Low [71]

Description: {'vulners_cve_data_all': 'pithos before 0.3.5 allows overwrite of arbitrary files via symlinks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4817 was patched at 2024-05-15

10625. Unknown Vulnerability Type - Unknown Product (CVE-2011-0721) - Low [71]

Description: {'vulners_cve_data_all': 'Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in shadow 1:4.1.4 allow local users to add new users or groups to /etc/passwd via the GECOS field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-0721 was patched at 2024-05-15

10626. Unknown Vulnerability Type - Unknown Product (CVE-2011-1000) - Low [71]

Description: {'vulners_cve_data_all': 'jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1000 was patched at 2024-05-15

10627. Unknown Vulnerability Type - Unknown Product (CVE-2011-1548) - Low [71]

Description: {'vulners_cve_data_all': 'The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1548 was patched at 2024-05-15

10628. Unknown Vulnerability Type - Unknown Product (CVE-2011-2684) - Low [71]

Description: {'vulners_cve_data_all': 'foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, 20110722dfsg-1 as packaged in Debian unstable, and 20090908dfsg-5.1+squeeze0 as packaged in Debian squeeze create temporary files insecurely, which allows local users to write over arbitrary files via a symlink attack on /tmp/foo2zjs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2684 was patched at 2024-05-15

10629. Unknown Vulnerability Type - Unknown Product (CVE-2011-2923) - Low [71]

Description: {'vulners_cve_data_all': 'foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2923 was patched at 2024-05-15

10630. Unknown Vulnerability Type - Unknown Product (CVE-2011-2924) - Low [71]

Description: {'vulners_cve_data_all': 'foomatic-rip filter v4.0.12 and prior used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges of the user running the foomatic-rip universal print filter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2924 was patched at 2024-05-15

10631. Unknown Vulnerability Type - Unknown Product (CVE-2011-3127) - Low [71]

Description: {'vulners_cve_data_all': 'WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent rendering for (1) admin or (2) login pages inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3127 was patched at 2024-05-15

10632. Unknown Vulnerability Type - Unknown Product (CVE-2011-3870) - Low [71]

Description: {'vulners_cve_data_all': 'Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3870 was patched at 2024-05-15

10633. Unknown Vulnerability Type - Unknown Product (CVE-2011-3871) - Low [71]

Description: {'vulners_cve_data_all': 'Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3871 was patched at 2024-05-15

10634. Unknown Vulnerability Type - Unknown Product (CVE-2011-4076) - Low [71]

Description: {'vulners_cve_data_all': 'OpenStack Nova before 2012.1 allows someone with access to an EC2_ACCESS_KEY (equivalent to a username) to obtain the EC2_SECRET_KEY (equivalent to a password). Exposing the EC2_ACCESS_KEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2_SECRET_KEY. An attacker could also presumably brute force values for EC2_ACCESS_KEY.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4076 was patched at 2024-05-15

10635. Unknown Vulnerability Type - Unknown Product (CVE-2011-4136) - Low [71]

Description: {'vulners_cve_data_all': 'django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4136 was patched at 2024-05-15

10636. Unknown Vulnerability Type - Unknown Product (CVE-2011-4358) - Low [71]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect confidentiality and integrity, related to JSF.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4358 was patched at 2024-05-15

10637. Unknown Vulnerability Type - Unknown Product (CVE-2011-5097) - Low [71]

Description: {'vulners_cve_data_all': 'chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to (1) upload cookbooks via a knife cookbook upload command or (2) delete cookbooks via a knife cookbook delete command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-5097 was patched at 2024-05-15

10638. Unknown Vulnerability Type - Unknown Product (CVE-2011-5271) - Low [71]

Description: {'vulners_cve_data_all': 'Pacemaker before 1.1.6 configure script creates temporary files insecurely', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-5271 was patched at 2024-05-15

10639. Unknown Vulnerability Type - Unknown Product (CVE-2012-0842) - Low [71]

Description: {'vulners_cve_data_all': 'surf: cookie jar has read access from other local user', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0842 was patched at 2024-05-15

10640. Unknown Vulnerability Type - Unknown Product (CVE-2012-0844) - Low [71]

Description: {'vulners_cve_data_all': 'Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0844 was patched at 2024-05-15

10641. Unknown Vulnerability Type - Unknown Product (CVE-2012-1191) - Low [71]

Description: {'vulners_cve_data_all': 'The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1191 was patched at 2024-05-15

10642. Unknown Vulnerability Type - Unknown Product (CVE-2012-1988) - Low [71]

Description: {'vulners_cve_data_all': 'Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1988 was patched at 2024-05-15

10643. Unknown Vulnerability Type - Unknown Product (CVE-2012-3446) - Low [71]

Description: {'vulners_cve_data_all': 'Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3446 was patched at 2024-05-15

10644. Unknown Vulnerability Type - Unknown Product (CVE-2012-3525) - Low [71]

Description: {'vulners_cve_data_all': 's2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Authorization Response.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3525 was patched at 2024-05-15

10645. Unknown Vulnerability Type - Unknown Product (CVE-2012-3540) - Low [71]

Description: {'vulners_cve_data_all': 'Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by mistake.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3540 was patched at 2024-05-15

10646. Unknown Vulnerability Type - Unknown Product (CVE-2012-4455) - Low [71]

Description: {'vulners_cve_data_all': 'openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4455 was patched at 2024-05-15

10647. Unknown Vulnerability Type - Unknown Product (CVE-2012-4573) - Low [71]

Description: {'vulners_cve_data_all': 'The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4573 was patched at 2024-05-15

10648. Unknown Vulnerability Type - Unknown Product (CVE-2012-4737) - Low [71]

Description: {'vulners_cve_data_all': 'channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4737 was patched at 2024-05-15

10649. Unknown Vulnerability Type - Unknown Product (CVE-2012-5482) - Low [71]

Description: {'vulners_cve_data_all': 'The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5482 was patched at 2024-05-15

10650. Unknown Vulnerability Type - Unknown Product (CVE-2012-5662) - Low [71]

Description: {'vulners_cve_data_all': 'x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5662 was patched at 2024-05-15

10651. Unknown Vulnerability Type - Unknown Product (CVE-2012-6709) - Low [71]

Description: {'vulners_cve_data_all': 'ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6709 was patched at 2024-05-15

10652. Unknown Vulnerability Type - Unknown Product (CVE-2013-0326) - Low [71]

Description: {'vulners_cve_data_all': 'OpenStack nova base images permissions are world readable', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0326 was patched at 2024-05-15

10653. Unknown Vulnerability Type - Unknown Product (CVE-2013-1429) - Low [71]

Description: {'vulners_cve_data_all': 'Lintian before 2.5.12 allows remote attackers to gather information about the "host" system using crafted symlinks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1429 was patched at 2024-05-15

10654. Unknown Vulnerability Type - Unknown Product (CVE-2013-2059) - Low [71]

Description: {'vulners_cve_data_all': 'OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2059 was patched at 2024-05-15

10655. Unknown Vulnerability Type - Unknown Product (CVE-2013-3718) - Low [71]

Description: {'vulners_cve_data_all': 'evince is missing a check on number of pages which can lead to a segmentation fault', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-3718 was patched at 2024-05-15

10656. Unknown Vulnerability Type - Unknown Product (CVE-2013-4435) - Low [71]

Description: {'vulners_cve_data_all': 'Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4435 was patched at 2024-05-15

10657. Unknown Vulnerability Type - Unknown Product (CVE-2013-4471) - Low [71]

Description: {'vulners_cve_data_all': 'The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4471 was patched at 2024-05-15

10658. Unknown Vulnerability Type - Unknown Product (CVE-2013-6409) - Low [71]

Description: {'vulners_cve_data_all': 'Debian adequate before 0.8.1, when run by root with the --user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6409 was patched at 2024-05-15

10659. Unknown Vulnerability Type - Unknown Product (CVE-2013-6418) - Low [71]

Description: {'vulners_cve_data_all': 'PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6418 was patched at 2024-05-15

10660. Unknown Vulnerability Type - Unknown Product (CVE-2013-6444) - Low [71]

Description: {'vulners_cve_data_all': 'PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6444 was patched at 2024-05-15

10661. Unknown Vulnerability Type - Unknown Product (CVE-2013-7085) - Low [71]

Description: {'vulners_cve_data_all': 'Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows remote attackers to delete arbitrary files via a whitespace character in a filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7085 was patched at 2024-05-15

10662. Unknown Vulnerability Type - Unknown Product (CVE-2014-0071) - Low [71]

Description: {'vulners_cve_data_all': 'PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0071 was patched at 2024-05-15

10663. Unknown Vulnerability Type - Unknown Product (CVE-2014-0104) - Low [71]

Description: {'vulners_cve_data_all': 'In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0104 was patched at 2024-05-15

10664. Unknown Vulnerability Type - Unknown Product (CVE-2014-0162) - Low [71]

Description: {'vulners_cve_data_all': 'The Sheepdog backend in OpenStack Image Registry and Delivery Service (Glance) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote authenticated users with permission to insert or modify an image to execute arbitrary commands via a crafted location.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0162 was patched at 2024-05-15

10665. Unknown Vulnerability Type - Unknown Product (CVE-2014-0350) - Low [71]

Description: {'vulners_cve_data_all': 'The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0350 was patched at 2024-05-15

10666. Unknown Vulnerability Type - Unknown Product (CVE-2014-1685) - Low [71]

Description: {'vulners_cve_data_all': 'The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1685 was patched at 2024-05-15

10667. Unknown Vulnerability Type - Unknown Product (CVE-2014-1985) - Low [71]

Description: {'vulners_cve_data_all': 'Open redirect vulnerability in the redirect_back_or_default function in app/controllers/application_controller.rb in Redmine before 2.4.5 and 2.5.x before 2.5.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the back url (back_url parameter).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1985 was patched at 2024-05-15

10668. Unknown Vulnerability Type - Unknown Product (CVE-2014-2875) - Low [71]

Description: {'vulners_cve_data_all': 'The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NOTE: CVE-2014-10399 and CVE-2014-10400 were SPLIT from this ID.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2875 was patched at 2024-05-15

10669. Unknown Vulnerability Type - Unknown Product (CVE-2014-4658) - Low [71]

Description: {'vulners_cve_data_all': 'The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4658 was patched at 2024-05-15

10670. Unknown Vulnerability Type - Unknown Product (CVE-2014-4659) - Low [71]

Description: {'vulners_cve_data_all': 'Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "deb http://user:pass@server:port/" format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4659 was patched at 2024-05-15

10671. Unknown Vulnerability Type - Unknown Product (CVE-2014-4660) - Low [71]

Description: {'vulners_cve_data_all': 'Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by leveraging existence of a file that uses the "deb http://user:pass@server:port/" format.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-4660 was patched at 2024-05-15

10672. Unknown Vulnerability Type - Unknown Product (CVE-2014-8242) - Low [71]

Description: {'vulners_cve_data_all': 'librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-8242 was patched at 2024-05-15

10673. Unknown Vulnerability Type - Unknown Product (CVE-2014-9493) - Low [71]

Description: {'vulners_cve_data_all': 'The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9493 was patched at 2024-05-15

10674. Unknown Vulnerability Type - Unknown Product (CVE-2015-8234) - Low [71]

Description: {'vulners_cve_data_all': 'The image signature algorithm in OpenStack Glance 11.0.0 allows remote attackers to bypass the signature verification process via a crafted image, which triggers an MD5 collision.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8234 was patched at 2024-05-15

10675. Unknown Vulnerability Type - Unknown Product (CVE-2015-8621) - Low [71]

Description: {'vulners_cve_data_all': 't-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8621 was patched at 2024-05-15

10676. Unknown Vulnerability Type - Unknown Product (CVE-2015-8697) - Low [71]

Description: {'vulners_cve_data_all': 'stalin 0.11-5 allows local users to write to arbitrary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8697 was patched at 2024-05-15

10677. Unknown Vulnerability Type - Unknown Product (CVE-2016-1000107) - Low [71]

Description: {'vulners_cve_data_all': 'inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1000107 was patched at 2024-05-15

10678. Unknown Vulnerability Type - Unknown Product (CVE-2016-1000108) - Low [71]

Description: {'vulners_cve_data_all': 'yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1000108 was patched at 2024-05-15

10679. Unknown Vulnerability Type - Unknown Product (CVE-2016-10351) - Low [71]

Description: {'vulners_cve_data_all': 'Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10351 was patched at 2024-05-15

10680. Unknown Vulnerability Type - Unknown Product (CVE-2016-10531) - Low [71]

Description: {'vulners_cve_data_all': 'marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10531 was patched at 2024-05-15

10681. Unknown Vulnerability Type - Unknown Product (CVE-2016-3176) - Low [71]

Description: {'vulners_cve_data_all': 'Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external authentication is enabled, allows attackers to bypass the configured authentication service by passing an alternate service with a command sent to LocalClient.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3176 was patched at 2024-05-15

10682. Unknown Vulnerability Type - Unknown Product (CVE-2016-3992) - Low [71]

Description: {'vulners_cve_data_all': 'cronic before 3 allows local users to write to arbitrary files via a symlink attack on a (1) cronic.out.$$, (2) cronic.err.$$, or (3) cronic.trace.$$ file in /tmp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-3992 was patched at 2024-05-15

10683. Unknown Vulnerability Type - Unknown Product (CVE-2016-4855) - Low [71]

Description: {'vulners_cve_data_all': 'Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4855 was patched at 2024-05-15

ubuntu: CVE-2016-4855 was patched at 2024-06-10

10684. Unknown Vulnerability Type - Unknown Product (CVE-2016-5117) - Low [71]

Description: {'vulners_cve_data_all': 'OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-5117 was patched at 2024-05-15

10685. Unknown Vulnerability Type - Unknown Product (CVE-2016-7151) - Low [71]

Description: {'vulners_cve_data_all': 'Capstone 3.0.4 has an out-of-bounds vulnerability (SEGV caused by a read memory access) in X86_insn_reg_intel in arch/X86/X86Mapping.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7151 was patched at 2024-05-15

10686. Unknown Vulnerability Type - Unknown Product (CVE-2016-7409) - Low [71]

Description: {'vulners_cve_data_all': 'The dbclient and server in Dropbear SSH before 2016.74, when compiled with DEBUG_TRACE, allows local users to read process memory via the -v argument, related to a failed remote ident.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7409 was patched at 2024-05-15

10687. Unknown Vulnerability Type - Unknown Product (CVE-2016-7438) - Low [71]

Description: {'vulners_cve_data_all': 'The C software implementation of ECC in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7438 was patched at 2024-05-15

10688. Unknown Vulnerability Type - Unknown Product (CVE-2016-7439) - Low [71]

Description: {'vulners_cve_data_all': 'The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7439 was patched at 2024-05-15

10689. Unknown Vulnerability Type - Unknown Product (CVE-2017-1000382) - Low [71]

Description: {'vulners_cve_data_all': 'VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1000382 was patched at 2024-05-15

10690. Unknown Vulnerability Type - Unknown Product (CVE-2017-12164) - Low [71]

Description: {'vulners_cve_data_all': 'A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12164 was patched at 2024-05-15

10691. Unknown Vulnerability Type - Unknown Product (CVE-2017-12912) - Low [71]

Description: {'vulners_cve_data_all': 'The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-12912 was patched at 2024-05-15

10692. Unknown Vulnerability Type - Unknown Product (CVE-2017-14724) - Low [71]

Description: {'vulners_cve_data_all': 'Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14724 was patched at 2024-05-15

10693. Unknown Vulnerability Type - Unknown Product (CVE-2017-14927) - Low [71]

Description: {'vulners_cve_data_all': 'In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-14927 was patched at 2024-05-15

10694. Unknown Vulnerability Type - Unknown Product (CVE-2017-15092) - Low [71]

Description: {'vulners_cve_data_all': 'A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15092 was patched at 2024-05-15

10695. Unknown Vulnerability Type - Unknown Product (CVE-2017-16010) - Low [71]

Description: {'vulners_cve_data_all': 'i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not. This vulnerability affects i18next 2.0.0 and later.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16010 was patched at 2024-05-15

10696. Unknown Vulnerability Type - Unknown Product (CVE-2017-16026) - Low [71]

Description: {'vulners_cve_data_all': 'Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16026 was patched at 2024-05-15

10697. Unknown Vulnerability Type - Unknown Product (CVE-2017-16229) - Low [71]

Description: {'vulners_cve_data_all': 'In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based buffer over-read in the read_from_str function in sax_buf.c when a crafted input is supplied to sax_parse.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-16229 was patched at 2024-05-15

10698. Unknown Vulnerability Type - Unknown Product (CVE-2017-18226) - Low [71]

Description: {'vulners_cve_data_all': 'The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-18226 was patched at 2024-05-15

10699. Unknown Vulnerability Type - Unknown Product (CVE-2017-2661) - Low [71]

Description: {'vulners_cve_data_all': 'ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-2661 was patched at 2024-05-15

10700. Unknown Vulnerability Type - Unknown Product (CVE-2017-5592) - Low [71]

Description: {'vulners_cve_data_all': 'An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for profanity (0.4.7 - 0.5.0).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5592 was patched at 2024-05-15

10701. Unknown Vulnerability Type - Unknown Product (CVE-2017-5604) - Low [71]

Description: {'vulners_cve_data_all': 'An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for mcabber 1.0.0 - 1.0.4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-5604 was patched at 2024-05-15

10702. Unknown Vulnerability Type - Unknown Product (CVE-2017-6076) - Low [71]

Description: {'vulners_cve_data_all': 'In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes it easier to extract RSA key information for a malicious user who has access to view cache on a machine.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-6076 was patched at 2024-05-15

10703. Unknown Vulnerability Type - Unknown Product (CVE-2017-7418) - Low [71]

Description: {'vulners_cve_data_all': 'ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the home directory of a user could contain a symbolic link through the AllowChrootSymlinks configuration option, but checks only the last path component when enforcing AllowChrootSymlinks. Attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. The threat model includes an attacker who is not granted full filesystem access by a hosting provider, but can reconfigure the home directory of an FTP user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-7418 was patched at 2024-05-15

10704. Unknown Vulnerability Type - Unknown Product (CVE-2017-9778) - Low [71]

Description: {'vulners_cve_data_all': 'GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length field in a DWARF section. A malformed section in an ELF binary or a core file can cause GDB to repeatedly allocate memory until a process limit is reached. This can, for example, impede efforts to analyze malware with GDB.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9778 was patched at 2024-05-15

10705. Unknown Vulnerability Type - Unknown Product (CVE-2018-1000205) - Low [71]

Description: {'vulners_cve_data_all': 'U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000205 was patched at 2024-05-15

10706. Unknown Vulnerability Type - Unknown Product (CVE-2018-1000886) - Low [71]

Description: {'vulners_cve_data_all': 'nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1000886 was patched at 2024-05-15

10707. Unknown Vulnerability Type - Unknown Product (CVE-2018-10016) - Low [71]

Description: {'vulners_cve_data_all': 'Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10016 was patched at 2024-05-15

10708. Unknown Vulnerability Type - Unknown Product (CVE-2018-10101) - Low [71]

Description: {'vulners_cve_data_all': 'Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10101 was patched at 2024-05-15

10709. Unknown Vulnerability Type - Unknown Product (CVE-2018-11762) - Low [71]

Description: {'vulners_cve_data_all': 'In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-11762 was patched at 2024-05-15

10710. Unknown Vulnerability Type - Unknown Product (CVE-2018-12435) - Low [71]

Description: {'vulners_cve_data_all': 'Botan 2.5.0 through 2.6.0 before 2.7.0 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP, related to dsa/dsa.cpp, ec_group/ec_group.cpp, and ecdsa/ecdsa.cpp. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12435 was patched at 2024-05-15

10711. Unknown Vulnerability Type - Unknown Product (CVE-2018-1338) - Low [71]

Description: {'vulners_cve_data_all': 'A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's BPGParser in versions of Apache Tika before 1.18.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1338 was patched at 2024-05-15

10712. Unknown Vulnerability Type - Unknown Product (CVE-2018-1339) - Low [71]

Description: {'vulners_cve_data_all': 'A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1339 was patched at 2024-05-15

10713. Unknown Vulnerability Type - Unknown Product (CVE-2018-14332) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user opens a malformed mp3 file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14332 was patched at 2024-05-15

10714. Unknown Vulnerability Type - Unknown Product (CVE-2018-14663) - Low [71]

Description: {'vulners_cve_data_all': 'An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist. This is an issue when dnsdist is deployed as a DNS Firewall and used to filter some records that should not be received by the backend. This issue occurs only when either the 'useClientSubnet' or the experimental 'addXPF' parameters are used when declaring a new backend.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14663 was patched at 2024-05-15

10715. Unknown Vulnerability Type - Unknown Product (CVE-2018-16382) - Low [71]

Description: {'vulners_cve_data_all': 'Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16382 was patched at 2024-05-15

10716. Unknown Vulnerability Type - Unknown Product (CVE-2018-17155) - Low [71]

Description: {'vulners_cve_data_all': 'In FreeBSD before 11.2-STABLE(r338983), 11.2-RELEASE-p4, 11.1-RELEASE-p15, 10.4-STABLE(r338984), and 10.4-RELEASE-p13, due to insufficient initialization of memory copied to userland in the getcontext and swapcontext system calls, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts privileged kernel data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17155 was patched at 2024-05-15

10717. Unknown Vulnerability Type - Unknown Product (CVE-2018-17883) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-17883 was patched at 2024-05-15

10718. Unknown Vulnerability Type - Unknown Product (CVE-2018-18837) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in Netdata 1.10.0. HTTP Header Injection exists via the api/v1/data filename parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18837 was patched at 2024-05-15

10719. Unknown Vulnerability Type - Unknown Product (CVE-2018-19777) - Low [71]

Description: {'vulners_cve_data_all': 'In Artifex MuPDF 1.14.0, there is an infinite loop in the function svg_dev_end_tile in fitz/svg-device.c, as demonstrated by mutool.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19777 was patched at 2024-05-15

10720. Unknown Vulnerability Type - Unknown Product (CVE-2018-19974) - Low [71]

Description: {'vulners_cve_data_all': 'In YARA 3.8.1, bytecode in a specially crafted compiled rule can read uninitialized data from VM scratch memory in libyara/exec.c. This can allow attackers to discover addresses in the real stack (not the YARA virtual stack).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19974 was patched at 2024-05-15

10721. Unknown Vulnerability Type - Unknown Product (CVE-2018-19975) - Low [71]

Description: {'vulners_cve_data_all': 'In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OP_COUNT can read a DWORD.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19975 was patched at 2024-05-15

10722. Unknown Vulnerability Type - Unknown Product (CVE-2018-19976) - Low [71]

Description: {'vulners_cve_data_all': 'In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-19976 was patched at 2024-05-15

10723. Unknown Vulnerability Type - Unknown Product (CVE-2018-20187) - Low [71]

Description: {'vulners_cve_data_all': 'A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to derive information about the high bits of the secret key, as the function to derive the public point from the secret scalar uses an unblinded Montgomery ladder whose loop iteration count depends on the bitlength of the secret. This issue affects only key generation, not ECDSA signatures or ECDH key agreement.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-20187 was patched at 2024-05-15

10724. Unknown Vulnerability Type - Unknown Product (CVE-2018-21232) - Low [71]

Description: {'vulners_cve_data_all': 're2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-21232 was patched at 2024-05-15

10725. Unknown Vulnerability Type - Unknown Product (CVE-2018-21269) - Low [71]

Description: {'vulners_cve_data_all': 'checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files because a non-terminal path component can be a symlink.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-21269 was patched at 2024-05-15

10726. Unknown Vulnerability Type - Unknown Product (CVE-2018-6536) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates an icinga2.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for icinga2.pid modification before a root script executes a "kill `cat /pathname/icinga2.pid`" command, as demonstrated by icinga2.init.d.cmake.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6536 was patched at 2024-05-15

10727. Unknown Vulnerability Type - Unknown Product (CVE-2018-6920) - Low [71]

Description: {'vulners_cve_data_all': 'In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6920 was patched at 2024-05-15

10728. Unknown Vulnerability Type - Unknown Product (CVE-2018-6921) - Low [71]

Description: {'vulners_cve_data_all': 'In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-6921 was patched at 2024-05-15

10729. Unknown Vulnerability Type - Unknown Product (CVE-2018-8017) - Low [71]

Description: {'vulners_cve_data_all': 'In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-8017 was patched at 2024-05-15

10730. Unknown Vulnerability Type - Unknown Product (CVE-2019-10723) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in PoDoFo 0.9.6. The PdfPagesTreeCache class in doc/PdfPagesTreeCache.cpp has an attempted excessive memory allocation because nInitialSize is not validated.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10723 was patched at 2024-05-15

10731. Unknown Vulnerability Type - Unknown Product (CVE-2019-11024) - Low [71]

Description: {'vulners_cve_data_all': 'The load_pnm function in frompnm.c in libsixel.a in libsixel 1.8.2 has infinite recursion.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11024 was patched at 2024-05-15

10732. Unknown Vulnerability Type - Unknown Product (CVE-2019-11578) - Low [71]

Description: {'vulners_cve_data_all': 'auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-11578 was patched at 2024-05-15

10733. Unknown Vulnerability Type - Unknown Product (CVE-2019-14318) - Low [71]

Description: {'vulners_cve_data_all': 'Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because scalar multiplication in ecp.cpp (prime field curves, small leakage) and algebra.cpp (binary field curves, large leakage) is not constant time and leaks the bit length of the scalar among other information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14318 was patched at 2024-05-15

10734. Unknown Vulnerability Type - Unknown Product (CVE-2019-15608) - Low [71]

Description: {'vulners_cve_data_all': 'The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15608 was patched at 2024-05-15

10735. Unknown Vulnerability Type - Unknown Product (CVE-2019-19727) - Low [71]

Description: {'vulners_cve_data_all': 'SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19727 was patched at 2024-05-15

10736. Unknown Vulnerability Type - Unknown Product (CVE-2019-20021) - Low [71]

Description: {'vulners_cve_data_all': 'A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20021 was patched at 2024-05-15

10737. Unknown Vulnerability Type - Unknown Product (CVE-2019-20053) - Low [71]

Description: {'vulners_cve_data_all': 'An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20053 was patched at 2024-05-15

10738. Unknown Vulnerability Type - Unknown Product (CVE-2019-20334) - Low [71]

Description: {'vulners_cve_data_all': 'In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-20334 was patched at 2024-05-15

10739. Unknown Vulnerability Type - Unknown Product (CVE-2019-3573) - Low [71]

Description: {'vulners_cve_data_all': 'In libsixel v1.8.2, there is an infinite loop in the function sixel_decode_raw_impl() in the file fromsixel.c, as demonstrated by sixel2png.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-3573 was patched at 2024-05-15

10740. Unknown Vulnerability Type - Unknown Product (CVE-2019-6131) - Low [71]

Description: {'vulners_cve_data_all': 'svg-run.c in Artifex MuPDF 1.14.0 has infinite recursion with stack consumption in svg_run_use_symbol, svg_run_element, and svg_run_use, as demonstrated by mutool.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-6131 was patched at 2024-05-15

10741. Unknown Vulnerability Type - Unknown Product (CVE-2019-7313) - Low [71]

Description: {'vulners_cve_data_all': 'www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-7313 was patched at 2024-05-15

10742. Unknown Vulnerability Type - Unknown Product (CVE-2019-9834) - Low [71]

Description: {'vulners_cve_data_all': 'The Netdata web application through 1.13.0 allows remote attackers to inject their own malicious HTML code into an imported snapshot, aka HTML Injection. Successful exploitation will allow attacker-supplied HTML to run in the context of the affected browser, potentially allowing the attacker to steal authentication credentials or to control how the site is rendered to the user. NOTE: the vendor disputes the risk because there is a clear warning next to the button for importing a snapshot', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9834 was patched at 2024-05-15

10743. Unknown Vulnerability Type - Unknown Product (CVE-2020-14002) - Low [71]

Description: {'vulners_cve_data_all': 'PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-14002 was patched at 2024-05-15

10744. Unknown Vulnerability Type - Unknown Product (CVE-2020-15304) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15304 was patched at 2024-05-15

10745. Unknown Vulnerability Type - Unknown Product (CVE-2020-15945) - Low [71]

Description: {'vulners_cve_data_all': 'Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c (e.g., when called by luaG_traceexec) because it incorrectly expects that an oldpc value is always updated upon a return of the flow of control to a function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-15945 was patched at 2024-05-15

10746. Unknown Vulnerability Type - Unknown Product (CVE-2020-23915) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_escape_sequence() in peglib.h has a heap-based buffer over-read.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-23915 was patched at 2024-05-15

10747. Unknown Vulnerability Type - Unknown Product (CVE-2020-24242) - Low [71]

Description: {'vulners_cve_data_all': 'In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24242 was patched at 2024-05-15

10748. Unknown Vulnerability Type - Unknown Product (CVE-2020-25789) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25789 was patched at 2024-05-15

10749. Unknown Vulnerability Type - Unknown Product (CVE-2020-25864) - Low [71]

Description: {'vulners_cve_data_all': 'HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to cross-site scripting. Fixed in 1.9.5, 1.8.10 and 1.7.14.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25864 was patched at 2024-05-15

10750. Unknown Vulnerability Type - Unknown Product (CVE-2020-27797) - Low [71]

Description: {'vulners_cve_data_all': 'An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27797 was patched at 2024-05-15

10751. Unknown Vulnerability Type - Unknown Product (CVE-2020-27798) - Low [71]

Description: {'vulners_cve_data_all': 'An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27798 was patched at 2024-05-15

10752. Unknown Vulnerability Type - Unknown Product (CVE-2020-27802) - Low [71]

Description: {'vulners_cve_data_all': 'An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27802 was patched at 2024-05-15

10753. Unknown Vulnerability Type - Unknown Product (CVE-2020-35904) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in the crossbeam-channel crate before 0.4.4 for Rust. It has incorrect expectations about the relationship between the memory allocation and how many iterator elements there are.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35904 was patched at 2024-05-15

10754. Unknown Vulnerability Type - Unknown Product (CVE-2020-35910) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedMutexGuard unsoundness.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35910 was patched at 2024-05-15

10755. Unknown Vulnerability Type - Unknown Product (CVE-2020-35916) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in the image crate before 0.23.12 for Rust. A Mutable reference has immutable provenance. (In the case of LLVM, the IR may be always correct.)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35916 was patched at 2024-05-15

10756. Unknown Vulnerability Type - Unknown Product (CVE-2020-35919) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in the net2 crate before 0.2.36 for Rust. It has false expectations about the std::net::SocketAddr memory representation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35919 was patched at 2024-05-15

10757. Unknown Vulnerability Type - Unknown Product (CVE-2020-35920) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in the socket2 crate before 0.3.16 for Rust. It has false expectations about the std::net::SocketAddr memory representation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35920 was patched at 2024-05-15

10758. Unknown Vulnerability Type - Unknown Product (CVE-2020-35921) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in the miow crate before 0.3.6 for Rust. It has false expectations about the std::net::SocketAddr memory representation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35921 was patched at 2024-05-15

10759. Unknown Vulnerability Type - Unknown Product (CVE-2020-5216) - Low [71]

Description: {'vulners_cve_data_all': 'In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline. This has been fixed in 6.3.0, 5.2.0, and 3.9.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5216 was patched at 2024-05-15

10760. Unknown Vulnerability Type - Unknown Product (CVE-2020-5217) - Low [71]

Description: {'vulners_cve_data_all': 'In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_security_policy_directives, a semicolon could be injected leading to directive injection. This could be used to e.g. override a script-src directive. Duplicate directives are ignored and the first one wins. The directives in secure_headers are sorted alphabetically so they pretty much all come before script-src. A previously undefined directive would receive a value even if SecureHeaders::OPT_OUT was supplied. The fixed versions will silently convert the semicolons to spaces and emit a deprecation warning when this happens. This will result in innocuous browser console messages if being exploited/accidentally used. In future releases, we will raise application errors resulting in 500s. Depending on what major version you are using, the fixed versions are 6.2.0, 5.1.0, 3.8.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5217 was patched at 2024-05-15

10761. Unknown Vulnerability Type - Unknown Product (CVE-2020-7453) - Low [71]

Description: {'vulners_cve_data_all': 'In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set configuration option "osrelease" may return more bytes with a subsequent jail_get system call allowing a malicious jail superuser with permission to create nested jails to read kernel memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7453 was patched at 2024-05-15

10762. Unknown Vulnerability Type - Unknown Product (CVE-2020-9489) - Low [71]

Description: {'vulners_cve_data_all': 'A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser. Crafted or corrupted files can also cause out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. Apache Tika users should upgrade to 1.24.1 or later. The vulnerabilities in the MP4Parser were partially fixed by upgrading the com.googlecode:isoparser:1.1.22 dependency to org.tallison:isoparser:1.9.41.2. For unrelated security reasons, we upgraded org.apache.cxf to 3.3.6 as part of the 1.24.1 release.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-9489 was patched at 2024-05-15

10763. Unknown Vulnerability Type - Unknown Product (CVE-2021-22004) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\\salt\\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-22004 was patched at 2024-05-15

10764. Unknown Vulnerability Type - Unknown Product (CVE-2021-26906) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in res_pjsip_session.c in Digium Asterisk through 13.38.1; 14.x, 15.x, and 16.x through 16.16.0; 17.x through 17.9.1; and 18.x through 18.2.0, and Certified Asterisk through 16.8-cert5. An SDP negotiation vulnerability in PJSIP allows a remote server to potentially crash Asterisk by sending specific SIP responses that cause an SDP negotiation failure.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-26906 was patched at 2024-05-15

10765. Unknown Vulnerability Type - Unknown Product (CVE-2021-27548) - Low [71]

Description: {'vulners_cve_data_all': 'There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-27548 was patched at 2024-05-15

10766. Unknown Vulnerability Type - Unknown Product (CVE-2021-27807) - Low [71]

Description: {'vulners_cve_data_all': 'A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-27807 was patched at 2024-05-15

10767. Unknown Vulnerability Type - Unknown Product (CVE-2021-27906) - Low [71]

Description: {'vulners_cve_data_all': 'A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior 2.0.x versions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-27906 was patched at 2024-05-15

10768. Unknown Vulnerability Type - Unknown Product (CVE-2021-28657) - Low [71]

Description: {'vulners_cve_data_all': 'A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-28657 was patched at 2024-05-15

10769. Unknown Vulnerability Type - Unknown Product (CVE-2021-29136) - Low [71]

Description: {'vulners_cve_data_all': 'Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29136 was patched at 2024-05-15

10770. Unknown Vulnerability Type - Unknown Product (CVE-2021-30470) - Low [71]

Description: {'vulners_cve_data_all': 'A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call among PdfTokenizer::ReadArray(), PdfTokenizer::GetNextVariant() and PdfTokenizer::ReadDataType() functions can lead to a stack overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30470 was patched at 2024-05-15

10771. Unknown Vulnerability Type - Unknown Product (CVE-2021-30471) - Low [71]

Description: {'vulners_cve_data_all': 'A flaw was found in PoDoFo 0.9.7. An uncontrolled recursive call in PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp can lead to a stack overflow.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-30471 was patched at 2024-05-15

10772. Unknown Vulnerability Type - Unknown Product (CVE-2021-31811) - Low [71]

Description: {'vulners_cve_data_all': 'In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31811 was patched at 2024-05-15

10773. Unknown Vulnerability Type - Unknown Product (CVE-2021-31812) - Low [71]

Description: {'vulners_cve_data_all': 'In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31812 was patched at 2024-05-15

10774. Unknown Vulnerability Type - Unknown Product (CVE-2021-31879) - Low [71]

Description: {'vulners_cve_data_all': 'GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-31879 was patched at 2024-05-15

10775. Unknown Vulnerability Type - Unknown Product (CVE-2021-32850) - Low [71]

Description: {'vulners_cve_data_all': 'jQuery MiniColors is a color picker built on jQuery. Prior to version 2.3.6, jQuery MiniColors is prone to cross-site scripting when handling untrusted color names. This issue is patched in version 2.3.6.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32850 was patched at 2024-05-15

10776. Unknown Vulnerability Type - Unknown Product (CVE-2021-33192) - Low [71]

Description: {'vulners_cve_data_all': 'A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 (inclusive).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33192 was patched at 2024-05-15

10777. Unknown Vulnerability Type - Unknown Product (CVE-2021-33454) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33454 was patched at 2024-05-15

10778. Unknown Vulnerability Type - Unknown Product (CVE-2021-33455) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in do_directive() in modules/preprocs/nasm/nasm-pp.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33455 was patched at 2024-05-15

10779. Unknown Vulnerability Type - Unknown Product (CVE-2021-33456) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in hash() in modules/preprocs/nasm/nasm-pp.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33456 was patched at 2024-05-15

10780. Unknown Vulnerability Type - Unknown Product (CVE-2021-33457) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmac_params() in modules/preprocs/nasm/nasm-pp.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33457 was patched at 2024-05-15

10781. Unknown Vulnerability Type - Unknown Product (CVE-2021-33458) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in find_cc() in modules/preprocs/nasm/nasm-pp.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33458 was patched at 2024-05-15

10782. Unknown Vulnerability Type - Unknown Product (CVE-2021-33459) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33459 was patched at 2024-05-15

10783. Unknown Vulnerability Type - Unknown Product (CVE-2021-33460) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in if_condition() in modules/preprocs/nasm/nasm-pp.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33460 was patched at 2024-05-15

10784. Unknown Vulnerability Type - Unknown Product (CVE-2021-33463) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr__copy_except() in libyasm/expr.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33463 was patched at 2024-05-15

10785. Unknown Vulnerability Type - Unknown Product (CVE-2021-33464) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in yasm version 1.3.0. There is a heap-buffer-overflow in inc_fopen() in modules/preprocs/nasm/nasm-pp.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33464 was patched at 2024-05-15

10786. Unknown Vulnerability Type - Unknown Product (CVE-2021-33465) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33465 was patched at 2024-05-15

10787. Unknown Vulnerability Type - Unknown Product (CVE-2021-33466) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_smacro() in modules/preprocs/nasm/nasm-pp.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33466 was patched at 2024-05-15

10788. Unknown Vulnerability Type - Unknown Product (CVE-2021-34337) - Low [71]

Description: {'vulners_cve_data_all': 'An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-34337 was patched at 2024-05-15

10789. Unknown Vulnerability Type - Unknown Product (CVE-2021-3505) - Low [71]

Description: {'vulners_cve_data_all': 'A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3505 was patched at 2024-05-15

10790. Unknown Vulnerability Type - Unknown Product (CVE-2021-37231) - Low [71]

Description: {'vulners_cve_data_all': 'A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37231 was patched at 2024-05-15

10791. Unknown Vulnerability Type - Unknown Product (CVE-2021-37746) - Low [71]

Description: {'vulners_cve_data_all': 'textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-37746 was patched at 2024-05-15

10792. Unknown Vulnerability Type - Unknown Product (CVE-2021-38597) - Low [71]

Description: {'vulners_cve_data_all': 'wolfSSL before 4.8.1 incorrectly skips OCSP verification in certain situations of irrelevant response data that contains the NoCheck extension.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-38597 was patched at 2024-05-15

10793. Unknown Vulnerability Type - Unknown Product (CVE-2021-39283) - Low [71]

Description: {'vulners_cve_data_all': 'liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-39283 was patched at 2024-05-15

10794. Unknown Vulnerability Type - Unknown Product (CVE-2021-40529) - Low [71]

Description: {'vulners_cve_data_all': 'The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40529 was patched at 2024-05-15

10795. Unknown Vulnerability Type - Unknown Product (CVE-2021-40530) - Low [71]

Description: {'vulners_cve_data_all': 'The ElGamal implementation in Crypto++ through 8.5 allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40530 was patched at 2024-05-15

10796. Unknown Vulnerability Type - Unknown Product (CVE-2021-40648) - Low [71]

Description: {'vulners_cve_data_all': 'In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later on, causing a freeing of an arbitrary amount of memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40648 was patched at 2024-05-15

10797. Unknown Vulnerability Type - Unknown Product (CVE-2021-40823) - Low [71]

Description: {'vulners_cve_data_all': 'A logic error in the room key sharing functionality of matrix-js-sdk (aka Matrix Javascript SDK) before 12.4.1 allows a malicious Matrix homeserver present in an encrypted room to steal room encryption keys (via crafted Matrix protocol messages) that were originally sent by affected Matrix clients participating in that room. This allows the homeserver to decrypt end-to-end encrypted messages sent by affected clients.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-40823 was patched at 2024-05-15

10798. Unknown Vulnerability Type - Unknown Product (CVE-2021-4216) - Low [71]

Description: {'vulners_cve_data_all': 'A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-4216 was patched at 2024-05-15

10799. Unknown Vulnerability Type - Unknown Product (CVE-2021-45256) - Low [71]

Description: {'vulners_cve_data_all': 'A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45256 was patched at 2024-05-15

10800. Unknown Vulnerability Type - Unknown Product (CVE-2021-45257) - Low [71]

Description: {'vulners_cve_data_all': 'An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45257 was patched at 2024-05-15

10801. Unknown Vulnerability Type - Unknown Product (CVE-2021-45386) - Low [71]

Description: {'vulners_cve_data_all': 'tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45386 was patched at 2024-05-15

10802. Unknown Vulnerability Type - Unknown Product (CVE-2021-45387) - Low [71]

Description: {'vulners_cve_data_all': 'tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-45387 was patched at 2024-05-15

10803. Unknown Vulnerability Type - Unknown Product (CVE-2021-46050) - Low [71]

Description: {'vulners_cve_data_all': 'A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46050 was patched at 2024-05-15

10804. Unknown Vulnerability Type - Unknown Product (CVE-2021-46338) - Low [71]

Description: {'vulners_cve_data_all': 'There is an Assertion 'ecma_is_lexical_environment (object_p)' failed at /base/ecma-helpers.c(ecma_get_lex_env_type) in JerryScript 3.0.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46338 was patched at 2024-05-15

10805. Unknown Vulnerability Type - Unknown Product (CVE-2021-46340) - Low [71]

Description: {'vulners_cve_data_all': 'There is an Assertion 'context_p->stack_top_uint8 == SCAN_STACK_TRY_STATEMENT || context_p->stack_top_uint8 == SCAN_STACK_CATCH_STATEMENT' failed at /parser/js/js-scanner.c(scanner_scan_statement_end) in JerryScript 3.0.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46340 was patched at 2024-05-15

10806. Unknown Vulnerability Type - Unknown Product (CVE-2021-46346) - Low [71]

Description: {'vulners_cve_data_all': 'There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustment (date_value)' failed at /jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c(ecma_builtin_date_prototype_dispatch_set):421 in JerryScript 3.0.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46346 was patched at 2024-05-15

10807. Unknown Vulnerability Type - Unknown Product (CVE-2021-46348) - Low [71]

Description: {'vulners_cve_data_all': 'There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' failed at /jerry-core/ecma/base/ecma-literal-storage.c in JerryScript 3.0.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46348 was patched at 2024-05-15

10808. Unknown Vulnerability Type - Unknown Product (CVE-2021-46349) - Low [71]

Description: {'vulners_cve_data_all': 'There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECMA_OBJECT_TYPE_PROXY' failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-46349 was patched at 2024-05-15

10809. Unknown Vulnerability Type - Unknown Product (CVE-2022-0496) - Low [71]

Description: {'vulners_cve_data_all': 'A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-0496 was patched at 2024-05-15

10810. Unknown Vulnerability Type - Unknown Product (CVE-2022-0536) - Low [71]

Description: {'vulners_cve_data_all': 'Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-0536 was patched at 2024-05-15

10811. Unknown Vulnerability Type - Unknown Product (CVE-2022-1325) - Low [71]

Description: {'vulners_cve_data_all': 'A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-1325 was patched at 2024-05-15

10812. Unknown Vulnerability Type - Unknown Product (CVE-2022-22890) - Low [71]

Description: {'vulners_cve_data_all': 'There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT && arguments_type != SCANNER_ARGUMENTS_PRESENT_NO_REG' failed at /jerry-core/parser/js/js-scanner-util.c in Jerryscript 3.0.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-22890 was patched at 2024-05-15

10813. Unknown Vulnerability Type - Unknown Product (CVE-2022-22891) - Low [71]

Description: {'vulners_cve_data_all': 'Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via ecma_ref_object_inline in /jerry-core/ecma/base/ecma-gc.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-22891 was patched at 2024-05-15

10814. Unknown Vulnerability Type - Unknown Product (CVE-2022-22892) - Low [71]

Description: {'vulners_cve_data_all': 'There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_value_null (value) || ecma_is_value_boolean (value) || ecma_is_value_number (value) || ecma_is_value_string (value) || ecma_is_value_bigint (value) || ecma_is_value_symbol (value) || ecma_is_value_object (value)' failed at jerry-core/ecma/base/ecma-helpers-value.c in Jerryscripts 3.0.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-22892 was patched at 2024-05-15

10815. Unknown Vulnerability Type - Unknown Product (CVE-2022-23319) - Low [71]

Description: {'vulners_cve_data_all': 'A segmentation fault during PCF file parsing in pcf2bdf versions >=1.05 allows an attacker to trigger a program crash via a specially crafted PCF font file. This crash affects the availability of the software and dependent downstream components.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-23319 was patched at 2024-05-15

10816. Unknown Vulnerability Type - Unknown Product (CVE-2022-24891) - Low [71]

Description: {'vulners_cve_data_all': 'ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24891 was patched at 2024-05-15

10817. Unknown Vulnerability Type - Unknown Product (CVE-2022-25051) - Low [71]

Description: {'vulners_cve_data_all': 'An Off-by-one Error occurs in cmr113_decode of rtl_433 21.12 when decoding a crafted file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25051 was patched at 2024-05-15

10818. Unknown Vulnerability Type - Unknown Product (CVE-2022-25169) - Low [71]

Description: {'vulners_cve_data_all': 'The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25169 was patched at 2024-05-15

10819. Unknown Vulnerability Type - Unknown Product (CVE-2022-25326) - Low [71]

Description: {'vulners_cve_data_all': 'fscrypt through v0.3.2 creates a world-writable directory by default when setting up a filesystem, allowing unprivileged users to exhaust filesystem space. We recommend upgrading to fscrypt 0.3.3 or above and adjusting the permissions on existing fscrypt metadata directories where applicable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25326 was patched at 2024-05-15

10820. Unknown Vulnerability Type - Unknown Product (CVE-2022-25484) - Low [71]

Description: {'vulners_cve_data_all': 'tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25484 was patched at 2024-05-15

10821. Unknown Vulnerability Type - Unknown Product (CVE-2022-27938) - Low [71]

Description: {'vulners_cve_data_all': 'stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-27938 was patched at 2024-05-15

10822. Unknown Vulnerability Type - Unknown Product (CVE-2022-27939) - Low [71]

Description: {'vulners_cve_data_all': 'tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-27939 was patched at 2024-05-15

10823. Unknown Vulnerability Type - Unknown Product (CVE-2022-27943) - Low [71]

Description: {'vulners_cve_data_all': 'libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-27943 was patched at 2024-05-15

10824. Unknown Vulnerability Type - Unknown Product (CVE-2022-31022) - Low [71]

Description: {'vulners_cve_data_all': 'Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit handling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. There is no patch for this issue because the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-31022 was patched at 2024-05-15

10825. Unknown Vulnerability Type - Unknown Product (CVE-2022-35434) - Low [71]

Description: {'vulners_cve_data_all': 'jpeg-quantsmooth before commit 8879454 contained a floating point exception (FPE) via /jpeg-quantsmooth/jpegqs+0x4f5d6c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-35434 was patched at 2024-05-15

10826. Unknown Vulnerability Type - Unknown Product (CVE-2022-36140) - Low [71]

Description: {'vulners_cve_data_all': 'SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::DeclareFunction2::write(SWF::Writer*, SWF::Context*).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-36140 was patched at 2024-05-15

10827. Unknown Vulnerability Type - Unknown Product (CVE-2022-36141) - Low [71]

Description: {'vulners_cve_data_all': 'SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::MethodBody::write(SWF::Writer*, SWF::Context*).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-36141 was patched at 2024-05-15

10828. Unknown Vulnerability Type - Unknown Product (CVE-2022-36145) - Low [71]

Description: {'vulners_cve_data_all': 'SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::Reader::getWord().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-36145 was patched at 2024-05-15

10829. Unknown Vulnerability Type - Unknown Product (CVE-2022-36146) - Low [71]

Description: {'vulners_cve_data_all': 'SWFMill commit 53d7690 was discovered to contain a memory allocation issue via operator new[](unsigned long) at asan_new_delete.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-36146 was patched at 2024-05-15

10830. Unknown Vulnerability Type - Unknown Product (CVE-2022-36148) - Low [71]

Description: {'vulners_cve_data_all': 'fdkaac commit 53fe239 was discovered to contain a floating point exception (FPE) via wav_open at /src/wav_reader.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-36148 was patched at 2024-05-15

10831. Unknown Vulnerability Type - Unknown Product (CVE-2022-38600) - Low [71]

Description: {'vulners_cve_data_all': 'Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-38600 was patched at 2024-05-15

10832. Unknown Vulnerability Type - Unknown Product (CVE-2022-38853) - Low [71]

Description: {'vulners_cve_data_all': 'Certain The MPlayer Project products are vulnerable to Buffer Overflow via function asf_init_audio_stream() of libmpdemux/asfheader.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-38853 was patched at 2024-05-15

10833. Unknown Vulnerability Type - Unknown Product (CVE-2022-38856) - Low [71]

Description: {'vulners_cve_data_all': 'Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. This affects mplayer SVN-r38374-13.0.1 and mencoder SVN-r38374-13.0.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-38856 was patched at 2024-05-15

10834. Unknown Vulnerability Type - Unknown Product (CVE-2022-39333) - Low [71]

Description: {'vulners_cve_data_all': 'Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-39333 was patched at 2024-05-15

10835. Unknown Vulnerability Type - Unknown Product (CVE-2022-41420) - Low [71]

Description: {'vulners_cve_data_all': 'nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-41420 was patched at 2024-05-15

10836. Unknown Vulnerability Type - Unknown Product (CVE-2022-43283) - Low [71]

Description: {'vulners_cve_data_all': 'wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-43283 was patched at 2024-05-15

10837. Unknown Vulnerability Type - Unknown Product (CVE-2022-44368) - Low [71]

Description: {'vulners_cve_data_all': 'NASM v2.16 was discovered to contain a null pointer deference in the NASM component', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-44368 was patched at 2024-05-15

10838. Unknown Vulnerability Type - Unknown Product (CVE-2022-44369) - Low [71]

Description: {'vulners_cve_data_all': 'NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-44369 was patched at 2024-05-15

10839. Unknown Vulnerability Type - Unknown Product (CVE-2022-46457) - Low [71]

Description: {'vulners_cve_data_all': 'NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-46457 was patched at 2024-05-15

10840. Unknown Vulnerability Type - Unknown Product (CVE-2022-4964) - Low [71]

Description: {'vulners_cve_data_all': 'Ubuntu's pipewire-pulse in snap grants microphone access even when the snap interface for audio-record is not set.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-4964 was patched at 2024-05-15

10841. Unknown Vulnerability Type - Unknown Product (CVE-2023-22899) - Low [71]

Description: {'vulners_cve_data_all': 'Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22899 was patched at 2024-05-15

10842. Unknown Vulnerability Type - Unknown Product (CVE-2023-23942) - Low [71]

Description: {'vulners_cve_data_all': 'The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as `strong`, `em` and `head` lines in the UI of the desktop client. The lack of sanitisation may allow for javascript injection. It is recommended that the Nextcloud Desktop Client is upgraded to 3.6.3. There are no known workarounds for this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-23942 was patched at 2024-05-15

10843. Unknown Vulnerability Type - Unknown Product (CVE-2023-2431) - Low [71]

Description: {'vulners_cve_data_all': 'A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-2431 was patched at 2024-05-15

10844. Unknown Vulnerability Type - Unknown Product (CVE-2023-26302) - Low [71]

Description: {'vulners_cve_data_all': 'Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26302 was patched at 2024-05-15

10845. Unknown Vulnerability Type - Unknown Product (CVE-2023-26303) - Low [71]

Description: {'vulners_cve_data_all': 'Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26303 was patched at 2024-05-15

10846. Unknown Vulnerability Type - Unknown Product (CVE-2023-26924) - Low [71]

Description: {'vulners_cve_data_all': 'LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. NOTE: third parties dispute this because the LLVM security policy excludes "Language front-ends ... for which a malicious input file can cause undesirable behavior."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-26924 was patched at 2024-05-15

10847. Unknown Vulnerability Type - Unknown Product (CVE-2023-27115) - Low [71]

Description: {'vulners_cve_data_all': 'WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-27115 was patched at 2024-05-15

10848. Unknown Vulnerability Type - Unknown Product (CVE-2023-27116) - Low [71]

Description: {'vulners_cve_data_all': 'WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-27116 was patched at 2024-05-15

10849. Unknown Vulnerability Type - Unknown Product (CVE-2023-27119) - Low [71]

Description: {'vulners_cve_data_all': 'WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-27119 was patched at 2024-05-15

10850. Unknown Vulnerability Type - Unknown Product (CVE-2023-29449) - Low [71]

Description: {'vulners_cve_data_all': 'JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access. ', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29449 was patched at 2024-05-15

10851. Unknown Vulnerability Type - Unknown Product (CVE-2023-29452) - Low [71]

Description: {'vulners_cve_data_all': '\nCurrently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29452 was patched at 2024-05-15

10852. Unknown Vulnerability Type - Unknown Product (CVE-2023-29465) - Low [71]

Description: {'vulners_cve_data_all': 'SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world-writable), which (for example) allows a local user to overwrite files with the privileges of a different user (who is running FlintQS).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29465 was patched at 2024-05-15

10853. Unknown Vulnerability Type - Unknown Product (CVE-2023-29579) - Low [71]

Description: {'vulners_cve_data_all': 'yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29579 was patched at 2024-05-15

10854. Unknown Vulnerability Type - Unknown Product (CVE-2023-29580) - Low [71]

Description: {'vulners_cve_data_all': 'yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29580 was patched at 2024-05-15

10855. Unknown Vulnerability Type - Unknown Product (CVE-2023-29581) - Low [71]

Description: {'vulners_cve_data_all': 'yasm 1.3.0.55.g101bc has a segmentation violation in the function delete_Token at modules/preprocs/nasm/nasm-pp.c. NOTE: although a libyasm application could become unavailable if this were exploited, the vendor's position is that there is no security relevance because there is either supposed to be input validation before data reaches libyasm, or a sandbox in which the application runs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29581 was patched at 2024-05-15

10856. Unknown Vulnerability Type - Unknown Product (CVE-2023-29582) - Low [71]

Description: {'vulners_cve_data_all': 'yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29582 was patched at 2024-05-15

10857. Unknown Vulnerability Type - Unknown Product (CVE-2023-29583) - Low [71]

Description: {'vulners_cve_data_all': 'yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29583 was patched at 2024-05-15

10858. Unknown Vulnerability Type - Unknown Product (CVE-2023-29935) - Low [71]

Description: {'vulners_cve_data_all': 'llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29935 was patched at 2024-05-15

10859. Unknown Vulnerability Type - Unknown Product (CVE-2023-29941) - Low [71]

Description: {'vulners_cve_data_all': 'llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29941 was patched at 2024-05-15

10860. Unknown Vulnerability Type - Unknown Product (CVE-2023-29942) - Low [71]

Description: {'vulners_cve_data_all': 'llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-29942 was patched at 2024-05-15

10861. Unknown Vulnerability Type - Unknown Product (CVE-2023-30300) - Low [71]

Description: {'vulners_cve_data_all': 'An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-30300 was patched at 2024-05-15

10862. Unknown Vulnerability Type - Unknown Product (CVE-2023-30402) - Low [71]

Description: {'vulners_cve_data_all': 'YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re. Note: This has been disputed by third parties who argue this is a bug and not a security issue because yasm is a standalone program not designed to run untrusted code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-30402 was patched at 2024-05-15

10863. Unknown Vulnerability Type - Unknown Product (CVE-2023-30406) - Low [71]

Description: {'vulners_cve_data_all': 'Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-30406 was patched at 2024-05-15

10864. Unknown Vulnerability Type - Unknown Product (CVE-2023-30408) - Low [71]

Description: {'vulners_cve_data_all': 'Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-30408 was patched at 2024-05-15

10865. Unknown Vulnerability Type - Unknown Product (CVE-2023-30410) - Low [71]

Description: {'vulners_cve_data_all': 'Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecma_op_function_construct at /operations/ecma-function-object.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-30410 was patched at 2024-05-15

10866. Unknown Vulnerability Type - Unknown Product (CVE-2023-30414) - Low [71]

Description: {'vulners_cve_data_all': 'Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-30414 was patched at 2024-05-15

10867. Unknown Vulnerability Type - Unknown Product (CVE-2023-31669) - Low [71]

Description: {'vulners_cve_data_all': 'WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31669 was patched at 2024-05-15

10868. Unknown Vulnerability Type - Unknown Product (CVE-2023-31723) - Low [71]

Description: {'vulners_cve_data_all': 'yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expand_mmac_params at /nasm/nasm-pp.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31723 was patched at 2024-05-15

10869. Unknown Vulnerability Type - Unknown Product (CVE-2023-31913) - Low [71]

Description: {'vulners_cve_data_all': 'Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31913 was patched at 2024-05-15

10870. Unknown Vulnerability Type - Unknown Product (CVE-2023-31914) - Low [71]

Description: {'vulners_cve_data_all': 'Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31914 was patched at 2024-05-15

10871. Unknown Vulnerability Type - Unknown Product (CVE-2023-31916) - Low [71]

Description: {'vulners_cve_data_all': 'Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31916 was patched at 2024-05-15

10872. Unknown Vulnerability Type - Unknown Product (CVE-2023-31918) - Low [71]

Description: {'vulners_cve_data_all': 'Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31918 was patched at 2024-05-15

10873. Unknown Vulnerability Type - Unknown Product (CVE-2023-31919) - Low [71]

Description: {'vulners_cve_data_all': 'Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31919 was patched at 2024-05-15

10874. Unknown Vulnerability Type - Unknown Product (CVE-2023-31920) - Low [71]

Description: {'vulners_cve_data_all': 'Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31920 was patched at 2024-05-15

10875. Unknown Vulnerability Type - Unknown Product (CVE-2023-31972) - Low [71]

Description: {'vulners_cve_data_all': 'yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31972 was patched at 2024-05-15

10876. Unknown Vulnerability Type - Unknown Product (CVE-2023-31973) - Low [71]

Description: {'vulners_cve_data_all': 'yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31973 was patched at 2024-05-15

10877. Unknown Vulnerability Type - Unknown Product (CVE-2023-31974) - Low [71]

Description: {'vulners_cve_data_all': 'yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31974 was patched at 2024-05-15

10878. Unknown Vulnerability Type - Unknown Product (CVE-2023-34320) - Low [71]

Description: {'vulners_cve_data_all': 'Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412\nwhere software, under certain circumstances, could deadlock a core\ndue to the execution of either a load to device or non-cacheable memory,\nand either a store exclusive or register read of the Physical\nAddress Register (PAR_EL1) in close proximity.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34320 was patched at 2024-05-15

10879. Unknown Vulnerability Type - Unknown Product (CVE-2023-34323) - Low [71]

Description: {'vulners_cve_data_all': 'When a transaction is committed, C Xenstored will first check\nthe quota is correct before attempting to commit any nodes. It would\nbe possible that accounting is temporarily negative if a node has\nbeen removed outside of the transaction.\n\nUnfortunately, some versions of C Xenstored are assuming that the\nquota cannot be negative and are using assert() to confirm it. This\nwill lead to C Xenstored crash when tools are built without -DNDEBUG\n(this is the default).\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34323 was patched at 2024-05-15

10880. Unknown Vulnerability Type - Unknown Product (CVE-2023-34823) - Low [71]

Description: {'vulners_cve_data_all': 'fdkaac before 1.0.5 was discovered to contain a stack overflow in read_callback function in src/main.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34823 was patched at 2024-05-15

10881. Unknown Vulnerability Type - Unknown Product (CVE-2023-37770) - Low [71]

Description: {'vulners_cve_data_all': 'faust commit ee39a19 was discovered to contain a stack overflow via the component boxppShared::print() at /boxes/ppbox.cpp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-37770 was patched at 2024-05-15

10882. Unknown Vulnerability Type - Unknown Product (CVE-2023-40170) - Low [71]

Description: {'vulners_cve_data_all': 'jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-40170 was patched at 2024-05-15

10883. Unknown Vulnerability Type - Unknown Product (CVE-2023-41633) - Low [71]

Description: {'vulners_cve_data_all': 'Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-41633 was patched at 2024-05-15

10884. Unknown Vulnerability Type - Unknown Product (CVE-2023-45663) - Low [71]

Description: {'vulners_cve_data_all': 'stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45663 was patched at 2024-05-15

10885. Unknown Vulnerability Type - Unknown Product (CVE-2023-46331) - Low [71]

Description: {'vulners_cve_data_all': 'WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46331 was patched at 2024-05-15

10886. Unknown Vulnerability Type - Unknown Product (CVE-2023-46332) - Low [71]

Description: {'vulners_cve_data_all': 'WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46332 was patched at 2024-05-15

10887. Unknown Vulnerability Type - Unknown Product (CVE-2023-46445) - Low [71]

Description: {'vulners_cve_data_all': 'An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46445 was patched at 2024-05-15

10888. Unknown Vulnerability Type - Unknown Product (CVE-2023-46835) - Low [71]

Description: {'vulners_cve_data_all': 'The current setup of the quarantine page tables assumes that the\nquarantine domain (dom_io) has been initialized with an address width\nof DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels.\n\nHowever dom_io being a PV domain gets the AMD-Vi IOMMU page tables\nlevels based on the maximum (hot pluggable) RAM address, and hence on\nsystems with no RAM above the 512GB mark only 3 page-table levels are\nconfigured in the IOMMU.\n\nOn systems without RAM above the 512GB boundary\namd_iommu_quarantine_init() will setup page tables for the scratch\npage with 4 levels, while the IOMMU will be configured to use 3 levels\nonly, resulting in the last page table directory (PDE) effectively\nbecoming a page table entry (PTE), and hence a device in quarantine\nmode gaining write access to the page destined to be a PDE.\n\nDue to this page table level mismatch, the sink page the device gets\nread/write access to is no longer cleared between device assignment,\npossibly leading to data leaks.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46835 was patched at 2024-05-15

10889. Unknown Vulnerability Type - Unknown Product (CVE-2023-47164) - Low [71]

Description: {'vulners_cve_data_all': 'Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-47164 was patched at 2024-05-15

10890. Unknown Vulnerability Type - Unknown Product (CVE-2023-49994) - Low [71]

Description: {'vulners_cve_data_all': 'Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49994 was patched at 2024-05-15

10891. Unknown Vulnerability Type - Unknown Product (CVE-2023-50572) - Low [71]

Description: {'vulners_cve_data_all': 'An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50572 was patched at 2024-05-15

10892. Unknown Vulnerability Type - Unknown Product (CVE-2023-50979) - Low [71]

Description: {'vulners_cve_data_all': 'Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-50979 was patched at 2024-05-15

10893. Unknown Vulnerability Type - Unknown Product (CVE-2023-52426) - Low [71]

Description: {'vulners_cve_data_all': 'libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52426 was patched at 2024-05-15

redos: CVE-2023-52426 was patched at 2024-06-03

10894. Unknown Vulnerability Type - Unknown Product (CVE-2024-21908) - Low [71]

Description: {'vulners_cve_data_all': '\nTinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.\n\n\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-21908 was patched at 2024-05-15

10895. Unknown Vulnerability Type - Unknown Product (CVE-2024-21910) - Low [71]

Description: {'vulners_cve_data_all': 'TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-21910 was patched at 2024-05-15

10896. Unknown Vulnerability Type - Unknown Product (CVE-2024-21911) - Low [71]

Description: {'vulners_cve_data_all': 'TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-21911 was patched at 2024-05-15

10897. Unknown Vulnerability Type - Unknown Product (CVE-2024-2236) - Low [71]

Description: {'vulners_cve_data_all': 'A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 5.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-2236 was patched at 2024-05-15

debian: CVE-2024-22368 was patched at 2024-05-15

ubuntu: CVE-2024-22368 was patched at 2024-05-09

10898. Unknown Vulnerability Type - Unknown Product (CVE-2024-24815) - Low [71]

Description: {'vulners_cve_data_all': 'CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elements in Advanced Content Filtering configuration (defaults to `script` and `style` elements). The vulnerability allows attackers to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. An attacker could abuse faulty CDATA content detection and use it to prepare an intentional attack on the editor. A fix is available in version 4.24.0-lts.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-24815 was patched at 2024-05-15

10899. Unknown Vulnerability Type - Unknown Product (CVE-2024-27297) - Low [71]

Description: {'vulners_cve_data_all': 'Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27297 was patched at 2024-04-22, 2024-05-15

10900. Unknown Vulnerability Type - Unknown Product (CVE-2024-28245) - Low [71]

Description: {'vulners_cve_data_all': 'KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28245 was patched at 2024-05-15

10901. Unknown Vulnerability Type - Unknown Product (CVE-2024-34078) - Low [71]

Description: {'vulners_cve_data_all': 'html-sanitizer is an allowlist-based HTML cleaner. If using `keep_typographic_whitespace=False` (which is the default), the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has been fixed in 2.4.2.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-34078 was patched at 2024-05-15

10902. Unknown Vulnerability Type - Unknown Product (CVE-2024-3447) - Low [71]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.610CVSS Base Score is 6.0. According to BDU data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3447 was patched at 2024-05-15

10903. Unknown Vulnerability Type - GPAC (CVE-2024-28318) - Low [66]

Description: {'vulners_cve_data_all': 'gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_manager/swf_parse.c:325', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28318 was patched at 2024-05-15

10904. Unknown Vulnerability Type - GPAC (CVE-2024-28319) - Low [66]

Description: {'vulners_cve_data_all': 'gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.414GPAC is an Open Source multimedia framework for research and academic purposes; the project covers different aspects of multimedia, with a focus on presentation technologies (graphics, animation and interactivity)
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28319 was patched at 2024-05-15

10905. Unknown Vulnerability Type - Unknown Product (CVE-2001-1442) - Low [59]

Description: {'vulners_cve_data_all': 'Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2001-1442 was patched at 2024-05-15

10906. Unknown Vulnerability Type - Unknown Product (CVE-2001-1505) - Low [59]

Description: {'vulners_cve_data_all': 'tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2001-1505 was patched at 2024-05-15

10907. Unknown Vulnerability Type - Unknown Product (CVE-2002-0715) - Low [59]

Description: {'vulners_cve_data_all': 'Vulnerability in Squid before 2.4.STABLE6 related to proxy authentication credentials may allow remote web sites to obtain the user's proxy login and password.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0715 was patched at 2024-05-15

10908. Unknown Vulnerability Type - Unknown Product (CVE-2002-0896) - Low [59]

Description: {'vulners_cve_data_all': 'The throttle capability in Swatch may fail to report certain events if (1) the same type of event occurs after the throttle period, or (2) when multiple events matching the same "watchfor" expression do not occur after the throttle period, which could allow attackers to avoid detection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0896 was patched at 2024-05-15

10909. Unknown Vulnerability Type - Unknown Product (CVE-2002-1156) - Low [59]

Description: {'vulners_cve_data_all': 'Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1156 was patched at 2024-05-15

10910. Unknown Vulnerability Type - Unknown Product (CVE-2002-1389) - Low [59]

Description: {'vulners_cve_data_all': 'Buffer overflow in typespeed 0.4.2 and earlier allows local users to gain privileges via long input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1389 was patched at 2024-05-15

10911. Unknown Vulnerability Type - Unknown Product (CVE-2002-1405) - Low [59]

Description: {'vulners_cve_data_all': 'CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1405 was patched at 2024-05-15

10912. Unknown Vulnerability Type - Unknown Product (CVE-2002-1471) - Low [59]

Description: {'vulners_cve_data_all': 'The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1471 was patched at 2024-05-15

10913. Unknown Vulnerability Type - Unknown Product (CVE-2002-1653) - Low [59]

Description: {'vulners_cve_data_all': 'Farm9 Cryptcat, when started in server mode with the -e option, does not enable encryption, which allows clients to communicate without encryption despite intended configuration, and may allow remote attackers to sniff sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1653 was patched at 2024-05-15

10914. Unknown Vulnerability Type - Unknown Product (CVE-2002-1746) - Low [59]

Description: {'vulners_cve_data_all': 'Vtun 2.5b1 allows remote attackers to inject data into user sessions by sniffing and replaying packets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1746 was patched at 2024-05-15

10915. Unknown Vulnerability Type - Unknown Product (CVE-2002-1747) - Low [59]

Description: {'vulners_cve_data_all': 'Vtun 2.5b1 does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on ECB.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1747 was patched at 2024-05-15

10916. Unknown Vulnerability Type - Unknown Product (CVE-2002-1755) - Low [59]

Description: {'vulners_cve_data_all': 'tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1755 was patched at 2024-05-15

10917. Unknown Vulnerability Type - Unknown Product (CVE-2003-0048) - Low [59]

Description: {'vulners_cve_data_all': 'PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0048 was patched at 2024-05-15

10918. Unknown Vulnerability Type - Unknown Product (CVE-2003-0261) - Low [59]

Description: {'vulners_cve_data_all': 'fuzz 0.6 and earlier creates temporary files insecurely, which could allow local users to gain root privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0261 was patched at 2024-05-15

10919. Unknown Vulnerability Type - Unknown Product (CVE-2003-0358) - Low [59]

Description: {'vulners_cve_data_all': 'Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0358 was patched at 2024-05-15

10920. Unknown Vulnerability Type - Unknown Product (CVE-2003-0359) - Low [59]

Description: {'vulners_cve_data_all': 'nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0359 was patched at 2024-05-15

10921. Unknown Vulnerability Type - Unknown Product (CVE-2003-0382) - Low [59]

Description: {'vulners_cve_data_all': 'Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0382 was patched at 2024-05-15

10922. Unknown Vulnerability Type - Unknown Product (CVE-2003-0396) - Low [59]

Description: {'vulners_cve_data_all': 'Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if used setuid, allows local users to gain privileges via a long -f command line argument.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0396 was patched at 2024-05-15

10923. Unknown Vulnerability Type - Unknown Product (CVE-2003-0644) - Low [59]

Description: {'vulners_cve_data_all': 'Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0644 was patched at 2024-05-15

10924. Unknown Vulnerability Type - Unknown Product (CVE-2003-0645) - Low [59]

Description: {'vulners_cve_data_all': 'man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0645 was patched at 2024-05-15

10925. Unknown Vulnerability Type - Unknown Product (CVE-2003-0740) - Low [59]

Description: {'vulners_cve_data_all': 'Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0740 was patched at 2024-05-15

10926. Unknown Vulnerability Type - Unknown Product (CVE-2003-0828) - Low [59]

Description: {'vulners_cve_data_all': 'Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local users to gain "games" group privileges when processing environment variables.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0828 was patched at 2024-05-15

10927. Unknown Vulnerability Type - Unknown Product (CVE-2003-1308) - Low [59]

Description: {'vulners_cve_data_all': 'CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-1308 was patched at 2024-05-15

10928. Unknown Vulnerability Type - Unknown Product (CVE-2004-0042) - Low [59]

Description: {'vulners_cve_data_all': 'vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0042 was patched at 2024-05-15

10929. Unknown Vulnerability Type - Unknown Product (CVE-2004-0158) - Low [59]

Description: {'vulners_cve_data_all': 'Buffer overflow in lbreakout2 allows local users to gain 'games' group privileges via a large HOME environment variable to (1) editor.c, (2) theme.c, (3) manager.c, (4) config.c, (5) game.c, (6) levels.c, or (7) main.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0158 was patched at 2024-05-15

10930. Unknown Vulnerability Type - Unknown Product (CVE-2004-0412) - Low [59]

Description: {'vulners_cve_data_all': 'Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0412 was patched at 2024-05-15

10931. Unknown Vulnerability Type - Unknown Product (CVE-2004-0778) - Low [59]

Description: {'vulners_cve_data_all': 'CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0778 was patched at 2024-05-15

10932. Unknown Vulnerability Type - Unknown Product (CVE-2004-1184) - Low [59]

Description: {'vulners_cve_data_all': 'The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1184 was patched at 2024-05-15

10933. Unknown Vulnerability Type - Unknown Product (CVE-2004-1269) - Low [59]

Description: {'vulners_cve_data_all': 'lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1269 was patched at 2024-05-15

10934. Unknown Vulnerability Type - Unknown Product (CVE-2004-1487) - Low [59]

Description: {'vulners_cve_data_all': 'wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1487 was patched at 2024-05-15

10935. Unknown Vulnerability Type - Unknown Product (CVE-2004-1876) - Low [59]

Description: {'vulners_cve_data_all': 'The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1876 was patched at 2024-05-15

10936. Unknown Vulnerability Type - Unknown Product (CVE-2004-1899) - Low [59]

Description: {'vulners_cve_data_all': 'The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1899 was patched at 2024-05-15

10937. Unknown Vulnerability Type - Unknown Product (CVE-2004-2313) - Low [59]

Description: {'vulners_cve_data_all': 'Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2313 was patched at 2024-05-15

10938. Unknown Vulnerability Type - Unknown Product (CVE-2004-2655) - Low [59]

Description: {'vulners_cve_data_all': 'rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2655 was patched at 2024-05-15

10939. Unknown Vulnerability Type - Unknown Product (CVE-2004-2705) - Low [59]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) before 1.6.4 allows remote attackers to obtain attributes of arbitrary accounts, including the password hash, via certain statsreq packets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2705 was patched at 2024-05-15

10940. Unknown Vulnerability Type - Unknown Product (CVE-2005-0080) - Low [59]

Description: {'vulners_cve_data_all': 'The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0080 was patched at 2024-05-15

10941. Unknown Vulnerability Type - Unknown Product (CVE-2005-0105) - Low [59]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in typespeed 0.4.1 and earlier allows local users to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0105 was patched at 2024-05-15

10942. Unknown Vulnerability Type - Unknown Product (CVE-2005-0131) - Low [59]

Description: {'vulners_cve_data_all': 'The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0131 was patched at 2024-05-15

10943. Unknown Vulnerability Type - Unknown Product (CVE-2005-0174) - Low [59]

Description: {'vulners_cve_data_all': 'Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0174 was patched at 2024-05-15

10944. Unknown Vulnerability Type - Unknown Product (CVE-2005-0175) - Low [59]

Description: {'vulners_cve_data_all': 'Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0175 was patched at 2024-05-15

10945. Unknown Vulnerability Type - Unknown Product (CVE-2005-0218) - Low [59]

Description: {'vulners_cve_data_all': 'ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0218 was patched at 2024-05-15

10946. Unknown Vulnerability Type - Unknown Product (CVE-2005-0238) - Low [59]

Description: {'vulners_cve_data_all': 'The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0238 was patched at 2024-05-15

10947. Unknown Vulnerability Type - Unknown Product (CVE-2005-0362) - Low [59]

Description: {'vulners_cve_data_all': 'awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "pluginmode", (2) "loadplugin", or (3) "noloadplugin" parameters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0362 was patched at 2024-05-15

10948. Unknown Vulnerability Type - Unknown Product (CVE-2005-0435) - Low [59]

Description: {'vulners_cve_data_all': 'awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0435 was patched at 2024-05-15

10949. Unknown Vulnerability Type - Unknown Product (CVE-2005-0488) - Low [59]

Description: {'vulners_cve_data_all': 'Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0488 was patched at 2024-05-15

10950. Unknown Vulnerability Type - Unknown Product (CVE-2005-0503) - Low [59]

Description: {'vulners_cve_data_all': 'uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0503 was patched at 2024-05-15

10951. Unknown Vulnerability Type - Unknown Product (CVE-2005-0837) - Low [59]

Description: {'vulners_cve_data_all': 'IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0837 was patched at 2024-05-15

10952. Unknown Vulnerability Type - Unknown Product (CVE-2005-1064) - Low [59]

Description: {'vulners_cve_data_all': 'The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 changes the ownership of files that a symlink points to rather than the symlink itself, which allows local users to obtain access to arbitrary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1064 was patched at 2024-05-15

10953. Unknown Vulnerability Type - Unknown Product (CVE-2005-1111) - Low [59]

Description: {'vulners_cve_data_all': 'Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1111 was patched at 2024-05-15

10954. Unknown Vulnerability Type - Unknown Product (CVE-2005-2008) - Low [59]

Description: {'vulners_cve_data_all': 'Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2008 was patched at 2024-05-15

10955. Unknown Vulnerability Type - Unknown Product (CVE-2005-2050) - Low [59]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers to read arbitrary memory and possibly key information from the exit server's process space.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2050 was patched at 2024-05-15

10956. Unknown Vulnerability Type - Unknown Product (CVE-2005-2411) - Low [59]

Description: {'vulners_cve_data_all': 'Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and tDiary 2.0.1 and earlier, allows remote attackers to conduct actions as another user, and execute commands on the server, via a URL that is activated by the user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2411 was patched at 2024-05-15

10957. Unknown Vulnerability Type - Unknown Product (CVE-2005-2496) - Low [59]

Description: {'vulners_cve_data_all': 'The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2496 was patched at 2024-05-15

10958. Unknown Vulnerability Type - Unknown Product (CVE-2005-2643) - Low [59]

Description: {'vulners_cve_data_all': 'Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2643 was patched at 2024-05-15

10959. Unknown Vulnerability Type - Unknown Product (CVE-2005-3163) - Low [59]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers to read files outside of the web root.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3163 was patched at 2024-05-15

10960. Unknown Vulnerability Type - Unknown Product (CVE-2005-3256) - Low [59]

Description: {'vulners_cve_data_all': 'The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3256 was patched at 2024-05-15

10961. Unknown Vulnerability Type - Unknown Product (CVE-2005-4347) - Low [59]

Description: {'vulners_cve_data_all': 'The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4347 was patched at 2024-05-15

10962. Unknown Vulnerability Type - Unknown Product (CVE-2005-4802) - Low [59]

Description: {'vulners_cve_data_all': 'Flexbackup 1.2.1 and earlier allows local users to overwrite files and execute code via a symlink attack on temporary files. NOTE: the raw source referenced an incorrect candidate number; this is the correct number to use.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-4802 was patched at 2024-05-15

10963. Unknown Vulnerability Type - Unknown Product (CVE-2006-0126) - Low [59]

Description: {'vulners_cve_data_all': 'rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0126 was patched at 2024-05-15

10964. Unknown Vulnerability Type - Unknown Product (CVE-2006-0410) - Low [59]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-0410 was patched at 2024-05-15

10965. Unknown Vulnerability Type - Unknown Product (CVE-2006-1063) - Low [59]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in Lurker 2.0 and earlier allows remote attackers to create or overwrite files in any writable directory that is named "mbox".', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1063 was patched at 2024-05-15

10966. Unknown Vulnerability Type - Unknown Product (CVE-2006-1564) - Low [59]

Description: {'vulners_cve_data_all': 'Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1564 was patched at 2024-05-15

10967. Unknown Vulnerability Type - Unknown Product (CVE-2006-2196) - Low [59]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2196 was patched at 2024-05-15

10968. Unknown Vulnerability Type - Unknown Product (CVE-2006-2691) - Low [59]

Description: {'vulners_cve_data_all': 'Unspecified "information leakage" vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to access arbitrary images, including dynamically generated images, via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2691 was patched at 2024-05-15

10969. Unknown Vulnerability Type - Unknown Product (CVE-2006-2769) - Low [59]

Description: {'vulners_cve_data_all': 'The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass "uricontent" rules via a carriage return (\\r) after the URL and before the HTTP declaration.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2769 was patched at 2024-05-15

10970. Unknown Vulnerability Type - Unknown Product (CVE-2006-3119) - Low [59]

Description: {'vulners_cve_data_all': 'The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that prevents a filter from working correctly, which allows user-assisted attackers to bypass the filter and execute malicious Postscript commands.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3119 was patched at 2024-05-15

10971. Unknown Vulnerability Type - Unknown Product (CVE-2006-3390) - Low [59]

Description: {'vulners_cve_data_all': 'WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3390 was patched at 2024-05-15

10972. Unknown Vulnerability Type - Unknown Product (CVE-2006-3410) - Low [59]

Description: {'vulners_cve_data_all': 'Tor before 0.1.1.20 creates "internal circuits" primarily consisting of nodes with "useful exit nodes," which allows remote attackers to conduct unspecified statistical attacks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3410 was patched at 2024-05-15

10973. Unknown Vulnerability Type - Unknown Product (CVE-2006-3413) - Low [59]

Description: {'vulners_cve_data_all': 'The privoxy configuration file in Tor before 0.1.1.20, when run on Apple OS X, logs all data via the "logfile", which allows attackers to obtain potentially sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3413 was patched at 2024-05-15

10974. Unknown Vulnerability Type - Unknown Product (CVE-2006-3414) - Low [59]

Description: {'vulners_cve_data_all': 'Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3414 was patched at 2024-05-15

10975. Unknown Vulnerability Type - Unknown Product (CVE-2006-3418) - Low [59]

Description: {'vulners_cve_data_all': 'Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3418 was patched at 2024-05-15

10976. Unknown Vulnerability Type - Unknown Product (CVE-2006-3682) - Low [59]

Description: {'vulners_cve_data_all': 'awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-3682 was patched at 2024-05-15

10977. Unknown Vulnerability Type - Unknown Product (CVE-2006-4006) - Low [59]

Description: {'vulners_cve_data_all': 'The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4006 was patched at 2024-05-15

10978. Unknown Vulnerability Type - Unknown Product (CVE-2006-4436) - Low [59]

Description: {'vulners_cve_data_all': 'isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the replay protection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4436 was patched at 2024-05-15

10979. Unknown Vulnerability Type - Unknown Product (CVE-2006-4798) - Low [59]

Description: {'vulners_cve_data_all': 'SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4798 was patched at 2024-05-15

10980. Unknown Vulnerability Type - Unknown Product (CVE-2006-5443) - Low [59]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server (WIMS) before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5443 was patched at 2024-05-15

10981. Unknown Vulnerability Type - Unknown Product (CVE-2006-5778) - Low [59]

Description: {'vulners_cve_data_all': 'ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5778 was patched at 2024-05-15

10982. Unknown Vulnerability Type - Unknown Product (CVE-2006-6406) - Low [59]

Description: {'vulners_cve_data_all': 'Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6406 was patched at 2024-05-15

10983. Unknown Vulnerability Type - Unknown Product (CVE-2007-0541) - Low [59]

Description: {'vulners_cve_data_all': 'WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-0541 was patched at 2024-05-15

10984. Unknown Vulnerability Type - Unknown Product (CVE-2007-3165) - Low [59]

Description: {'vulners_cve_data_all': 'Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to inappropriate remote observers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3165 was patched at 2024-05-15

10985. Unknown Vulnerability Type - Unknown Product (CVE-2007-3528) - Low [59]

Description: {'vulners_cve_data_all': 'The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3528 was patched at 2024-05-15

10986. Unknown Vulnerability Type - Unknown Product (CVE-2007-4100) - Low [59]

Description: {'vulners_cve_data_all': 'MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/web_infos/ before the network modules become active, which allows remote attackers to bypass the IP blocklist.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4100 was patched at 2024-05-15

10987. Unknown Vulnerability Type - Unknown Product (CVE-2007-4408) - Low [59]

Description: {'vulners_cve_data_all': 'ircu 2.10.12.05 and earlier ignores timestamps in bounces, which allows remote attackers to take over a channel during a netjoin by causing a bounce while a server with an older version of the channel is linking.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4408 was patched at 2024-05-15

10988. Unknown Vulnerability Type - Unknown Product (CVE-2007-4601) - Low [59]

Description: {'vulners_cve_data_all': 'A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might allow remote attackers to bypass intended access restrictions when a service uses libwrap but does not specify server connection information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-4601 was patched at 2024-05-15

10989. Unknown Vulnerability Type - Unknown Product (CVE-2007-5201) - Low [59]

Description: {'vulners_cve_data_all': 'The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5201 was patched at 2024-05-15

10990. Unknown Vulnerability Type - Unknown Product (CVE-2007-5379) - Low [59]

Description: {'vulners_cve_data_all': 'Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers and ActiveResource servers to determine the existence of arbitrary files and read arbitrary XML files via the Hash.from_xml (Hash#from_xml) method, which uses XmlSimple (XML::Simple) unsafely, as demonstrated by reading passwords from the Pidgin (Gaim) .purple/accounts.xml file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5379 was patched at 2024-05-15

10991. Unknown Vulnerability Type - Unknown Product (CVE-2007-5585) - Low [59]

Description: {'vulners_cve_data_all': 'xscreensaver 5.03 and earlier, when running without xscreensaver-gl-extras (GL extras) installed, crashes when /usr/bin/xscreensaver-gl-helper does not exist and a user attempts to unlock the screen, which allows attackers with physical access to gain access to the locked session.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5585 was patched at 2024-05-15

10992. Unknown Vulnerability Type - Unknown Product (CVE-2007-5718) - Low [59]

Description: {'vulners_cve_data_all': 'vobcopy 0.5.14 allows local users to append data to an arbitrary file, or create an arbitrary new file, via a symlink attack on the (1) /tmp/vobcopy.bla or (2) /tmp/vobcopy_0.5.14.log temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5718 was patched at 2024-05-15

10993. Unknown Vulnerability Type - Unknown Product (CVE-2007-6596) - Low [59]

Description: {'vulners_cve_data_all': 'ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6596 was patched at 2024-05-15

10994. Unknown Vulnerability Type - Unknown Product (CVE-2008-1293) - Low [59]

Description: {'vulners_cve_data_all': 'ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote attackers to connect to this server via TCP port 6006 (aka display :6).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1293 was patched at 2024-05-15

10995. Unknown Vulnerability Type - Unknown Product (CVE-2008-2667) - Low [59]

Description: {'vulners_cve_data_all': 'SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-2667 was patched at 2024-05-15

10996. Unknown Vulnerability Type - Unknown Product (CVE-2008-3969) - Low [59]

Description: {'vulners_cve_data_all': 'Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow remote attackers to "overwrite" and "hijack" existing accounts via unknown vectors related to "inconsistent handling of the USTATUS_IDENTIFIED state." NOTE: this issue exists because of an incomplete fix for CVE-2008-3920.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3969 was patched at 2024-05-15

10997. Unknown Vulnerability Type - Unknown Product (CVE-2008-4311) - Low [59]

Description: {'vulners_cve_data_all': 'The default configuration of system.conf in D-Bus (aka DBus) before 1.2.6 omits the send_type attribute in certain rules, which allows local users to bypass intended access restrictions by (1) sending messages, related to send_requested_reply; and possibly (2) receiving messages, related to receive_requested_reply.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4311 was patched at 2024-05-15

10998. Unknown Vulnerability Type - Unknown Product (CVE-2008-4578) - Low [59]

Description: {'vulners_cve_data_all': 'The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4578 was patched at 2024-05-15

10999. Unknown Vulnerability Type - Unknown Product (CVE-2008-5189) - Low [59]

Description: {'vulners_cve_data_all': 'CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5189 was patched at 2024-05-15

11000. Unknown Vulnerability Type - Unknown Product (CVE-2008-5647) - Low [59]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5647 was patched at 2024-05-15

11001. Unknown Vulnerability Type - Unknown Product (CVE-2008-6548) - Low [59]

Description: {'vulners_cve_data_all': 'The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6548 was patched at 2024-05-15

11002. Unknown Vulnerability Type - Unknown Product (CVE-2008-7276) - Low [59]

Description: {'vulners_cve_data_all': 'Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7276 was patched at 2024-05-15

11003. Unknown Vulnerability Type - Unknown Product (CVE-2008-7282) - Low [59]

Description: {'vulners_cve_data_all': 'Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain (1) list and (2) write operations on queues, via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7282 was patched at 2024-05-15

11004. Unknown Vulnerability Type - Unknown Product (CVE-2009-0579) - Low [59]

Description: {'vulners_cve_data_all': 'Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0579 was patched at 2024-05-15

11005. Unknown Vulnerability Type - Unknown Product (CVE-2009-0654) - Low [59]

Description: {'vulners_cve_data_all': 'Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote attackers, with control of an entry router and an exit router, to confirm that a sender and receiver are communicating via vectors involving (1) replaying, (2) modifying, (3) inserting, or (4) deleting a single cell, and then observing cell recognition errors at the exit router. NOTE: the vendor disputes the significance of this issue, noting that the product's design "accepted end-to-end correlation as an attack that is too expensive to solve."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0654 was patched at 2024-05-15

11006. Unknown Vulnerability Type - Unknown Product (CVE-2009-0801) - Low [59]

Description: {'vulners_cve_data_all': 'Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0801 was patched at 2024-05-15

11007. Unknown Vulnerability Type - Unknown Product (CVE-2009-0804) - Low [59]

Description: {'vulners_cve_data_all': 'Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0804 was patched at 2024-05-15

11008. Unknown Vulnerability Type - Unknown Product (CVE-2009-1214) - Low [59]

Description: {'vulners_cve_data_all': 'GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1214 was patched at 2024-05-15

11009. Unknown Vulnerability Type - Unknown Product (CVE-2009-1273) - Low [59]

Description: {'vulners_cve_data_all': 'pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote attackers to enumerate usernames.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1273 was patched at 2024-05-15

11010. Unknown Vulnerability Type - Unknown Product (CVE-2009-1494) - Low [59]

Description: {'vulners_cve_data_all': 'The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1494 was patched at 2024-05-15

11011. Unknown Vulnerability Type - Unknown Product (CVE-2009-1573) - Low [59]

Description: {'vulners_cve_data_all': 'xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1573 was patched at 2024-05-15

11012. Unknown Vulnerability Type - Unknown Product (CVE-2009-1769) - Low [59]

Description: {'vulners_cve_data_all': 'The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1769 was patched at 2024-05-15

11013. Unknown Vulnerability Type - Unknown Product (CVE-2009-2426) - Low [59]

Description: {'vulners_cve_data_all': 'The connection_edge_process_relay_cell_not_open function in src/or/relay.c in Tor 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta allows exit relays to have an unspecified impact by causing controllers to accept DNS responses that redirect to an internal IP address via unknown vectors. NOTE: some of these details are obtained from third party information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2426 was patched at 2024-05-15

11014. Unknown Vulnerability Type - Unknown Product (CVE-2009-3564) - Low [59]

Description: {'vulners_cve_data_all': 'puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3564 was patched at 2024-05-15

11015. Unknown Vulnerability Type - Unknown Product (CVE-2009-3589) - Low [59]

Description: {'vulners_cve_data_all': 'incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users to gain privileges via an incrontab table.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3589 was patched at 2024-05-15

11016. Unknown Vulnerability Type - Unknown Product (CVE-2009-3619) - Low [59]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 has unknown impact and remote attack vectors related to "printing illegal parameter names and values."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3619 was patched at 2024-05-15

11017. Unknown Vulnerability Type - Unknown Product (CVE-2009-3727) - Low [59]

Description: {'vulners_cve_data_all': 'Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3727 was patched at 2024-05-15

11018. Unknown Vulnerability Type - Unknown Product (CVE-2009-5023) - Low [59]

Description: {'vulners_cve_data_all': 'The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a symlink attack on temporary files with predictable names, as demonstrated by /tmp/fail2ban-mail.txt.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5023 was patched at 2024-05-15

11019. Unknown Vulnerability Type - Unknown Product (CVE-2009-5024) - Low [59]

Description: {'vulners_cve_data_all': 'ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5024 was patched at 2024-05-15

11020. Unknown Vulnerability Type - Unknown Product (CVE-2010-0004) - Low [59]

Description: {'vulners_cve_data_all': 'ViewVC before 1.1.3 composes the root listing view without using the authorizer for each root, which might allow remote attackers to discover private root names by reading this view.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0004 was patched at 2024-05-15

11021. Unknown Vulnerability Type - Unknown Product (CVE-2010-0383) - Low [59]

Description: {'vulners_cve_data_all': 'Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated identity keys for certain directory authorities, which makes it easier for man-in-the-middle attackers to compromise the anonymity of traffic sources and destinations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0383 was patched at 2024-05-15

11022. Unknown Vulnerability Type - Unknown Product (CVE-2010-0685) - Low [59]

Description: {'vulners_cve_data_all': 'The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0685 was patched at 2024-05-15

11023. Unknown Vulnerability Type - Unknown Product (CVE-2010-0749) - Low [59]

Description: {'vulners_cve_data_all': 'Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0749 was patched at 2024-05-15

11024. Unknown Vulnerability Type - Unknown Product (CVE-2010-1238) - Low [59]

Description: {'vulners_cve_data_all': 'MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1238 was patched at 2024-05-15

11025. Unknown Vulnerability Type - Unknown Product (CVE-2010-2246) - Low [59]

Description: {'vulners_cve_data_all': 'feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2246 was patched at 2024-05-15

11026. Unknown Vulnerability Type - Unknown Product (CVE-2010-3359) - Low [59]

Description: {'vulners_cve_data_all': 'If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3359 was patched at 2024-05-15

11027. Unknown Vulnerability Type - Unknown Product (CVE-2010-4764) - Low [59]

Description: {'vulners_cve_data_all': 'Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, does not present warnings about incoming encrypted e-mail messages that were based on revoked PGP or GPG keys, which makes it easier for remote attackers to spoof e-mail communication by leveraging a key that has a revocation signature.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4764 was patched at 2024-05-15

11028. Unknown Vulnerability Type - Unknown Product (CVE-2010-4765) - Low [59]

Description: {'vulners_cve_data_all': 'Race condition in the Kernel::System::Main::FileWrite method in Open Ticket Request System (OTRS) before 2.4.8 allows remote authenticated users to corrupt the TicketCounter.log data in opportunistic circumstances by creating tickets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4765 was patched at 2024-05-15

11029. Unknown Vulnerability Type - Unknown Product (CVE-2011-1136) - Low [59]

Description: {'vulners_cve_data_all': 'In tesseract 2.03 and 2.04, an attacker can rewrite an arbitrary user file by guessing the PID and creating a link to the user's file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1136 was patched at 2024-05-15

11030. Unknown Vulnerability Type - Unknown Product (CVE-2011-1836) - Low [59]

Description: {'vulners_cve_data_all': 'utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1836 was patched at 2024-05-15

11031. Unknown Vulnerability Type - Unknown Product (CVE-2011-2082) - Low [59]

Description: {'vulners_cve_data_all': 'The vulnerable-passwords script in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not update the password-hash algorithm for disabled user accounts, which makes it easier for context-dependent attackers to determine cleartext passwords, and possibly use these passwords after accounts are re-enabled, via a brute-force attack on the database. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0009.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2082 was patched at 2024-05-15

11032. Unknown Vulnerability Type - Unknown Product (CVE-2011-2536) - Low [59]

Description: {'vulners_cve_data_all': 'chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2536 was patched at 2024-05-15

11033. Unknown Vulnerability Type - Unknown Product (CVE-2011-2666) - Low [59]

Description: {'vulners_cve_data_all': 'The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2666 was patched at 2024-05-15

11034. Unknown Vulnerability Type - Unknown Product (CVE-2011-2902) - Low [59]

Description: {'vulners_cve_data_all': 'zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2902 was patched at 2024-05-15

11035. Unknown Vulnerability Type - Unknown Product (CVE-2011-3126) - Low [59]

Description: {'vulners_cve_data_all': 'WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote attackers to determine usernames of non-authors via canonical redirects.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3126 was patched at 2024-05-15

11036. Unknown Vulnerability Type - Unknown Product (CVE-2011-4138) - Low [59]

Description: {'vulners_cve_data_all': 'The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitrary GET requests with an unintended source IP address via a crafted Location header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4138 was patched at 2024-05-15

11037. Unknown Vulnerability Type - Unknown Product (CVE-2011-4139) - Low [59]

Description: {'vulners_cve_data_all': 'Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host header to construct a full URL in certain circumstances, which allows remote attackers to conduct cache poisoning attacks via a crafted request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4139 was patched at 2024-05-15

11038. Unknown Vulnerability Type - Unknown Product (CVE-2011-4349) - Low [59]

Description: {'vulners_cve_data_all': 'Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4349 was patched at 2024-05-15

11039. Unknown Vulnerability Type - Unknown Product (CVE-2011-4578) - Low [59]

Description: {'vulners_cve_data_all': 'event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4578 was patched at 2024-05-15

11040. Unknown Vulnerability Type - Unknown Product (CVE-2011-4612) - Low [59]

Description: {'vulners_cve_data_all': 'icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4612 was patched at 2024-05-15

11041. Unknown Vulnerability Type - Unknown Product (CVE-2012-0030) - Low [59]

Description: {'vulners_cve_data_all': 'Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0030 was patched at 2024-05-15

11042. Unknown Vulnerability Type - Unknown Product (CVE-2012-0064) - Low [59]

Description: {'vulners_cve_data_all': 'xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0064 was patched at 2024-05-15

11043. Unknown Vulnerability Type - Unknown Product (CVE-2012-0946) - Low [59]

Description: {'vulners_cve_data_all': 'The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0946 was patched at 2024-05-15

11044. Unknown Vulnerability Type - Unknown Product (CVE-2012-1177) - Low [59]

Description: {'vulners_cve_data_all': 'libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1177 was patched at 2024-05-15

11045. Unknown Vulnerability Type - Unknown Product (CVE-2012-2241) - Low [59]

Description: {'vulners_cve_data_all': 'scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to delete arbitrary files via a crafted (1) .dsc or (2) .changes file, probably related to a NULL byte in a filename.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2241 was patched at 2024-05-15

11046. Unknown Vulnerability Type - Unknown Product (CVE-2012-2374) - Low [59]

Description: {'vulners_cve_data_all': 'CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2374 was patched at 2024-05-15

11047. Unknown Vulnerability Type - Unknown Product (CVE-2012-2401) - Low [59]

Description: {'vulners_cve_data_all': 'Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2401 was patched at 2024-05-15

11048. Unknown Vulnerability Type - Unknown Product (CVE-2012-2742) - Low [59]

Description: {'vulners_cve_data_all': 'Revelation 0.4.13-2 and earlier uses only the first 32 characters of a password followed by a sequence of zeros, which reduces the entropy and makes it easier for context-dependent attackers to crack passwords and obtain access to keys via a brute-force attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2742 was patched at 2024-05-15

11049. Unknown Vulnerability Type - Unknown Product (CVE-2012-2743) - Low [59]

Description: {'vulners_cve_data_all': 'Revelation 0.4.13-2 and earlier does not iterate through SHA hashing algorithms for AES encryption, which makes it easier for context-dependent attackers to guess passwords via a brute force attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-2743 was patched at 2024-05-15

11050. Unknown Vulnerability Type - Unknown Product (CVE-2012-4734) - Low [59]

Description: {'vulners_cve_data_all': 'Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4734 was patched at 2024-05-15

11051. Unknown Vulnerability Type - Unknown Product (CVE-2012-4884) - Low [59]

Description: {'vulners_cve_data_all': 'Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG client.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4884 was patched at 2024-05-15

11052. Unknown Vulnerability Type - Unknown Product (CVE-2012-5572) - Low [59]

Description: {'vulners_cve_data_all': 'CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5572 was patched at 2024-05-15

11053. Unknown Vulnerability Type - Unknown Product (CVE-2012-6124) - Low [59]

Description: {'vulners_cve_data_all': 'A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and is advertised as being unsuitable)."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6124 was patched at 2024-05-15

11054. Unknown Vulnerability Type - Unknown Product (CVE-2013-1652) - Low [59]

Description: {'vulners_cve_data_all': 'Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1652 was patched at 2024-05-15

11055. Unknown Vulnerability Type - Unknown Product (CVE-2013-2027) - Low [59]

Description: {'vulners_cve_data_all': 'Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2027 was patched at 2024-05-15

11056. Unknown Vulnerability Type - Unknown Product (CVE-2013-2264) - Low [59]

Description: {'vulners_cve_data_all': 'The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition (BE) C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits different behavior for invalid INVITE, SUBSCRIBE, and REGISTER transactions depending on whether the user account exists, which allows remote attackers to enumerate account names by (1) reading HTTP status codes, (2) reading additional text in a 403 (aka Forbidden) response, or (3) observing whether certain retransmissions occur.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2264 was patched at 2024-05-15

11057. Unknown Vulnerability Type - Unknown Product (CVE-2013-3564) - Low [59]

Description: {'vulners_cve_data_all': 'The web interface in VideoLAN VLC media player before 2.0.7 has no access control which allows remote attackers to view directory listings via the 'dir' command or issue other commands without authenticating.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-3564 was patched at 2024-05-15

11058. Unknown Vulnerability Type - Unknown Product (CVE-2013-4223) - Low [59]

Description: {'vulners_cve_data_all': 'The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4223 was patched at 2024-05-15

11059. Unknown Vulnerability Type - Unknown Product (CVE-2013-4434) - Low [59]

Description: {'vulners_cve_data_all': 'Dropbear SSH Server before 2013.59 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to discover valid usernames.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4434 was patched at 2024-05-15

11060. Unknown Vulnerability Type - Unknown Product (CVE-2013-4439) - Low [59]

Description: {'vulners_cve_data_all': 'Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4439 was patched at 2024-05-15

11061. Unknown Vulnerability Type - Unknown Product (CVE-2013-4440) - Low [59]

Description: {'vulners_cve_data_all': 'Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4440 was patched at 2024-05-15

11062. Unknown Vulnerability Type - Unknown Product (CVE-2013-4442) - Low [59]

Description: {'vulners_cve_data_all': 'Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4442 was patched at 2024-05-15

11063. Unknown Vulnerability Type - Unknown Product (CVE-2013-4550) - Low [59]

Description: {'vulners_cve_data_all': 'Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote attackers to write to other sockets and have an unspecified impact via a failed SSL handshake, a different vulnerability than CVE-2011-5268. NOTE: some sources originally mapped this CVE to two different types of issues; this CVE has since been SPLIT, producing CVE-2011-5268.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4550 was patched at 2024-05-15

11064. Unknown Vulnerability Type - Unknown Product (CVE-2013-7252) - Low [59]

Description: {'vulners_cve_data_all': 'kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7252 was patched at 2024-05-15

11065. Unknown Vulnerability Type - Unknown Product (CVE-2014-1935) - Low [59]

Description: {'vulners_cve_data_all': '9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1935 was patched at 2024-05-15

11066. Unknown Vulnerability Type - Unknown Product (CVE-2014-2093) - Low [59]

Description: {'vulners_cve_data_all': 'Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges via a Trojan horse catfish.py in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2093 was patched at 2024-05-15

11067. Unknown Vulnerability Type - Unknown Product (CVE-2014-2094) - Low [59]

Description: {'vulners_cve_data_all': 'Untrusted search path vulnerability in Catfish through 0.4.0.3, when a Fedora package such as 0.4.0.2-2 is not used, allows local users to gain privileges via a Trojan horse catfish.pyc in the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2094 was patched at 2024-05-15

11068. Unknown Vulnerability Type - Unknown Product (CVE-2014-2095) - Low [59]

Description: {'vulners_cve_data_all': 'Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, when a Fedora package such as 0.8.2-1 is not used, allows local users to gain privileges via a Trojan horse bin/catfish.pyc under the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2095 was patched at 2024-05-15

11069. Unknown Vulnerability Type - Unknown Product (CVE-2014-2096) - Low [59]

Description: {'vulners_cve_data_all': 'Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 allows local users to gain privileges via a Trojan horse bin/catfish.py under the current working directory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-2096 was patched at 2024-05-15

11070. Unknown Vulnerability Type - Unknown Product (CVE-2014-9091) - Low [59]

Description: {'vulners_cve_data_all': 'Icecast before 2.4.0 does not change the supplementary group privileges when <changeowner> is configured, which allows local users to gain privileges via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9091 was patched at 2024-05-15

11071. Unknown Vulnerability Type - Unknown Product (CVE-2014-9494) - Low [59]

Description: {'vulners_cve_data_all': 'RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9494 was patched at 2024-05-15

11072. Unknown Vulnerability Type - Unknown Product (CVE-2015-0259) - Low [59]

Description: {'vulners_cve_data_all': 'OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0259 was patched at 2024-05-15

11073. Unknown Vulnerability Type - Unknown Product (CVE-2015-1419) - Low [59]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1419 was patched at 2024-05-15

11074. Unknown Vulnerability Type - Unknown Product (CVE-2015-1840) - Low [59]

Description: {'vulners_cve_data_all': 'jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space character in a URL within an attribute value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1840 was patched at 2024-05-15

11075. Unknown Vulnerability Type - Unknown Product (CVE-2015-1865) - Low [59]

Description: {'vulners_cve_data_all': 'fts.c in coreutils 8.4 allows local users to delete arbitrary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1865 was patched at 2024-05-15

11076. Unknown Vulnerability Type - Unknown Product (CVE-2015-2687) - Low [59]

Description: {'vulners_cve_data_all': 'OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2687 was patched at 2024-05-15

11077. Unknown Vulnerability Type - Unknown Product (CVE-2015-3295) - Low [59]

Description: {'vulners_cve_data_all': 'markdown-it before 4.1.0 does not block data: URLs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-3295 was patched at 2024-05-15

11078. Unknown Vulnerability Type - Unknown Product (CVE-2015-5186) - Low [59]

Description: {'vulners_cve_data_all': 'Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5186 was patched at 2024-05-15

11079. Unknown Vulnerability Type - Unknown Product (CVE-2015-7225) - Low [59]

Description: {'vulners_cve_data_all': 'Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7225 was patched at 2024-05-15

11080. Unknown Vulnerability Type - Unknown Product (CVE-2015-7810) - Low [59]

Description: {'vulners_cve_data_all': 'libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7810 was patched at 2024-05-15

11081. Unknown Vulnerability Type - Unknown Product (CVE-2015-8140) - Low [59]

Description: {'vulners_cve_data_all': 'The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-8140 was patched at 2024-05-15

11082. Unknown Vulnerability Type - Unknown Product (CVE-2015-9019) - Low [59]

Description: {'vulners_cve_data_all': 'In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-9019 was patched at 2024-05-15

11083. Unknown Vulnerability Type - Unknown Product (CVE-2016-10099) - Low [59]

Description: {'vulners_cve_data_all': 'Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest (list of archives), potentially allowing an attacker to spoof the list of archives.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10099 was patched at 2024-05-15

11084. Unknown Vulnerability Type - Unknown Product (CVE-2016-10100) - Low [59]

Description: {'vulners_cve_data_all': 'Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10100 was patched at 2024-05-15

11085. Unknown Vulnerability Type - Unknown Product (CVE-2016-6298) - Low [59]

Description: {'vulners_cve_data_all': 'The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-6298 was patched at 2024-05-15

11086. Unknown Vulnerability Type - Unknown Product (CVE-2016-7787) - Low [59]

Description: {'vulners_cve_data_all': 'A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-7787 was patched at 2024-05-15

11087. Unknown Vulnerability Type - Unknown Product (CVE-2016-8647) - Low [59]

Description: {'vulners_cve_data_all': 'An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-8647 was patched at 2024-05-15

11088. Unknown Vulnerability Type - Unknown Product (CVE-2016-9797) - Low [59]

Description: {'vulners_cve_data_all': 'In BlueZ 5.42, a buffer over-read was observed in "l2cap_dump" function in "tools/parser/l2cap.c" source file. This issue can be triggered by processing a corrupted dump file and will result in hcidump crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9797 was patched at 2024-05-15

11089. Unknown Vulnerability Type - Unknown Product (CVE-2016-9802) - Low [59]

Description: {'vulners_cve_data_all': 'In BlueZ 5.42, a buffer over-read was identified in "l2cap_packet" function in "monitor/packet.c" source file. This issue can be triggered by processing a corrupted dump file and will result in btmon crash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9802 was patched at 2024-05-15

11090. Unknown Vulnerability Type - Unknown Product (CVE-2016-9938) - Low [59]

Description: {'vulners_cve_data_all': 'An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-9938 was patched at 2024-05-15

11091. Unknown Vulnerability Type - Unknown Product (CVE-2017-15093) - Low [59]

Description: {'vulners_cve_data_all': 'When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-15093 was patched at 2024-05-15

11092. Unknown Vulnerability Type - Unknown Product (CVE-2017-3225) - Low [59]

Description: {'vulners_cve_data_all': 'Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data. Das U-Boot's AES-CBC encryption feature uses a zero (0) initialization vector. This allows an attacker to perform dictionary attacks on encrypted data produced by Das U-Boot to learn information about the encrypted data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-3225 was patched at 2024-05-15

11093. Unknown Vulnerability Type - Unknown Product (CVE-2018-10245) - Low [59]

Description: {'vulners_cve_data_all': 'A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10245 was patched at 2024-05-15

11094. Unknown Vulnerability Type - Unknown Product (CVE-2018-1199) - Low [59]

Description: {'vulners_cve_data_all': 'Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-1199 was patched at 2024-05-15

11095. Unknown Vulnerability Type - Unknown Product (CVE-2018-12436) - Low [59]

Description: {'vulners_cve_data_all': 'wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12436 was patched at 2024-05-15

11096. Unknown Vulnerability Type - Unknown Product (CVE-2018-12437) - Low [59]

Description: {'vulners_cve_data_all': 'LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-12437 was patched at 2024-05-15

11097. Unknown Vulnerability Type - Unknown Product (CVE-2018-14636) - Low [59]

Description: {'vulners_cve_data_all': 'Live-migrated instances are briefly able to inspect traffic for other instances on the same hypervisor. This brief window could be extended indefinitely if the instance's port is set administratively down prior to live-migration and kept down after the migration is complete. This is possible due to the Open vSwitch integration bridge being connected to the instance during migration. When connected to the integration bridge, all traffic for instances using the same Open vSwitch instance would potentially be visible to the migrated guest, as the required Open vSwitch VLAN filters are only applied post-migration. Versions of openstack-neutron before 13.0.0.0b2, 12.0.3, 11.0.5 are vulnerable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-14636 was patched at 2024-05-15

11098. Unknown Vulnerability Type - Unknown Product (CVE-2018-16737) - Low [59]

Description: {'vulners_cve_data_all': 'tinc before 1.0.30 has a broken authentication protocol, without even a partial mitigation.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-16737 was patched at 2024-05-15

11099. Unknown Vulnerability Type - Unknown Product (CVE-2018-18839) - Low [59]

Description: {'vulners_cve_data_all': 'An issue was discovered in Netdata 1.10.0. Full Path Disclosure (FPD) exists via api/v1/alarms. NOTE: the vendor says "is intentional.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18839 was patched at 2024-05-15

11100. Unknown Vulnerability Type - Unknown Product (CVE-2019-10066) - Low [59]

Description: {'vulners_cve_data_all': 'An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment in order to cause execution of JavaScript in the context of OTRS.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10066 was patched at 2024-05-15

11101. Unknown Vulnerability Type - Unknown Product (CVE-2019-10067) - Low [59]

Description: {'vulners_cve_data_all': 'An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context of OTRS.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-10067 was patched at 2024-05-15

11102. Unknown Vulnerability Type - Unknown Product (CVE-2019-12953) - Low [59]

Description: {'vulners_cve_data_all': 'Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-12953 was patched at 2024-05-15

11103. Unknown Vulnerability Type - Unknown Product (CVE-2019-13628) - Low [59]

Description: {'vulners_cve_data_all': 'wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about the nonces used and potentially mount a lattice attack to recover the private key used. The issue occurs because ecc.c scalar multiplication might leak the bit length.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-13628 was patched at 2024-05-15

11104. Unknown Vulnerability Type - Unknown Product (CVE-2019-14317) - Low [59]

Description: {'vulners_cve_data_all': 'wolfSSL and wolfCrypt 4.1.0 and earlier (formerly known as CyaSSL) generate biased DSA nonces. This allows a remote attacker to compute the long term private key from several hundred DSA signatures via a lattice attack. The issue occurs because dsa.c fixes two bits of the generated nonces.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-14317 was patched at 2024-05-15

11105. Unknown Vulnerability Type - Unknown Product (CVE-2019-17420) - Low [59]

Description: {'vulners_cve_data_all': 'In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \\r\\n ending.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-17420 was patched at 2024-05-15

11106. Unknown Vulnerability Type - Unknown Product (CVE-2019-19963) - Low [59]

Description: {'vulners_cve_data_all': 'An issue was discovered in wolfSSL before 4.3.0 in a non-default configuration where DSA is enabled. DSA signing uses the BEEA algorithm during modular inversion of the nonce, leading to a side-channel attack against the nonce.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-19963 was patched at 2024-05-15

11107. Unknown Vulnerability Type - Unknown Product (CVE-2019-2391) - Low [59]

Description: {'vulners_cve_data_all': 'Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-2391 was patched at 2024-05-15

11108. Unknown Vulnerability Type - Unknown Product (CVE-2019-9751) - Low [59]

Description: {'vulners_cve_data_all': 'An issue was discovered in Open Ticket Request System (OTRS) 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-9751 was patched at 2024-05-15

11109. Unknown Vulnerability Type - Unknown Product (CVE-2020-10693) - Low [59]

Description: {'vulners_cve_data_all': 'A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-10693 was patched at 2024-05-15

11110. Unknown Vulnerability Type - Unknown Product (CVE-2020-11735) - Low [59]

Description: {'vulners_cve_data_all': 'The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use a constant-time modular inverse when mapping to affine coordinates, aka a "projective coordinates leak."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11735 was patched at 2024-05-15

11111. Unknown Vulnerability Type - Unknown Product (CVE-2020-12797) - Low [59]

Description: {'vulners_cve_data_all': 'HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-12797 was patched at 2024-05-15

11112. Unknown Vulnerability Type - Unknown Product (CVE-2020-24025) - Low [59]

Description: {'vulners_cve_data_all': 'Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24025 was patched at 2024-05-15

11113. Unknown Vulnerability Type - Unknown Product (CVE-2020-24371) - Low [59]

Description: {'vulners_cve_data_all': 'lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-24371 was patched at 2024-05-15

11114. Unknown Vulnerability Type - Unknown Product (CVE-2020-25579) - Low [59]

Description: {'vulners_cve_data_all': 'In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELEASE before p13 and 11.4-RELEASE before p7 msdosfs(5) was failing to zero-fill a pair of padding fields in the dirent structure, resulting in a leak of three uninitialized bytes.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25579 was patched at 2024-05-15

11115. Unknown Vulnerability Type - Unknown Product (CVE-2020-26232) - Low [59]

Description: {'vulners_cve_data_all': 'Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may appear safe, but ultimately redirect to a spoofed server on the public internet.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-26232 was patched at 2024-05-15

11116. Unknown Vulnerability Type - Unknown Product (CVE-2020-27740) - Low [59]

Description: {'vulners_cve_data_all': 'Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-27740 was patched at 2024-05-15

11117. Unknown Vulnerability Type - Unknown Product (CVE-2020-28361) - Low [59]

Description: {'vulners_cve_data_all': 'Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters. This occurs in the remove_hf function in the Kamailio textops module. Particular use of remove_hf in Sippy Softswitch may allow skilled attacker having a valid credential in the system to disrupt internal call start/duration accounting mechanisms leading potentially to a loss of revenue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28361 was patched at 2024-05-15

11118. Unknown Vulnerability Type - Unknown Product (CVE-2020-35911) - Low [59]

Description: {'vulners_cve_data_all': 'An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockReadGuard unsoundness.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35911 was patched at 2024-05-15

11119. Unknown Vulnerability Type - Unknown Product (CVE-2020-35912) - Low [59]

Description: {'vulners_cve_data_all': 'An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35912 was patched at 2024-05-15

11120. Unknown Vulnerability Type - Unknown Product (CVE-2020-35913) - Low [59]

Description: {'vulners_cve_data_all': 'An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockReadGuard unsoundness.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35913 was patched at 2024-05-15

11121. Unknown Vulnerability Type - Unknown Product (CVE-2020-35914) - Low [59]

Description: {'vulners_cve_data_all': 'An issue was discovered in the lock_api crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-35914 was patched at 2024-05-15

11122. Unknown Vulnerability Type - Unknown Product (CVE-2020-36191) - Low [59]

Description: {'vulners_cve_data_all': 'JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an _xsrf field, as demonstrated by a /hub/api/user request (to add or remove a user account).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-36191 was patched at 2024-05-15

11123. Unknown Vulnerability Type - Unknown Product (CVE-2020-4046) - Low [59]

Description: {'vulners_cve_data_all': 'In affected versions of WordPress, users with low privileges (like contributors and authors) can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-4046 was patched at 2024-05-15

11124. Unknown Vulnerability Type - Unknown Product (CVE-2020-7464) - Low [59]

Description: {'vulners_cve_data_all': 'In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to incorrectly report packets with more than 2048 bytes in a single USB transfer as having a length of only 2048 bytes. An adversary can exploit this to cause the driver to misinterpret part of the payload of a large packet as a separate packet, and thereby inject packets across security boundaries such as VLANs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7464 was patched at 2024-05-15

11125. Unknown Vulnerability Type - Unknown Product (CVE-2020-7695) - Low [59]

Description: {'vulners_cve_data_all': 'Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, whenever crafted input is used to construct HTTP headers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-7695 was patched at 2024-05-15

11126. Unknown Vulnerability Type - Unknown Product (CVE-2020-8189) - Low [59]

Description: {'vulners_cve_data_all': 'A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-8189 was patched at 2024-05-15

11127. Unknown Vulnerability Type - Unknown Product (CVE-2020-8516) - Low [59]

Description: {'vulners_cve_data_all': 'The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-8516 was patched at 2024-05-15

11128. Unknown Vulnerability Type - Unknown Product (CVE-2021-29488) - Low [59]

Description: {'vulners_cve_data_all': 'SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the `filesystem.renamer()` function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround, limit downloads to NZBs without PAR2 files, deny write permissions to the SABnzbd process outside areas it must access to perform its job, or update to a fixed version.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-29488 was patched at 2024-05-15

11129. Unknown Vulnerability Type - Unknown Product (CVE-2021-42778) - Low [59]

Description: {'vulners_cve_data_all': 'A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-42778 was patched at 2024-05-15

11130. Unknown Vulnerability Type - Unknown Product (CVE-2021-43177) - Low [59]

Description: {'vulners_cve_data_all': 'As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interval. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-43177 was patched at 2024-05-15

11131. Unknown Vulnerability Type - Unknown Product (CVE-2022-21670) - Low [59]

Description: {'vulners_cve_data_all': 'markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-21670 was patched at 2024-05-15

11132. Unknown Vulnerability Type - Unknown Product (CVE-2022-21694) - Low [59]

Description: {'vulners_cve_data_all': 'OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure this CSP for individual pages and therefore the security enhancement cannot be used for websites using javascript or external resources like fonts or images.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-21694 was patched at 2024-05-15

11133. Unknown Vulnerability Type - Unknown Product (CVE-2022-21695) - Low [59]

Description: {'vulners_cve_data_all': 'OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions authenticated users (or unauthenticated in public mode) can send messages without being visible in the list of chat participants. This issue has been resolved in version 2.5.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-21695 was patched at 2024-05-15

11134. Unknown Vulnerability Type - Unknown Product (CVE-2022-22968) - Low [59]

Description: {'vulners_cve_data_all': 'In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-22968 was patched at 2024-05-15

11135. Unknown Vulnerability Type - Unknown Product (CVE-2022-23467) - Low [59]

Description: {'vulners_cve_data_all': 'OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the `razer_attr_read_dpi_stages`, potentially bypassing KASLR. To exploit this vulnerability an attacker would need to access to a users keyboard or mouse or would need to convince a user to use a modified device. The issue has been patched in v3.5.1. Users are advised to upgrade and should be reminded not to plug in unknown USB devices.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-23467 was patched at 2024-05-15

11136. Unknown Vulnerability Type - Unknown Product (CVE-2022-24329) - Low [59]

Description: {'vulners_cve_data_all': 'In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24329 was patched at 2024-05-15

11137. Unknown Vulnerability Type - Unknown Product (CVE-2022-24714) - Low [59]

Description: {'vulners_cve_data_all': 'Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may still have access to a collection of content. Note that this only applies if a role has implicitly permitted access to hosts, due to permitted access to at least one of their services. If access to a host is permitted by other means, no sensible information has been disclosed to unauthorized users. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24714 was patched at 2024-05-15

11138. Unknown Vulnerability Type - Unknown Product (CVE-2022-24728) - Low [59]

Description: {'vulners_cve_data_all': 'CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-24728 was patched at 2024-05-15

11139. Unknown Vulnerability Type - Unknown Product (CVE-2022-25896) - Low [59]

Description: {'vulners_cve_data_all': 'This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-25896 was patched at 2024-05-15

11140. Unknown Vulnerability Type - Unknown Product (CVE-2022-30769) - Low [59]

Description: {'vulners_cve_data_all': 'Session fixation exists in ZoneMinder through 1.36.12 as an attacker can poison a session cookie to the next logged-in user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-30769 was patched at 2024-05-15

11141. Unknown Vulnerability Type - Unknown Product (CVE-2022-32983) - Low [59]

Description: {'vulners_cve_data_all': 'Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-32983 was patched at 2024-05-15

11142. Unknown Vulnerability Type - Unknown Product (CVE-2022-39331) - Low [59]

Description: {'vulners_cve_data_all': 'Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-39331 was patched at 2024-05-15

11143. Unknown Vulnerability Type - Unknown Product (CVE-2022-39332) - Low [59]

Description: {'vulners_cve_data_all': 'Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-39332 was patched at 2024-05-15

11144. Unknown Vulnerability Type - Unknown Product (CVE-2022-39835) - Low [59]

Description: {'vulners_cve_data_all': 'An issue was discovered in Gajim through 1.4.7. The vulnerability allows attackers, via crafted XML stanzas, to correct messages that were not sent by them. The attacker needs to be part of the group chat or single chat. The fixed version is 1.5.0.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-39835 was patched at 2024-05-15

11145. Unknown Vulnerability Type - Unknown Product (CVE-2023-22665) - Low [59]

Description: {'vulners_cve_data_all': 'There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-22665 was patched at 2024-05-15

11146. Unknown Vulnerability Type - Unknown Product (CVE-2023-31437) - Low [59]

Description: {'vulners_cve_data_all': 'An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31437 was patched at 2024-05-15

11147. Unknown Vulnerability Type - Unknown Product (CVE-2023-31438) - Low [59]

Description: {'vulners_cve_data_all': 'An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31438 was patched at 2024-05-15

11148. Unknown Vulnerability Type - Unknown Product (CVE-2023-31439) - Low [59]

Description: {'vulners_cve_data_all': 'An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security vulnerability."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-31439 was patched at 2024-05-15

11149. Unknown Vulnerability Type - Unknown Product (CVE-2023-32762) - Low [59]

Description: {'vulners_cve_data_all': 'An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-32762 was patched at 2024-05-15

11150. Unknown Vulnerability Type - Unknown Product (CVE-2023-33968) - Low [59]

Description: {'vulners_cve_data_all': 'Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not been invited or the project is personal. The vulnerable features are `Duplicate to project` and `Move to project`, which both utilize the `checkDestinationProjectValues()` function to check his values. This issue has been addressed in version 1.2.30. Users are advised to upgrade. There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-33968 was patched at 2024-05-15

11151. Unknown Vulnerability Type - Unknown Product (CVE-2023-36811) - Low [59]

Description: {'vulners_cve_data_all': 'borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an attacker to be able to: 1. insert files (with no additional headers) into backups and 2. gain write access to the repository. This vulnerability does not disclose plaintext to the attacker, nor does it affect the authenticity of existing archives. Creating plausible fake archives may be feasible for empty or small archives, but is unlikely for large archives. The issue has been fixed in borgbackup 1.2.5. Users are advised to upgrade. Additionally to installing the fixed code, users must follow the upgrade procedure as documented in the change log. Data loss after being attacked can be avoided by reviewing the archives (timestamp and contents valid and as expected) after any "borg check --repair" and before "borg prune". There are no known workarounds for this vulnerability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-36811 was patched at 2024-05-15

11152. Unknown Vulnerability Type - Unknown Product (CVE-2023-38283) - Low [59]

Description: {'vulners_cve_data_all': 'In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38283 was patched at 2024-05-15

11153. Unknown Vulnerability Type - Unknown Product (CVE-2023-38324) - Low [59]

Description: {'vulners_cve_data_all': 'An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS is configured as FAS.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38324 was patched at 2024-05-15

11154. Unknown Vulnerability Type - Unknown Product (CVE-2023-41051) - Low [59]

Description: {'vulners_cve_data_all': 'In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memory providers. An issue was discovered in the default implementations of the `VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}` trait functions, which allows out-of-bounds memory access if the `VolatileMemory::get_slice` function returns a `VolatileSlice` whose length is less than the function’s `count` argument. No implementations of `get_slice` provided in `vm_memory` are affected. Users of custom `VolatileMemory` implementations may be impacted if the custom implementation does not adhere to `get_slice`'s documentation. The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the `VolatileSlice` returned by `get_slice` is of the correct length. Users are advised to upgrade. There are no known workarounds for this issue.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-41051 was patched at 2024-05-15

11155. Unknown Vulnerability Type - Unknown Product (CVE-2023-44270) - Low [59]

Description: {'vulners_cve_data_all': 'An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-44270 was patched at 2024-05-15

11156. Unknown Vulnerability Type - Unknown Product (CVE-2023-44272) - Low [59]

Description: {'vulners_cve_data_all': 'A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-44272 was patched at 2024-05-15

11157. Unknown Vulnerability Type - Unknown Product (CVE-2023-46121) - Low [59]

Description: {'vulners_cve_data_all': 'yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp's HTTP session. This could lead to cookie exfiltration in some cases. Version 2023.11.14 removed the ability to smuggle `http_headers` to the Generic extractor, as well as other extractors that use the same pattern. Users are advised to upgrade. Users unable to upgrade should disable the Ggneric extractor (or only pass trusted sites with trusted content) and ake caution when using `--no-check-certificate`.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46121 was patched at 2024-05-15

11158. Unknown Vulnerability Type - Unknown Product (CVE-2023-49990) - Low [59]

Description: {'vulners_cve_data_all': 'Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49990 was patched at 2024-05-15

11159. Unknown Vulnerability Type - Unknown Product (CVE-2023-49991) - Low [59]

Description: {'vulners_cve_data_all': 'Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49991 was patched at 2024-05-15

11160. Unknown Vulnerability Type - Unknown Product (CVE-2023-49992) - Low [59]

Description: {'vulners_cve_data_all': 'Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49992 was patched at 2024-05-15

11161. Unknown Vulnerability Type - Unknown Product (CVE-2023-49993) - Low [59]

Description: {'vulners_cve_data_all': 'Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-49993 was patched at 2024-05-15

11162. Unknown Vulnerability Type - Unknown Product (CVE-2024-22049) - Low [59]

Description: {'vulners_cve_data_all': 'httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22049 was patched at 2024-05-15

11163. Unknown Vulnerability Type - Unknown Product (CVE-2024-22720) - Low [59]

Description: {'vulners_cve_data_all': 'Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 4.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-22720 was patched at 2024-05-15

11164. Unknown Vulnerability Type - Unknown Product (CVE-2024-26144) - Low [59]

Description: {'vulners_cve_data_all': 'Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak. The vulnerability is fixed in 7.0.8.1 and 6.1.7.7.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26144 was patched at 2024-05-15

11165. Unknown Vulnerability Type - Unknown Product (CVE-2024-32867) - Low [59]

Description: {'vulners_cve_data_all': 'Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.5 and 6.0.19, various problems in handling of fragmentation anomalies can lead to mis-detection of rules and policy. This vulnerability is fixed in 7.0.5 or 6.0.19.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.510CVSS Base Score is 5.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32867 was patched at 2024-05-15

11166. Unknown Vulnerability Type - Artifex Ghostscript (CVE-2023-52722) - Low [50]

Description: {'vulners_cve_data_all': 'An issue was discovered in Artifex Ghostscript through 10.01.0. psi/zmisc1.c, when SAFER mode is used, allows eexec seeds other than the Type 1 standard.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common0.314Artifex Ghostscript is an interpreter for the PostScript® language and PDF files
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52722 was patched at 2024-05-15

11167. Unknown Vulnerability Type - Unknown Product (CVE-2003-0596) - Low [47]

Description: {'vulners_cve_data_all': 'FDclone 2.00a, and other versions before 2.02a, creates temporary directories with predictable names and uses them if they already exist, which allows local users to read or modify files of other fdclone users by creating the directory ahead of time.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0596 was patched at 2024-05-15

11168. Unknown Vulnerability Type - Unknown Product (CVE-2004-2303) - Low [47]

Description: {'vulners_cve_data_all': 'MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2303 was patched at 2024-05-15

11169. Unknown Vulnerability Type - Unknown Product (CVE-2005-0953) - Low [47]

Description: {'vulners_cve_data_all': 'Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0953 was patched at 2024-05-15

11170. Unknown Vulnerability Type - Unknown Product (CVE-2005-0988) - Low [47]

Description: {'vulners_cve_data_all': 'Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0988 was patched at 2024-05-15

11171. Unknown Vulnerability Type - Unknown Product (CVE-2005-1039) - Low [47]

Description: {'vulners_cve_data_all': 'Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1039 was patched at 2024-05-15

11172. Unknown Vulnerability Type - Unknown Product (CVE-2005-1751) - Low [47]

Description: {'vulners_cve_data_all': 'Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1751 was patched at 2024-05-15

11173. Unknown Vulnerability Type - Unknown Product (CVE-2005-3856) - Low [47]

Description: {'vulners_cve_data_all': 'The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL field, which might allow attackers to access other sites.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3856 was patched at 2024-05-15

11174. Unknown Vulnerability Type - Unknown Product (CVE-2006-1174) - Low [47]

Description: {'vulners_cve_data_all': 'useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1174 was patched at 2024-05-15

11175. Unknown Vulnerability Type - Unknown Product (CVE-2006-2945) - Low [47]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the user profile change functionality in DokuWiki, when Access Control Lists are enabled, allows remote authenticated users to read unauthorized files via unknown attack vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2945 was patched at 2024-05-15

11176. Unknown Vulnerability Type - Unknown Product (CVE-2007-1103) - Low [47]

Description: {'vulners_cve_data_all': 'Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-1103 was patched at 2024-05-15

11177. Unknown Vulnerability Type - Unknown Product (CVE-2007-3916) - Low [47]

Description: {'vulners_cve_data_all': 'The main function in skkdic-expr.c in SKK Tools 1.2 allows local users to overwrite or delete arbitrary files via a symlink attack on a skkdic$PID temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3916 was patched at 2024-05-15

11178. Unknown Vulnerability Type - Unknown Product (CVE-2008-0165) - Low [47]

Description: {'vulners_cve_data_all': 'Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the (1) preferences and (2) edit forms.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-0165 was patched at 2024-05-15

11179. Unknown Vulnerability Type - Unknown Product (CVE-2008-3906) - Low [47]

Description: {'vulners_cve_data_all': 'CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-3906 was patched at 2024-05-15

11180. Unknown Vulnerability Type - Unknown Product (CVE-2008-4640) - Low [47]

Description: {'vulners_cve_data_all': 'The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-4640 was patched at 2024-05-15

11181. Unknown Vulnerability Type - Unknown Product (CVE-2008-5905) - Low [47]

Description: {'vulners_cve_data_all': 'The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-5905 was patched at 2024-05-15

11182. Unknown Vulnerability Type - Unknown Product (CVE-2008-7281) - Low [47]

Description: {'vulners_cve_data_all': 'Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-mail address information by reading this field.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-7281 was patched at 2024-05-15

11183. Unknown Vulnerability Type - Unknown Product (CVE-2009-1962) - Low [47]

Description: {'vulners_cve_data_all': 'Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1962 was patched at 2024-05-15

11184. Unknown Vulnerability Type - Unknown Product (CVE-2009-2945) - Low [47]

Description: {'vulners_cve_data_all': 'weblogin/login.fcgi (aka the WebLogin login script) in Stanford University WebAuth 3.5.5, 3.6.0, and 3.6.1 places passwords in URLs in certain circumstances involving conversion of a POST request to a GET request, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-2945 was patched at 2024-05-15

11185. Unknown Vulnerability Type - Unknown Product (CVE-2009-3024) - Low [47]

Description: {'vulners_cve_data_all': 'The verify_hostname_of_cert function in the certificate checking feature in IO-Socket-SSL (IO::Socket::SSL) 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3024 was patched at 2024-05-15

11186. Unknown Vulnerability Type - Unknown Product (CVE-2009-4411) - Low [47]

Description: {'vulners_cve_data_all': 'The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4411 was patched at 2024-05-15

11187. Unknown Vulnerability Type - Unknown Product (CVE-2009-5012) - Low [47]

Description: {'vulners_cve_data_all': 'ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-5012 was patched at 2024-05-15

11188. Unknown Vulnerability Type - Unknown Product (CVE-2010-0682) - Low [47]

Description: {'vulners_cve_data_all': 'WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0682 was patched at 2024-05-15

11189. Unknown Vulnerability Type - Unknown Product (CVE-2010-0825) - Low [47]

Description: {'vulners_cve_data_all': 'lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0825 was patched at 2024-05-15

11190. Unknown Vulnerability Type - Unknown Product (CVE-2010-1161) - Low [47]

Description: {'vulners_cve_data_all': 'Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.7. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-1161 was patched at 2024-05-15

11191. Unknown Vulnerability Type - Unknown Product (CVE-2010-4340) - Low [47]

Description: {'vulners_cve_data_all': 'libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4340 was patched at 2024-05-15

11192. Unknown Vulnerability Type - Unknown Product (CVE-2010-4411) - Low [47]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4411 was patched at 2024-05-15

11193. Unknown Vulnerability Type - Unknown Product (CVE-2011-1784) - Low [47]

Description: {'vulners_cve_data_all': 'The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1784 was patched at 2024-05-15

11194. Unknown Vulnerability Type - Unknown Product (CVE-2011-1934) - Low [47]

Description: {'vulners_cve_data_all': 'lilo-uuid-diskid causes lilo.conf to be world-readable in lilo 23.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1934 was patched at 2024-05-15

11195. Unknown Vulnerability Type - Unknown Product (CVE-2011-2084) - Low [47]

Description: {'vulners_cve_data_all': 'Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2084 was patched at 2024-05-15

11196. Unknown Vulnerability Type - Unknown Product (CVE-2011-2769) - Low [47]

Description: {'vulners_cve_data_all': 'Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE and CREATE_FAST values in the Command field of a cell within an OR connection that it initiated, which allows remote relays to enumerate bridges by using these values.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-2769 was patched at 2024-05-15

11197. Unknown Vulnerability Type - Unknown Product (CVE-2011-3186) - Low [47]

Description: {'vulners_cve_data_all': 'CRLF injection vulnerability in actionpack/lib/action_controller/response.rb in Ruby on Rails 2.3.x before 2.3.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the Content-Type header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3186 was patched at 2024-05-15

11198. Unknown Vulnerability Type - Unknown Product (CVE-2011-3187) - Low [47]

Description: {'vulners_cve_data_all': 'The to_s method in actionpack/lib/action_dispatch/middleware/remote_ip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address parsing via a crafted header.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3187 was patched at 2024-05-15

11199. Unknown Vulnerability Type - Unknown Product (CVE-2011-4407) - Low [47]

Description: {'vulners_cve_data_all': 'ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys for a package repository.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4407 was patched at 2024-05-15

11200. Unknown Vulnerability Type - Unknown Product (CVE-2011-4895) - Low [47]

Description: {'vulners_cve_data_all': 'Tor before 0.2.2.34, when configured as a bridge, sets up circuits through a process different from the process used by a client, which makes it easier for remote attackers to enumerate bridges by observing circuit building.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4895 was patched at 2024-05-15

11201. Unknown Vulnerability Type - Unknown Product (CVE-2011-4897) - Low [47]

Description: {'vulners_cve_data_all': 'Tor before 0.2.2.25-alpha, when configured as a relay without the Nickname configuration option, uses the local hostname as the Nickname value, which allows remote attackers to obtain potentially sensitive information by reading this value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4897 was patched at 2024-05-15

11202. Unknown Vulnerability Type - Unknown Product (CVE-2012-0808) - Low [47]

Description: {'vulners_cve_data_all': 'as31 2.3.1-4 does not seed the random number generator and generates predictable temporary file names, which makes it easier for local users to create or truncate files via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0808 was patched at 2024-05-15

11203. Unknown Vulnerability Type - Unknown Product (CVE-2012-1054) - Low [47]

Description: {'vulners_cve_data_all': 'Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3, when managing a user login file with the k5login resource type, allows local users to gain privileges via a symlink attack on .k5login.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1054 was patched at 2024-05-15

11204. Unknown Vulnerability Type - Unknown Product (CVE-2012-1095) - Low [47]

Description: {'vulners_cve_data_all': 'osc before 0.134 might allow remote OBS repository servers or package maintainers to execute arbitrary commands via a crafted (1) build log or (2) build status that contains an escape sequence for a terminal emulator.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1095 was patched at 2024-05-15

11205. Unknown Vulnerability Type - Unknown Product (CVE-2012-1419) - Low [47]

Description: {'vulners_cve_data_all': 'The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1419 was patched at 2024-05-15

11206. Unknown Vulnerability Type - Unknown Product (CVE-2012-1458) - Low [47]

Description: {'vulners_cve_data_all': 'The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1458 was patched at 2024-05-15

11207. Unknown Vulnerability Type - Unknown Product (CVE-2012-1570) - Low [47]

Description: {'vulners_cve_data_all': 'The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1570 was patched at 2024-05-15

11208. Unknown Vulnerability Type - Unknown Product (CVE-2012-3458) - Low [47]

Description: {'vulners_cve_data_all': 'Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3458 was patched at 2024-05-15

11209. Unknown Vulnerability Type - Unknown Product (CVE-2012-4413) - Low [47]

Description: {'vulners_cve_data_all': 'OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4413 was patched at 2024-05-15

11210. Unknown Vulnerability Type - Unknown Product (CVE-2012-5638) - Low [47]

Description: {'vulners_cve_data_all': 'The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-5638 was patched at 2024-05-15

11211. Unknown Vulnerability Type - Unknown Product (CVE-2012-6088) - Low [47]

Description: {'vulners_cve_data_all': 'The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6088 was patched at 2024-05-15

11212. Unknown Vulnerability Type - Unknown Product (CVE-2012-6578) - Low [47]

Description: {'vulners_cve_data_all': 'Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled with a "Sign by default" queue configuration, uses a queue's key for signing, which might allow remote attackers to spoof messages by leveraging the lack of authentication semantics.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6578 was patched at 2024-05-15

11213. Unknown Vulnerability Type - Unknown Product (CVE-2012-6580) - Low [47]

Description: {'vulners_cve_data_all': 'Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, does not ensure that the UI labels unencrypted messages as unencrypted, which might make it easier for remote attackers to spoof details of a message's origin or interfere with encryption-policy auditing via an e-mail message to a queue's address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6580 was patched at 2024-05-15

11214. Unknown Vulnerability Type - Unknown Product (CVE-2012-6581) - Low [47]

Description: {'vulners_cve_data_all': 'Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6581 was patched at 2024-05-15

11215. Unknown Vulnerability Type - Unknown Product (CVE-2013-0289) - Low [47]

Description: {'vulners_cve_data_all': 'Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0289 was patched at 2024-05-15

11216. Unknown Vulnerability Type - Unknown Product (CVE-2013-0296) - Low [47]

Description: {'vulners_cve_data_all': 'Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0296 was patched at 2024-05-15

11217. Unknown Vulnerability Type - Unknown Product (CVE-2013-0342) - Low [47]

Description: {'vulners_cve_data_all': 'The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-0342 was patched at 2024-05-15

11218. Unknown Vulnerability Type - Unknown Product (CVE-2013-1766) - Low [47]

Description: {'vulners_cve_data_all': 'libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1766 was patched at 2024-05-15

11219. Unknown Vulnerability Type - Unknown Product (CVE-2013-1841) - Low [47]

Description: {'vulners_cve_data_all': 'Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the hostname parameter.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1841 was patched at 2024-05-15

11220. Unknown Vulnerability Type - Unknown Product (CVE-2013-2035) - Low [47]

Description: {'vulners_cve_data_all': 'Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2035 was patched at 2024-05-15

11221. Unknown Vulnerability Type - Unknown Product (CVE-2013-2073) - Low [47]

Description: {'vulners_cve_data_all': 'Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2073 was patched at 2024-05-15

11222. Unknown Vulnerability Type - Unknown Product (CVE-2013-2275) - Low [47]

Description: {'vulners_cve_data_all': 'The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows remote authenticated nodes to submit reports for other nodes via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2275 was patched at 2024-05-15

11223. Unknown Vulnerability Type - Unknown Product (CVE-2013-4136) - Low [47]

Description: {'vulners_cve_data_all': 'ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a directory with a predictable name in /tmp/.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4136 was patched at 2024-05-15

11224. Unknown Vulnerability Type - Unknown Product (CVE-2013-4488) - Low [47]

Description: {'vulners_cve_data_all': 'libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4488 was patched at 2024-05-15

11225. Unknown Vulnerability Type - Unknown Product (CVE-2013-7110) - Low [47]

Description: {'vulners_cve_data_all': 'Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7110 was patched at 2024-05-15

11226. Unknown Vulnerability Type - Unknown Product (CVE-2013-7397) - Low [47]

Description: {'vulners_cve_data_all': 'Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7397 was patched at 2024-05-15

11227. Unknown Vulnerability Type - Unknown Product (CVE-2014-0006) - Low [47]

Description: {'vulners_cve_data_all': 'The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0006 was patched at 2024-05-15

11228. Unknown Vulnerability Type - Unknown Product (CVE-2014-0028) - Low [47]

Description: {'vulners_cve_data_all': 'libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0028 was patched at 2024-05-15

11229. Unknown Vulnerability Type - Unknown Product (CVE-2014-1682) - Low [47]

Description: {'vulners_cve_data_all': 'The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1682 was patched at 2024-05-15

11230. Unknown Vulnerability Type - Unknown Product (CVE-2014-1839) - Low [47]

Description: {'vulners_cve_data_all': 'The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1839 was patched at 2024-05-15

11231. Unknown Vulnerability Type - Unknown Product (CVE-2014-7202) - Low [47]

Description: {'vulners_cve_data_all': 'stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-7202 was patched at 2024-05-15

11232. Unknown Vulnerability Type - Unknown Product (CVE-2014-7203) - Low [47]

Description: {'vulners_cve_data_all': 'libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-7203 was patched at 2024-05-15

11233. Unknown Vulnerability Type - Unknown Product (CVE-2015-0881) - Low [47]

Description: {'vulners_cve_data_all': 'CRLF injection vulnerability in Squid before 3.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted header in a response.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0881 was patched at 2024-05-15

11234. Unknown Vulnerability Type - Unknown Product (CVE-2015-1194) - Low [47]

Description: {'vulners_cve_data_all': 'pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1194 was patched at 2024-05-15

11235. Unknown Vulnerability Type - Unknown Product (CVE-2015-3164) - Low [47]

Description: {'vulners_cve_data_all': 'The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-3164 was patched at 2024-05-15

11236. Unknown Vulnerability Type - Unknown Product (CVE-2015-3646) - Low [47]

Description: {'vulners_cve_data_all': 'OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-3646 was patched at 2024-05-15

11237. Unknown Vulnerability Type - Unknown Product (CVE-2015-4155) - Low [47]

Description: {'vulners_cve_data_all': 'GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-4155 was patched at 2024-05-15

11238. Unknown Vulnerability Type - Unknown Product (CVE-2015-4156) - Low [47]

Description: {'vulners_cve_data_all': 'GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-4156 was patched at 2024-05-15

11239. Unknown Vulnerability Type - Unknown Product (CVE-2015-5245) - Low [47]

Description: {'vulners_cve_data_all': 'CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-5245 was patched at 2024-05-15

11240. Unknown Vulnerability Type - Unknown Product (CVE-2016-1000236) - Low [47]

Description: {'vulners_cve_data_all': 'Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1000236 was patched at 2024-05-15

11241. Unknown Vulnerability Type - Unknown Product (CVE-2016-4911) - Low [47]

Description: {'vulners_cve_data_all': 'The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x before 9.0.1 (mitaka) allows remote authenticated users to prevent revocation of a chain of tokens and bypass intended access restrictions by rescoping a token.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-4911 was patched at 2024-05-15

11242. Unknown Vulnerability Type - Unknown Product (CVE-2018-10198) - Low [47]

Description: {'vulners_cve_data_all': 'An issue was discovered in OTRS 6.0.x before 6.0.7. An attacker who is logged into OTRS as a customer can use the ticket overview screen to disclose internal article information of their customer tickets.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-10198 was patched at 2024-05-15

11243. Unknown Vulnerability Type - Unknown Product (CVE-2018-18655) - Low [47]

Description: {'vulners_cve_data_all': 'Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-18655 was patched at 2024-05-15

11244. Unknown Vulnerability Type - Unknown Product (CVE-2020-1738) - Low [47]

Description: {'vulners_cve_data_all': 'A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 3.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-1738 was patched at 2024-05-15

11245. Unknown Vulnerability Type - Unknown Product (CVE-2020-17482) - Low [47]

Description: {'vulners_cve_data_all': 'An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-17482 was patched at 2024-05-15

11246. Unknown Vulnerability Type - Unknown Product (CVE-2020-28200) - Low [47]

Description: {'vulners_cve_data_all': 'The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-28200 was patched at 2024-05-15

11247. Unknown Vulnerability Type - Unknown Product (CVE-2020-5255) - Low [47]

Description: {'vulners_cve_data_all': 'In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response&#39;s content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-5255 was patched at 2024-05-15

11248. Unknown Vulnerability Type - Unknown Product (CVE-2021-20229) - Low [47]

Description: {'vulners_cve_data_all': 'A flaw was found in PostgreSQL in versions before 13.2. This flaw allows a user with SELECT privilege on one column to craft a special query that returns all columns of the table. The highest threat from this vulnerability is to confidentiality.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-20229 was patched at 2024-05-15

11249. Unknown Vulnerability Type - Unknown Product (CVE-2021-27019) - Low [47]

Description: {'vulners_cve_data_all': 'PuppetDB logging included potentially sensitive system information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-27019 was patched at 2024-05-15

11250. Unknown Vulnerability Type - Unknown Product (CVE-2021-32056) - Low [47]

Description: {'vulners_cve_data_all': 'Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-32056 was patched at 2024-05-15

11251. Unknown Vulnerability Type - Unknown Product (CVE-2021-33586) - Low [47]

Description: {'vulners_cve_data_all': 'InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-33586 was patched at 2024-05-15

11252. Unknown Vulnerability Type - Unknown Product (CVE-2022-0338) - Low [47]

Description: {'vulners_cve_data_all': 'Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3.\n\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-0338 was patched at 2024-05-15

11253. Unknown Vulnerability Type - Unknown Product (CVE-2022-21691) - Low [47]

Description: {'vulners_cve_data_all': 'OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions chat participants can spoof their channel leave message, tricking others into assuming they left the chatroom.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-21691 was patched at 2024-05-15

11254. Unknown Vulnerability Type - Unknown Product (CVE-2022-21692) - Low [47]

Description: {'vulners_cve_data_all': 'OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions anyone with access to the chat environment can write messages disguised as another chat participant.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-21692 was patched at 2024-05-15

11255. Unknown Vulnerability Type - Unknown Product (CVE-2022-21696) - Low [47]

Description: {'vulners_cve_data_all': 'OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at the end of the name string. An adversary with access to the chat environment can use the rename feature to impersonate other participants by adding whitespace characters at the end of the username.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-21696 was patched at 2024-05-15

11256. Unknown Vulnerability Type - Unknown Product (CVE-2022-2582) - Low [47]

Description: {'vulners_cve_data_all': 'The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-2582 was patched at 2024-05-15

11257. Unknown Vulnerability Type - Unknown Product (CVE-2022-4245) - Low [47]

Description: {'vulners_cve_data_all': 'A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.410CVSS Base Score is 4.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-4245 was patched at 2024-05-15

11258. Unknown Vulnerability Type - Unknown Product (CVE-2004-0180) - Low [35]

Description: {'vulners_cve_data_all': 'The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0180 was patched at 2024-05-15

11259. Unknown Vulnerability Type - Unknown Product (CVE-2005-0626) - Low [35]

Description: {'vulners_cve_data_all': 'Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0626 was patched at 2024-05-15

11260. Unknown Vulnerability Type - Unknown Product (CVE-2006-2366) - Low [35]

Description: {'vulners_cve_data_all': 'ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2366 was patched at 2024-05-15

11261. Unknown Vulnerability Type - Unknown Product (CVE-2006-2920) - Low [35]

Description: {'vulners_cve_data_all': 'Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-2920 was patched at 2024-05-15

11262. Unknown Vulnerability Type - Unknown Product (CVE-2006-4570) - Low [35]

Description: {'vulners_cve_data_all': 'Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4570 was patched at 2024-05-15

11263. Unknown Vulnerability Type - Unknown Product (CVE-2006-4624) - Low [35]

Description: {'vulners_cve_data_all': 'CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-4624 was patched at 2024-05-15

11264. Unknown Vulnerability Type - Unknown Product (CVE-2008-1569) - Low [35]

Description: {'vulners_cve_data_all': 'policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-1569 was patched at 2024-05-15

11265. Unknown Vulnerability Type - Unknown Product (CVE-2009-3614) - Low [35]

Description: {'vulners_cve_data_all': 'liboping 1.3.2 allows users reading arbitrary files upon the local system.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-3614 was patched at 2024-05-15

11266. Unknown Vulnerability Type - Unknown Product (CVE-2009-4193) - Low [35]

Description: {'vulners_cve_data_all': 'Merkaartor 0.14 allows local users to append data to arbitrary files via a symlink attack on the /tmp/merkaartor.log temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4193 was patched at 2024-05-15

11267. Unknown Vulnerability Type - Unknown Product (CVE-2009-4664) - Low [35]

Description: {'vulners_cve_data_all': 'Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-4664 was patched at 2024-05-15

11268. Unknown Vulnerability Type - Unknown Product (CVE-2010-0789) - Low [35]

Description: {'vulners_cve_data_all': 'fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-0789 was patched at 2024-05-15

11269. Unknown Vulnerability Type - Unknown Product (CVE-2010-3779) - Low [35]

Description: {'vulners_cve_data_all': 'Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-3779 was patched at 2024-05-15

11270. Unknown Vulnerability Type - Unknown Product (CVE-2010-4760) - Low [35]

Description: {'vulners_cve_data_all': 'Open Ticket Request System (OTRS) before 3.0.0-beta6 adds email-notification-ext articles to tickets during processing of event-based notifications, which allows remote authenticated users to obtain potentially sensitive information by reading a ticket.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4760 was patched at 2024-05-15

11271. Unknown Vulnerability Type - Unknown Product (CVE-2011-1031) - Low [35]

Description: {'vulners_cve_data_all': 'The feh_unique_filename function in utils.c in feh 1.11.2 and earlier might allow local users to create arbitrary files via a symlink attack on a /tmp/feh_ temporary file, a different vulnerability than CVE-2011-0702.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1031 was patched at 2024-05-15

11272. Unknown Vulnerability Type - Unknown Product (CVE-2011-1681) - Low [35]

Description: {'vulners_cve_data_all': 'vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-1681 was patched at 2024-05-15

11273. Unknown Vulnerability Type - Unknown Product (CVE-2011-3872) - Low [35]

Description: {'vulners_cve_data_all': 'Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-3872 was patched at 2024-05-15

11274. Unknown Vulnerability Type - Unknown Product (CVE-2012-1174) - Low [35]

Description: {'vulners_cve_data_all': 'The rm_rf_children function in util.c in the systemd-logind login manager in systemd before 44, when logging out, allows local users to delete arbitrary files via a symlink attack on unspecified files, related to "particular records related with user session."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-1174 was patched at 2024-05-15

11275. Unknown Vulnerability Type - Unknown Product (CVE-2012-3408) - Low [35]

Description: {'vulners_cve_data_all': 'lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3408 was patched at 2024-05-15

11276. Unknown Vulnerability Type - Unknown Product (CVE-2012-4454) - Low [35]

Description: {'vulners_cve_data_all': 'openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-4454 was patched at 2024-05-15

11277. Unknown Vulnerability Type - Unknown Product (CVE-2013-1840) - Low [35]

Description: {'vulners_cve_data_all': 'The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1840 was patched at 2024-05-15

11278. Unknown Vulnerability Type - Unknown Product (CVE-2013-2037) - Low [35]

Description: {'vulners_cve_data_all': 'httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.6. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2037 was patched at 2024-05-15

11279. Unknown Vulnerability Type - Unknown Product (CVE-2013-4392) - Low [35]

Description: {'vulners_cve_data_all': 'systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4392 was patched at 2024-05-15

11280. Unknown Vulnerability Type - Unknown Product (CVE-2014-0405) - Low [35]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0407.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0405 was patched at 2024-05-15

11281. Unknown Vulnerability Type - Unknown Product (CVE-2015-7758) - Low [35]

Description: {'vulners_cve_data_all': 'Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot file that uses the name of an existing file and a (1) .aux, (2) .log, (3) .out, (4) .pdf, or (5) .toc extension for the file name, as demonstrated by .thesis.tex.aux.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-7758 was patched at 2024-05-15

11282. Unknown Vulnerability Type - Unknown Product (CVE-2016-10118) - Low [35]

Description: {'vulners_cve_data_all': 'Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-10118 was patched at 2024-05-15

11283. Unknown Vulnerability Type - Unknown Product (CVE-2017-1086) - Low [35]

Description: {'vulners_cve_data_all': 'In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, 10.4-STABLE, 10.4-RELEASE-p3, and 10.3-RELEASE-p24, not all information in the struct ptrace_lwpinfo is relevant for the state of any thread, and the kernel does not fill the irrelevant bytes or short strings. Since the structure filled by the kernel is allocated on the kernel stack and copied to userspace, a leak of information of the kernel stack of the thread is possible from the debugger. As a result, some bytes from the kernel stack of the thread using ptrace (PT_LWPINFO) call can be observed in userspace.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-1086 was patched at 2024-05-15

debian: CVE-2017-10868 was patched at 2024-05-15

debian: CVE-2017-10869 was patched at 2024-05-15

11284. Unknown Vulnerability Type - Unknown Product (CVE-2017-8418) - Low [35]

Description: {'vulners_cve_data_all': 'RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing local users to exploit this to tamper with cache files belonging to other users.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-8418 was patched at 2024-05-15

11285. Unknown Vulnerability Type - Unknown Product (CVE-2017-9271) - Low [35]

Description: {'vulners_cve_data_all': 'The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2017-9271 was patched at 2024-05-15

11286. Unknown Vulnerability Type - Unknown Product (CVE-2018-25022) - Low [35]

Description: {'vulners_cve_data_all': 'The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address (when knowing only their Tox Id) by positioning themselves close to target's Tox Id in the DHT for the target to establish an onion connection with the attacker, guessing the target's DHT public key and creating a DHT node with public key close to it, and finally onion-routing a NAT Ping Request to the target, requesting it to ping the just created DHT node.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2018-25022 was patched at 2024-05-15

11287. Unknown Vulnerability Type - Unknown Product (CVE-2019-15875) - Low [35]

Description: {'vulners_cve_data_all': 'In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r354735, and 11.3-RELEASE before 11.3-RELEASE-p6, due to incorrect initialization of a stack data structure, core dump files may contain up to 20 bytes of kernel data previously stored on the stack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2019-15875 was patched at 2024-05-15

11288. Unknown Vulnerability Type - Unknown Product (CVE-2020-11054) - Low [35]

Description: {'vulners_cve_data_all': 'In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green (colors.statusbar.url.success_https). While the user already has seen a certificate error prompt at this point (or set content.ssl_strict to false, which is not recommended), this could still provide a false sense of security. This has been fixed in 1.11.1 and 1.12.0. All versions of qutebrowser are believed to be affected, though versions before v0.11.x couldn't be tested. Backported patches for older versions (greater than or equal to 1.4.0 and less than or equal to 1.10.2) are available, but no further releases are planned.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.5. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11054 was patched at 2024-05-15

11289. Unknown Vulnerability Type - Unknown Product (CVE-2020-11867) - Low [35]

Description: {'vulners_cve_data_all': 'Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-11867 was patched at 2024-05-15

11290. Unknown Vulnerability Type - Unknown Product (CVE-2020-12755) - Low [35]

Description: {'vulners_cve_data_all': 'fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2020-12755 was patched at 2024-05-15

11291. Unknown Vulnerability Type - Unknown Product (CVE-2021-25743) - Low [35]

Description: {'vulners_cve_data_all': 'kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.0. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2021-25743 was patched at 2024-05-15

11292. Unknown Vulnerability Type - Unknown Product (CVE-2022-3219) - Low [35]

Description: {'vulners_cve_data_all': 'GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-3219 was patched at 2024-05-15

11293. Unknown Vulnerability Type - Unknown Product (CVE-2022-42336) - Low [35]

Description: {'vulners_cve_data_all': 'Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, as the setting is shared between threads. Logic was introduced to keep track of how many threads require SSBD active in order to coordinate it, such logic relies on using a per-core counter of threads that have SSBD active. When running on the mentioned hardware, it's possible for a guest to under or overflow the thread counter, because each write to VIRT_SPEC_CTRL.SSBD by the guest gets propagated to the helper that does the per-core active accounting. Underflowing the counter causes the value to get saturated, and thus attempts for guests running on the same core to set SSBD won't have effect because the hypervisor assumes it's already active.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2022-42336 was patched at 2024-05-15

11294. Unknown Vulnerability Type - Unknown Product (CVE-2023-2961) - Low [35]

Description: {'vulners_cve_data_all': 'A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-2961 was patched at 2024-05-15

11295. Unknown Vulnerability Type - Unknown Product (CVE-2023-34321) - Low [35]

Description: {'vulners_cve_data_all': 'Arm provides multiple helpers to clean & invalidate the cache\nfor a given region. This is, for instance, used when allocating\nguest memory to ensure any writes (such as the ones during scrubbing)\nhave reached memory before handing over the page to a guest.\n\nUnfortunately, the arithmetics in the helpers can overflow and would\nthen result to skip the cache cleaning/invalidation. Therefore there\nis no guarantee when all the writes will reach the memory.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34321 was patched at 2024-05-15

11296. Unknown Vulnerability Type - Unknown Product (CVE-2023-46837) - Low [35]

Description: {'vulners_cve_data_all': 'Arm provides multiple helpers to clean & invalidate the cache\nfor a given region. This is, for instance, used when allocating\nguest memory to ensure any writes (such as the ones during scrubbing)\nhave reached memory before handing over the page to a guest.\n\nUnfortunately, the arithmetics in the helpers can overflow and would\nthen result to skip the cache cleaning/invalidation. Therefore there\nis no guarantee when all the writes will reach the memory.\n\nThis undefined behavior was meant to be addressed by XSA-437, but the\napproach was not sufficient.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.3. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46837 was patched at 2024-05-15

11297. Unknown Vulnerability Type - Unknown Product (CVE-2024-2313) - Low [35]

Description: {'vulners_cve_data_all': 'If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-2313 was patched at 2024-05-15

11298. Unknown Vulnerability Type - Unknown Product (CVE-2024-2314) - Low [35]

Description: {'vulners_cve_data_all': 'If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 2.8. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-2314 was patched at 2024-05-15

11299. Unknown Vulnerability Type - Unknown Product (CVE-2024-4317) - Low [35]

Description: {'vulners_cve_data_all': 'Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until they follow the instructions in the release notes. Within major versions 14-16, minor versions before PostgreSQL 16.3, 15.7, and 14.12 are affected. Versions before PostgreSQL 14 are unaffected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.310CVSS Base Score is 3.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2024-4317 was patched at 2024-05-15

redos: CVE-2024-4317 was patched at 2024-06-07

ubuntu: CVE-2024-4317 was patched at 2024-05-30

11300. Unknown Vulnerability Type - Unknown Product (CVE-1999-1332) - Low [23]

Description: {'vulners_cve_data_all': 'gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-1999-1332 was patched at 2024-05-15

11301. Unknown Vulnerability Type - Unknown Product (CVE-2002-0875) - Low [23]

Description: {'vulners_cve_data_all': 'Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-0875 was patched at 2024-05-15

11302. Unknown Vulnerability Type - Unknown Product (CVE-2002-1392) - Low [23]

Description: {'vulners_cve_data_all': 'faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1392 was patched at 2024-05-15

11303. Unknown Vulnerability Type - Unknown Product (CVE-2002-1395) - Low [23]

Description: {'vulners_cve_data_all': 'Internet Message (IM) 141-18 and earlier uses predictable file and directory names, which allows local users to (1) obtain unauthorized directory permissions via a temporary directory used by impwagent, and (2) overwrite and create arbitrary files via immknmz.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1395 was patched at 2024-05-15

11304. Unknown Vulnerability Type - Unknown Product (CVE-2002-1956) - Low [23]

Description: {'vulners_cve_data_all': 'ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, which allows local users to write to arbitrary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2002-1956 was patched at 2024-05-15

11305. Unknown Vulnerability Type - Unknown Product (CVE-2003-0854) - Low [23]

Description: {'vulners_cve_data_all': 'ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2003-0854 was patched at 2024-05-15

11306. Unknown Vulnerability Type - Unknown Product (CVE-2004-0231) - Low [23]

Description: {'vulners_cve_data_all': 'Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0231 was patched at 2024-05-15

11307. Unknown Vulnerability Type - Unknown Product (CVE-2004-0881) - Low [23]

Description: {'vulners_cve_data_all': 'getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0881 was patched at 2024-05-15

11308. Unknown Vulnerability Type - Unknown Product (CVE-2004-0923) - Low [23]

Description: {'vulners_cve_data_all': 'CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0923 was patched at 2024-05-15

11309. Unknown Vulnerability Type - Unknown Product (CVE-2004-0966) - Low [23]

Description: {'vulners_cve_data_all': 'The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0966 was patched at 2024-05-15

11310. Unknown Vulnerability Type - Unknown Product (CVE-2004-0969) - Low [23]

Description: {'vulners_cve_data_all': 'The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0969 was patched at 2024-05-15

11311. Unknown Vulnerability Type - Unknown Product (CVE-2004-0970) - Low [23]

Description: {'vulners_cve_data_all': 'The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0970 was patched at 2024-05-15

11312. Unknown Vulnerability Type - Unknown Product (CVE-2004-0974) - Low [23]

Description: {'vulners_cve_data_all': 'The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-0974 was patched at 2024-05-15

11313. Unknown Vulnerability Type - Unknown Product (CVE-2004-1000) - Low [23]

Description: {'vulners_cve_data_all': 'lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1000 was patched at 2024-05-15

11314. Unknown Vulnerability Type - Unknown Product (CVE-2004-1268) - Low [23]

Description: {'vulners_cve_data_all': 'lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1268 was patched at 2024-05-15

11315. Unknown Vulnerability Type - Unknown Product (CVE-2004-1270) - Low [23]

Description: {'vulners_cve_data_all': 'lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1270 was patched at 2024-05-15

11316. Unknown Vulnerability Type - Unknown Product (CVE-2004-1438) - Low [23]

Description: {'vulners_cve_data_all': 'The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1438 was patched at 2024-05-15

11317. Unknown Vulnerability Type - Unknown Product (CVE-2004-1834) - Low [23]

Description: {'vulners_cve_data_all': 'mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-1834 was patched at 2024-05-15

11318. Unknown Vulnerability Type - Unknown Product (CVE-2004-2440) - Low [23]

Description: {'vulners_cve_data_all': 'Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlier allows local users to obtain proxy credentials (username or password) of other users.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2440 was patched at 2024-05-15

11319. Unknown Vulnerability Type - Unknown Product (CVE-2004-2459) - Low [23]

Description: {'vulners_cve_data_all': 'Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2004-2459 was patched at 2024-05-15

11320. Unknown Vulnerability Type - Unknown Product (CVE-2005-0624) - Low [23]

Description: {'vulners_cve_data_all': 'reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0624 was patched at 2024-05-15

11321. Unknown Vulnerability Type - Unknown Product (CVE-2005-0625) - Low [23]

Description: {'vulners_cve_data_all': 'reportbug 3.2 includes settings from .reportbugrc in bug reports, which exposes sensitive information such as smtpuser and smtppasswd.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-0625 was patched at 2024-05-15

11322. Unknown Vulnerability Type - Unknown Product (CVE-2005-1856) - Low [23]

Description: {'vulners_cve_data_all': 'The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1856 was patched at 2024-05-15

11323. Unknown Vulnerability Type - Unknown Product (CVE-2005-2660) - Low [23]

Description: {'vulners_cve_data_all': 'apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2660 was patched at 2024-05-15

11324. Unknown Vulnerability Type - Unknown Product (CVE-2005-2945) - Low [23]

Description: {'vulners_cve_data_all': 'arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2945 was patched at 2024-05-15

11325. Unknown Vulnerability Type - Unknown Product (CVE-2005-2962) - Low [23]

Description: {'vulners_cve_data_all': 'The post-installation script for ntlmaps before 0.9.9 sets world-readable permissions for the configuration file, which allows local users to obtain the username and password.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2962 was patched at 2024-05-15

11326. Unknown Vulnerability Type - Unknown Product (CVE-2005-2977) - Low [23]

Description: {'vulners_cve_data_all': 'The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2977 was patched at 2024-05-15

11327. Unknown Vulnerability Type - Unknown Product (CVE-2005-3111) - Low [23]

Description: {'vulners_cve_data_all': 'The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3111 was patched at 2024-05-15

11328. Unknown Vulnerability Type - Unknown Product (CVE-2005-3121) - Low [23]

Description: {'vulners_cve_data_all': 'A rule file in module-assistant before 0.9.10 causes a temporary file to be created insecurely, which allows local users to conduct unauthorized operations.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3121 was patched at 2024-05-15

11329. Unknown Vulnerability Type - Unknown Product (CVE-2005-3146) - Low [23]

Description: {'vulners_cve_data_all': 'StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3146 was patched at 2024-05-15

11330. Unknown Vulnerability Type - Unknown Product (CVE-2005-3531) - Low [23]

Description: {'vulners_cve_data_all': 'fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain special characters.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-3531 was patched at 2024-05-15

11331. Unknown Vulnerability Type - Unknown Product (CVE-2006-1844) - Low [23]

Description: {'vulners_cve_data_all': 'The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-1844 was patched at 2024-05-15

11332. Unknown Vulnerability Type - Unknown Product (CVE-2006-5461) - Low [23]

Description: {'vulners_cve_data_all': 'Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5461 was patched at 2024-05-15

11333. Unknown Vulnerability Type - Unknown Product (CVE-2006-6614) - Low [23]

Description: {'vulners_cve_data_all': 'The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-6614 was patched at 2024-05-15

11334. Unknown Vulnerability Type - Unknown Product (CVE-2006-7162) - Low [23]

Description: {'vulners_cve_data_all': 'PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs created by putty, which allows local users to gain sensitive information by reading these files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-7162 was patched at 2024-05-15

11335. Unknown Vulnerability Type - Unknown Product (CVE-2007-3024) - Low [23]

Description: {'vulners_cve_data_all': 'libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-3024 was patched at 2024-05-15

11336. Unknown Vulnerability Type - Unknown Product (CVE-2007-5751) - Low [23]

Description: {'vulners_cve_data_all': 'Liferea before 1.4.6 uses weak permissions (0644) for the feedlist.opml backup file, which allows local users to obtain credentials.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-5751 was patched at 2024-05-15

11337. Unknown Vulnerability Type - Unknown Product (CVE-2007-6210) - Low [23]

Description: {'vulners_cve_data_all': 'zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2007-6210 was patched at 2024-05-15

11338. Unknown Vulnerability Type - Unknown Product (CVE-2008-6756) - Low [23]

Description: {'vulners_cve_data_all': 'ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2008-6756 was patched at 2024-05-15

11339. Unknown Vulnerability Type - Unknown Product (CVE-2009-0368) - Low [23]

Description: {'vulners_cve_data_all': 'OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-0368 was patched at 2024-05-15

11340. Unknown Vulnerability Type - Unknown Product (CVE-2009-1296) - Low [23]

Description: {'vulners_cve_data_all': 'The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files are only readable by root.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1296 was patched at 2024-05-15

11341. Unknown Vulnerability Type - Unknown Product (CVE-2009-1756) - Low [23]

Description: {'vulners_cve_data_all': 'SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2009-1756 was patched at 2024-05-15

11342. Unknown Vulnerability Type - Unknown Product (CVE-2010-2058) - Low [23]

Description: {'vulners_cve_data_all': 'setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-2058 was patched at 2024-05-15

11343. Unknown Vulnerability Type - Unknown Product (CVE-2010-4758) - Low [23]

Description: {'vulners_cve_data_all': 'installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an Inbound Mail Password field that uses the text type, instead of the password type, for its INPUT element, which makes it easier for physically proximate attackers to obtain the password by reading the workstation screen.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-4758 was patched at 2024-05-15

11344. Unknown Vulnerability Type - Unknown Product (CVE-2010-5297) - Low [23]

Description: {'vulners_cve_data_all': 'WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2010-5297 was patched at 2024-05-15

11345. Unknown Vulnerability Type - Unknown Product (CVE-2011-4105) - Low [23]

Description: {'vulners_cve_data_all': 'LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4105 was patched at 2024-05-15

11346. Unknown Vulnerability Type - Unknown Product (CVE-2011-4607) - Low [23]

Description: {'vulners_cve_data_all': 'PuTTY 0.59 through 0.61 does not clear sensitive process memory when managing user replies that occur during keyboard-interactive authentication, which might allow local users to read login passwords by obtaining access to the process' memory.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2011-4607 was patched at 2024-05-15

11347. Unknown Vulnerability Type - Unknown Product (CVE-2012-0813) - Low [23]

Description: {'vulners_cve_data_all': 'Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-0813 was patched at 2024-05-15

11348. Unknown Vulnerability Type - Unknown Product (CVE-2012-3866) - Low [23]

Description: {'vulners_cve_data_all': 'lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3866 was patched at 2024-05-15

11349. Unknown Vulnerability Type - Unknown Product (CVE-2012-6110) - Low [23]

Description: {'vulners_cve_data_all': 'bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-6110 was patched at 2024-05-15

11350. Unknown Vulnerability Type - Unknown Product (CVE-2013-4259) - Low [23]

Description: {'vulners_cve_data_all': 'runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4259 was patched at 2024-05-15

11351. Unknown Vulnerability Type - Unknown Product (CVE-2013-4262) - Low [23]

Description: {'vulners_cve_data_all': 'svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-2013-7393.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4262 was patched at 2024-05-15

11352. Unknown Vulnerability Type - Unknown Product (CVE-2013-4354) - Low [23]

Description: {'vulners_cve_data_all': 'The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4354 was patched at 2024-05-15

11353. Unknown Vulnerability Type - Unknown Product (CVE-2013-4577) - Low [23]

Description: {'vulners_cve_data_all': 'A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-4577 was patched at 2024-05-15

11354. Unknown Vulnerability Type - Unknown Product (CVE-2013-7393) - Low [23]

Description: {'vulners_cve_data_all': 'The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions (ADT3).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-7393 was patched at 2024-05-15

11355. Unknown Vulnerability Type - Unknown Product (CVE-2014-0056) - Low [23]

Description: {'vulners_cve_data_all': 'The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not check the tenant id when creating ports, which allows remote authenticated users to plug ports into the routers of arbitrary tenants via the device id in a port-create command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0056 was patched at 2024-05-15

11356. Unknown Vulnerability Type - Unknown Product (CVE-2014-0164) - Low [23]

Description: {'vulners_cve_data_all': 'openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-0164 was patched at 2024-05-15

11357. Unknown Vulnerability Type - Unknown Product (CVE-2014-1831) - Low [23]

Description: {'vulners_cve_data_all': 'Phusion Passenger before 4.0.37 allows local users to write to certain files and directories via a symlink attack on (1) control_process.pid or a (2) generation-* file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-1831 was patched at 2024-05-15

11358. Unknown Vulnerability Type - Unknown Product (CVE-2014-3956) - Low [23]

Description: {'vulners_cve_data_all': 'The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access unintended high-numbered file descriptors via a custom mail-delivery program.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 1.9. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-3956 was patched at 2024-05-15

11359. Unknown Vulnerability Type - Unknown Product (CVE-2014-5247) - Low [23]

Description: {'vulners_cve_data_all': 'The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, which allows local users to obtain SSL keys, remote API credentials, and other sensitive information by reading the file, related to the upgrade command.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5247 was patched at 2024-05-15

11360. Unknown Vulnerability Type - Unknown Product (CVE-2015-1426) - Low [23]

Description: {'vulners_cve_data_all': 'Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.1. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2015-1426 was patched at 2024-05-15

11361. Unknown Vulnerability Type - Unknown Product (CVE-2016-1000002) - Low [23]

Description: {'vulners_cve_data_all': 'gdm3 3.14.2 and possibly later has an information leak before screen lock', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.210CVSS Base Score is 2.4. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2016-1000002 was patched at 2024-05-15

11362. Unknown Vulnerability Type - Unknown Product (CVE-2005-1759) - Low [11]

Description: {'vulners_cve_data_all': 'Race condition in shtool 2.0.1 and earlier allows local users to modify or create arbitrary files via a symlink attack on temporary files after they have been created, a different vulnerability than CVE-2005-1751.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-1759 was patched at 2024-05-15

11363. Unknown Vulnerability Type - Unknown Product (CVE-2005-2475) - Low [11]

Description: {'vulners_cve_data_all': 'Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2005-2475 was patched at 2024-05-15

11364. Unknown Vulnerability Type - Unknown Product (CVE-2006-5214) - Low [11]

Description: {'vulners_cve_data_all': 'Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2006-5214 was patched at 2024-05-15

11365. Unknown Vulnerability Type - Unknown Product (CVE-2012-3500) - Low [11]

Description: {'vulners_cve_data_all': 'scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2012-3500 was patched at 2024-05-15

11366. Unknown Vulnerability Type - Unknown Product (CVE-2013-2217) - Low [11]

Description: {'vulners_cve_data_all': 'cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-2217 was patched at 2024-05-15

11367. Unknown Vulnerability Type - Unknown Product (CVE-2013-6891) - Low [11]

Description: {'vulners_cve_data_all': 'lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.110CVSS Base Score is 1.2. According to Vulners data source
EPSS Percentile010EPSS data is not available

debian: CVE-2013-6891 was patched at 2024-05-15

11368. Unknown Vulnerability Type - Unknown Product (CVE-1999-1572) - Low [0]

Description: {'vulners_cve_data_all': 'cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-1999-1572 was patched at 2024-05-15

11369. Unknown Vulnerability Type - Unknown Product (CVE-2013-1424) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2013-1424 was patched at 2024-05-15

11370. Unknown Vulnerability Type - Unknown Product (CVE-2014-5511) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5511 was patched at 2024-05-15

11371. Unknown Vulnerability Type - Unknown Product (CVE-2014-5512) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5512 was patched at 2024-05-15

11372. Unknown Vulnerability Type - Unknown Product (CVE-2014-5513) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5513 was patched at 2024-05-15

11373. Unknown Vulnerability Type - Unknown Product (CVE-2014-5514) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5514 was patched at 2024-05-15

11374. Unknown Vulnerability Type - Unknown Product (CVE-2014-5515) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2014-5515 was patched at 2024-05-15

11375. Unknown Vulnerability Type - Unknown Product (CVE-2014-6274) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2014-6274 was patched at 2024-05-15

11376. Unknown Vulnerability Type - Unknown Product (CVE-2014-9586) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2014-9586 was patched at 2024-05-15

11377. Unknown Vulnerability Type - Unknown Product (CVE-2015-0842) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0842 was patched at 2024-05-15

11378. Unknown Vulnerability Type - Unknown Product (CVE-2015-0843) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0843 was patched at 2024-05-15

11379. Unknown Vulnerability Type - Unknown Product (CVE-2015-0849) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2015-0849 was patched at 2024-05-15

11380. Unknown Vulnerability Type - Unknown Product (CVE-2015-2309) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2015-2309 was patched at 2024-05-15

11381. Unknown Vulnerability Type - Unknown Product (CVE-2019-1000029) - Low [0]

Description: {'vulners_cve_data_all': '', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2019-1000029 was patched at 2024-05-15

11382. Unknown Vulnerability Type - Unknown Product (CVE-2020-25720) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2020-25720 was patched at 2024-05-15

11383. Unknown Vulnerability Type - Unknown Product (CVE-2021-0447) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-0447 was patched at 2024-05-15

11384. Unknown Vulnerability Type - Unknown Product (CVE-2021-0937) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-0937 was patched at 2024-05-15

11385. Unknown Vulnerability Type - Unknown Product (CVE-2021-35473) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-35473 was patched at 2024-05-15

11386. Unknown Vulnerability Type - Unknown Product (CVE-2021-3902) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-3902 was patched at 2024-05-15

11387. Unknown Vulnerability Type - Unknown Product (CVE-2021-41737) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2021-41737 was patched at 2024-05-15

11388. Unknown Vulnerability Type - Unknown Product (CVE-2022-45592) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2022-45592 was patched at 2024-05-15

11389. Unknown Vulnerability Type - Unknown Product (CVE-2023-1932) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-1932 was patched at 2024-05-15

11390. Unknown Vulnerability Type - Unknown Product (CVE-2023-24283) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-24283 was patched at 2024-05-15

11391. Unknown Vulnerability Type - Unknown Product (CVE-2023-24284) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-24284 was patched at 2024-05-15

11392. Unknown Vulnerability Type - Unknown Product (CVE-2023-24285) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-24285 was patched at 2024-05-15

11393. Unknown Vulnerability Type - Unknown Product (CVE-2023-24286) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-24286 was patched at 2024-05-15

11394. Unknown Vulnerability Type - Unknown Product (CVE-2023-24287) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-24287 was patched at 2024-05-15

11395. Unknown Vulnerability Type - Unknown Product (CVE-2023-24288) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-24288 was patched at 2024-05-15

11396. Unknown Vulnerability Type - Unknown Product (CVE-2023-24291) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-24291 was patched at 2024-05-15

11397. Unknown Vulnerability Type - Unknown Product (CVE-2023-28362) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-28362 was patched at 2024-05-15

11398. Unknown Vulnerability Type - Unknown Product (CVE-2023-34854) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-34854 was patched at 2024-05-15

11399. Unknown Vulnerability Type - Unknown Product (CVE-2023-36325) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-36325 was patched at 2024-05-15

11400. Unknown Vulnerability Type - Unknown Product (CVE-2023-38037) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-38037 was patched at 2024-05-15

11401. Unknown Vulnerability Type - Unknown Product (CVE-2023-43091) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-43091 was patched at 2024-05-15

11402. Unknown Vulnerability Type - Unknown Product (CVE-2023-45359) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45359 was patched at 2024-05-15

11403. Unknown Vulnerability Type - Unknown Product (CVE-2023-45361) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45361 was patched at 2024-05-15

11404. Unknown Vulnerability Type - Unknown Product (CVE-2023-45913) - Low [0]

Description: {'vulners_cve_data_all': 'Mesa v23.0.4 was discovered to contain a NULL pointer dereference via the function dri2GetGlxDrawableFromXDrawableId(). This vulnerability is triggered when the X11 server sends an DRI2_BufferSwapComplete event unexpectedly when the application is using DRI3. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45913 was patched at 2024-05-15

11405. Unknown Vulnerability Type - Unknown Product (CVE-2023-45918) - Low [0]

Description: {'vulners_cve_data_all': 'ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45918 was patched at 2024-05-15

11406. Unknown Vulnerability Type - Unknown Product (CVE-2023-45919) - Low [0]

Description: {'vulners_cve_data_all': 'Mesa 23.0.4 was discovered to contain a buffer over-read in glXQueryServerString(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45919 was patched at 2024-05-15

11407. Unknown Vulnerability Type - Unknown Product (CVE-2023-45920) - Low [0]

Description: {'vulners_cve_data_all': 'Xfig v3.2.8 was discovered to contain a NULL pointer dereference when calling XGetWMHints(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server or window manager.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45920 was patched at 2024-05-15

11408. Unknown Vulnerability Type - Unknown Product (CVE-2023-45922) - Low [0]

Description: {'vulners_cve_data_all': 'glx_pbuffer.c in Mesa 23.0.4 was discovered to contain a segmentation violation when calling __glXGetDrawableAttribute(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45922 was patched at 2024-05-15

11409. Unknown Vulnerability Type - Unknown Product (CVE-2023-45924) - Low [0]

Description: {'vulners_cve_data_all': 'libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45924 was patched at 2024-05-15

11410. Unknown Vulnerability Type - Unknown Product (CVE-2023-45925) - Low [0]

Description: {'vulners_cve_data_all': 'GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem (an X operation silently fails).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45925 was patched at 2024-05-15

11411. Unknown Vulnerability Type - Unknown Product (CVE-2023-45927) - Low [0]

Description: {'vulners_cve_data_all': 'S-Lang 2.3.2 was discovered to contain an arithmetic exception via the function tt_sprintf().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45927 was patched at 2024-05-15

11412. Unknown Vulnerability Type - Unknown Product (CVE-2023-45929) - Low [0]

Description: {'vulners_cve_data_all': 'S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr().', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45929 was patched at 2024-05-15

11413. Unknown Vulnerability Type - Unknown Product (CVE-2023-45931) - Low [0]

Description: {'vulners_cve_data_all': 'Mesa 23.0.4 was discovered to contain a NULL pointer dereference in check_xshm() for the has_error state. NOTE: this is disputed because there is no scenario in which the vulnerability was demonstrated.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45931 was patched at 2024-05-15

11414. Unknown Vulnerability Type - Unknown Product (CVE-2023-45935) - Low [0]

Description: {'vulners_cve_data_all': 'Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms(). NOTE: this is disputed because it is not expected that an X application should continue to run when there is arbitrary anomalous behavior from the X server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-45935 was patched at 2024-05-15

11415. Unknown Vulnerability Type - Unknown Product (CVE-2023-46046) - Low [0]

Description: {'vulners_cve_data_all': 'An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46046 was patched at 2024-05-15

11416. Unknown Vulnerability Type - Unknown Product (CVE-2023-46048) - Low [0]

Description: {'vulners_cve_data_all': 'Tex Live 944e257 has a NULL pointer dereference in texk/web2c/pdftexdir/writet1.c. NOTE: this is disputed because it should be categorized as a usability problem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46048 was patched at 2024-05-15

11417. Unknown Vulnerability Type - Unknown Product (CVE-2023-46051) - Low [0]

Description: {'vulners_cve_data_all': 'TeX Live 944e257 allows a NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c. NOTE: this is disputed because it should be categorized as a usability problem.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46051 was patched at 2024-05-15

11418. Unknown Vulnerability Type - Unknown Product (CVE-2023-46052) - Low [0]

Description: {'vulners_cve_data_all': 'Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46052 was patched at 2024-05-15

11419. Unknown Vulnerability Type - Unknown Product (CVE-2023-46586) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46586 was patched at 2024-05-15

11420. Unknown Vulnerability Type - Unknown Product (CVE-2023-46840) - Low [0]

Description: {'vulners_cve_data_all': 'Incorrect placement of a preprocessor directive in source code results\nin logic that doesn't operate as intended when support for HVM guests is\ncompiled out of Xen.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46840 was patched at 2024-05-15

11421. Unknown Vulnerability Type - Unknown Product (CVE-2023-46841) - Low [0]

Description: {'vulners_cve_data_all': 'Recent x86 CPUs offer functionality named Control-flow Enforcement\nTechnology (CET). A sub-feature of this are Shadow Stacks (CET-SS).\nCET-SS is a hardware feature designed to protect against Return Oriented\nProgramming attacks. When enabled, traditional stacks holding both data\nand return addresses are accompanied by so called "shadow stacks",\nholding little more than return addresses. Shadow stacks aren't\nwritable by normal instructions, and upon function returns their\ncontents are used to check for possible manipulation of a return address\ncoming from the traditional stack.\n\nIn particular certain memory accesses need intercepting by Xen. In\nvarious cases the necessary emulation involves kind of replaying of\nthe instruction. Such replaying typically involves filling and then\ninvoking of a stub. Such a replayed instruction may raise an\nexceptions, which is expected and dealt with accordingly.\n\nUnfortunately the interaction of both of the above wasn't right:\nRecovery involves removal of a call frame from the (traditional) stack.\nThe counterpart of this operation for the shadow stack was missing.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46841 was patched at 2024-05-15

11422. Unknown Vulnerability Type - Unknown Product (CVE-2023-46842) - Low [0]

Description: {'vulners_cve_data_all': 'Unlike 32-bit PV guests, HVM guests may switch freely between 64-bit and\nother modes. This in particular means that they may set registers used\nto pass 32-bit-mode hypercall arguments to values outside of the range\n32-bit code would be able to set them to.\n\nWhen processing of hypercalls takes a considerable amount of time,\nthe hypervisor may choose to invoke a hypercall continuation. Doing so\ninvolves putting (perhaps updated) hypercall arguments in respective\nregisters. For guests not running in 64-bit mode this further involves\na certain amount of translation of the values.\n\nUnfortunately internal sanity checking of these translated values\nassumes high halves of registers to always be clear when invoking a\nhypercall. When this is found not to be the case, it triggers a\nconsistency check in the hypervisor and causes a crash.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-46842 was patched at 2024-05-15

11423. Unknown Vulnerability Type - Unknown Product (CVE-2023-52723) - Low [0]

Description: {'vulners_cve_data_all': 'In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2023-52723 was patched at 2024-05-15

11424. Unknown Vulnerability Type - Unknown Product (CVE-2024-1271) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-1271 was patched at 2024-05-15

11425. Unknown Vulnerability Type - Unknown Product (CVE-2024-23944) - Low [0]

Description: {'vulners_cve_data_all': 'Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when the persistent watcher is triggered and as a consequence, the full path of znodes that a watch event gets triggered upon is exposed to the owner of the watcher. It's important to note that only the path is exposed by this vulnerability, not the data of znode, but since znode path can contain sensitive information like user name or login ID, this issue is potentially critical.\n\nUsers are recommended to upgrade to version 3.9.2, 3.8.4 which fixes the issue.\n', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-23944 was patched at 2024-05-15

11426. Unknown Vulnerability Type - Unknown Product (CVE-2024-24784) - Low [0]

Description: {'vulners_cve_data_all': 'The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-24784 was patched at 2024-04-30, 2024-05-22

debian: CVE-2024-24784 was patched at 2024-05-15

oraclelinux: CVE-2024-24784 was patched at 2024-05-07, 2024-05-29

redhat: CVE-2024-24784 was patched at 2024-04-30, 2024-05-22

11427. Unknown Vulnerability Type - Unknown Product (CVE-2024-24785) - Low [0]

Description: {'vulners_cve_data_all': 'If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-24785 was patched at 2024-04-30, 2024-05-22

debian: CVE-2024-24785 was patched at 2024-05-15

oraclelinux: CVE-2024-24785 was patched at 2024-05-07, 2024-05-29

redhat: CVE-2024-24785 was patched at 2024-04-30, 2024-05-22

redos: CVE-2024-24785 was patched at 2024-04-22

11428. Unknown Vulnerability Type - Unknown Product (CVE-2024-25742) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-25742 was patched at 2024-05-22

debian: CVE-2024-25742 was patched at 2024-05-15

oraclelinux: CVE-2024-25742 was patched at 2024-05-08, 2024-05-23

redhat: CVE-2024-25742 was patched at 2024-05-01, 2024-05-22, 2024-05-28, 2024-06-11

11429. Unknown Vulnerability Type - Unknown Product (CVE-2024-25743) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-25743 was patched at 2024-05-22

debian: CVE-2024-25743 was patched at 2024-05-15

oraclelinux: CVE-2024-25743 was patched at 2024-05-08, 2024-05-23

redhat: CVE-2024-25743 was patched at 2024-05-01, 2024-05-22, 2024-05-28, 2024-06-11

11430. Unknown Vulnerability Type - Unknown Product (CVE-2024-25763) - Low [0]

Description: {'vulners_cve_data_all': 'openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25763 was patched at 2024-05-15

11431. Unknown Vulnerability Type - Unknown Product (CVE-2024-25768) - Low [0]

Description: {'vulners_cve_data_all': 'OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/libopendmarc/opendmarc_policy.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-25768 was patched at 2024-05-15

11432. Unknown Vulnerability Type - Unknown Product (CVE-2024-26165) - Low [0]

Description: {'vulners_cve_data_all': '', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

redos: CVE-2024-26165 was patched at 2024-05-03

11433. Unknown Vulnerability Type - Unknown Product (CVE-2024-26369) - Low [0]

Description: {'vulners_cve_data_all': 'An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort) upon receiving DataWriter's data.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-26369 was patched at 2024-05-15

11434. Unknown Vulnerability Type - Unknown Product (CVE-2024-27088) - Low [0]

Description: {'vulners_cve_data_all': 'es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-27088 was patched at 2024-05-15

11435. Unknown Vulnerability Type - Unknown Product (CVE-2024-27280) - Low [0]

Description: {'vulners_cve_data_all': 'A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-27280 was patched at 2024-05-30, 2024-06-03, 2024-06-06, 2024-06-11

debian: CVE-2024-27280 was patched at 2024-05-03, 2024-05-15

oraclelinux: CVE-2024-27280 was patched at 2024-05-31, 2024-06-03, 2024-06-06, 2024-06-07, 2024-06-13

redhat: CVE-2024-27280 was patched at 2024-05-30, 2024-06-03, 2024-06-06, 2024-06-11

11436. Unknown Vulnerability Type - Unknown Product (CVE-2024-27282) - Low [0]

Description: {'vulners_cve_data_all': 'An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-27282 was patched at 2024-05-30, 2024-06-03, 2024-06-06, 2024-06-11

debian: CVE-2024-27282 was patched at 2024-05-03, 2024-05-15

oraclelinux: CVE-2024-27282 was patched at 2024-05-31, 2024-06-03, 2024-06-06, 2024-06-07, 2024-06-13

redhat: CVE-2024-27282 was patched at 2024-05-30, 2024-06-03, 2024-06-06, 2024-06-11

11437. Unknown Vulnerability Type - Unknown Product (CVE-2024-28054) - Low [0]

Description: {'vulners_cve_data_all': 'Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-28054 was patched at 2024-05-15

redos: CVE-2024-28054 was patched at 2024-06-11

ubuntu: CVE-2024-28054 was patched at 2024-05-28

11438. Unknown Vulnerability Type - Unknown Product (CVE-2024-29038) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29038 was patched at 2024-05-15

11439. Unknown Vulnerability Type - Unknown Product (CVE-2024-29039) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29039 was patched at 2024-05-15

11440. Unknown Vulnerability Type - Unknown Product (CVE-2024-29489) - Low [0]

Description: {'vulners_cve_data_all': 'Jerryscript 2.4.0 has SEGV at ./jerry-core/ecma/base/ecma-helpers.c:238:58 in ecma_get_object_type.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29489 was patched at 2024-05-15

11441. Unknown Vulnerability Type - Unknown Product (CVE-2024-29510) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-29510 was patched at 2024-05-15

11442. Unknown Vulnerability Type - Unknown Product (CVE-2024-30187) - Low [0]

Description: {'vulners_cve_data_all': 'Anope before 2.0.15 does not prevent resetting the password of a suspended account.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-30187 was patched at 2024-05-15

ubuntu: CVE-2024-30187 was patched at 2024-04-30

11443. Unknown Vulnerability Type - Unknown Product (CVE-2024-30202) - Low [0]

Description: {'vulners_cve_data_all': 'In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-30202 was patched at 2024-05-15

11444. Unknown Vulnerability Type - Unknown Product (CVE-2024-30203) - Low [0]

Description: {'vulners_cve_data_all': 'In Emacs before 29.3, Gnus treats inline MIME contents as trusted.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-30203 was patched at 2024-05-15

11445. Unknown Vulnerability Type - Unknown Product (CVE-2024-30204) - Low [0]

Description: {'vulners_cve_data_all': 'In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-30204 was patched at 2024-05-15

11446. Unknown Vulnerability Type - Unknown Product (CVE-2024-30205) - Low [0]

Description: {'vulners_cve_data_all': 'In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-30205 was patched at 2024-05-15

11447. Unknown Vulnerability Type - Unknown Product (CVE-2024-31755) - Low [0]

Description: {'vulners_cve_data_all': 'cJSON v1.7.17 was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-31755 was patched at 2024-05-15

ubuntu: CVE-2024-31755 was patched at 2024-05-23

11448. Unknown Vulnerability Type - Unknown Product (CVE-2024-32487) - Low [0]

Description: {'vulners_cve_data_all': 'less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

almalinux: CVE-2024-32487 was patched at 2024-05-30

debian: CVE-2024-32487 was patched at 2024-05-03, 2024-05-15

oraclelinux: CVE-2024-32487 was patched at 2024-05-30, 2024-06-06

redhat: CVE-2024-32487 was patched at 2024-05-30, 2024-06-06

redos: CVE-2024-32487 was patched at 2024-05-16

ubuntu: CVE-2024-32487 was patched at 2024-04-29

11449. Unknown Vulnerability Type - Unknown Product (CVE-2024-32489) - Low [0]

Description: {'vulners_cve_data_all': 'TCPDF before 6.7.4 mishandles calls that use HTML syntax.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32489 was patched at 2024-05-15

11450. Unknown Vulnerability Type - Unknown Product (CVE-2024-32491) - Low [0]

Description: {'vulners_cve_data_all': 'An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file (via a manipulated AJAX Request) to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available through the web server.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32491 was patched at 2024-05-15

11451. Unknown Vulnerability Type - Unknown Product (CVE-2024-32493) - Low [0]

Description: {'vulners_cve_data_all': 'An issue was discovered in Znuny LTS 6.5.1 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32493 was patched at 2024-05-15

11452. Unknown Vulnerability Type - Unknown Product (CVE-2024-32605) - Low [0]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called from H5D__compact_readvv in H5Dcompact.c).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32605 was patched at 2024-05-15

11453. Unknown Vulnerability Type - Unknown Product (CVE-2024-32606) - Low [0]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 may attempt to dereference uninitialized values in h5tools_str_sprint in tools/lib/h5tools_str.c (called from h5tools_dump_simple_data in tools/lib/h5tools_dump.c).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32606 was patched at 2024-05-15

11454. Unknown Vulnerability Type - Unknown Product (CVE-2024-32607) - Low [0]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resulting in the corruption of the instruction pointer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32607 was patched at 2024-05-15

11455. Unknown Vulnerability Type - Unknown Product (CVE-2024-32609) - Low [0]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32609 was patched at 2024-05-15

11456. Unknown Vulnerability Type - Unknown Product (CVE-2024-32610) - Low [0]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32610 was patched at 2024-05-15

11457. Unknown Vulnerability Type - Unknown Product (CVE-2024-32611) - Low [0]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32611 was patched at 2024-05-15

11458. Unknown Vulnerability Type - Unknown Product (CVE-2024-32612) - Low [0]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5HL__fl_deserialize in H5HLcache.c, resulting in the corruption of the instruction pointer, a different vulnerability than CVE-2024-32613.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32612 was patched at 2024-05-15

11459. Unknown Vulnerability Type - Unknown Product (CVE-2024-32613) - Low [0]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 contains a heap-based buffer over-read in the function H5HL__fl_deserialize in H5HLcache.c, a different vulnerability than CVE-2024-32612.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32613 was patched at 2024-05-15

11460. Unknown Vulnerability Type - Unknown Product (CVE-2024-32614) - Low [0]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 has a SEGV in H5VM_memcpyvv in H5VM.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32614 was patched at 2024-05-15

11461. Unknown Vulnerability Type - Unknown Product (CVE-2024-32616) - Low [0]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5O__dtype_encode_helper in H5Odtype.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32616 was patched at 2024-05-15

11462. Unknown Vulnerability Type - Unknown Product (CVE-2024-32617) - Low [0]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 contains a heap-based buffer over-read caused by the unsafe use of strdup in H5MM_xstrdup in H5MM.c (called from H5G__ent_to_link in H5Glink.c).', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32617 was patched at 2024-05-15

11463. Unknown Vulnerability Type - Unknown Product (CVE-2024-32620) - Low [0]

Description: {'vulners_cve_data_all': 'HDF5 Library through 1.14.3 contains a heap-based buffer over-read in H5F_addr_decode_len in H5Fint.c, resulting in the corruption of the instruction pointer.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-32620 was patched at 2024-05-15

11464. Unknown Vulnerability Type - Unknown Product (CVE-2024-33255) - Low [0]

Description: {'vulners_cve_data_all': 'Jerryscript commit cefd391 was discovered to contain an Assertion Failure via ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p) in ecma_free_string_list.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-33255 was patched at 2024-05-15

11465. Unknown Vulnerability Type - Unknown Product (CVE-2024-33258) - Low [0]

Description: {'vulners_cve_data_all': 'Jerryscript commit ff9ff8f was discovered to contain a segmentation violation via the component vm_loop at jerry-core/vm/vm.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-33258 was patched at 2024-05-15

11466. Unknown Vulnerability Type - Unknown Product (CVE-2024-33259) - Low [0]

Description: {'vulners_cve_data_all': 'Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component scanner_seek at jerry-core/parser/js/js-scanner-util.c.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-33259 was patched at 2024-05-15

11467. Unknown Vulnerability Type - Unknown Product (CVE-2024-33260) - Low [0]

Description: {'vulners_cve_data_all': 'Jerryscript commit cefd391 was discovered to contain a segmentation violation via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-33260 was patched at 2024-05-15

11468. Unknown Vulnerability Type - Unknown Product (CVE-2024-33869) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-33869 was patched at 2024-05-15

11469. Unknown Vulnerability Type - Unknown Product (CVE-2024-33870) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-33870 was patched at 2024-05-15

11470. Unknown Vulnerability Type - Unknown Product (CVE-2024-33871) - Low [0]

Description: {'vulners_cve_data_all': 'This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-33871 was patched at 2024-05-15

11471. Unknown Vulnerability Type - Unknown Product (CVE-2024-34490) - Low [0]

Description: {'vulners_cve_data_all': 'In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-34490 was patched at 2024-05-15

11472. Unknown Vulnerability Type - Unknown Product (CVE-2024-34508) - Low [0]

Description: {'vulners_cve_data_all': 'dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-34508 was patched at 2024-05-15

11473. Unknown Vulnerability Type - Unknown Product (CVE-2024-34509) - Low [0]

Description: {'vulners_cve_data_all': 'dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-34509 was patched at 2024-05-15

11474. Unknown Vulnerability Type - Unknown Product (CVE-2024-3652) - Low [0]

Description: {'vulners_cve_data_all': 'The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-3652 was patched at 2024-05-15

11475. Unknown Vulnerability Type - Unknown Product (CVE-2024-42265) - Low [0]

Description: {'vulners_cve_data_all': '', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

debian: CVE-2024-42265 was patched at 2024-05-15

11476. Unknown Vulnerability Type - Unknown Product (CVE-2024–1481) - Low [0]

Description: {'vulners_cve_data_all': '', 'bdu_cve_data_all': '', 'combined_cve_data_all': ''}

ComponentValueWeightComment
Exploited in the Wild018Exploitation in the wild is NOT mentioned in available Data Sources
Exploit Exists017The exploit's existence is NOT mentioned in available Data Sources
Criticality of Vulnerability Type015Unknown Vulnerability Type
Vulnerable Product is Common014Unknown Product
CVSS Base Score0.010CVSS Base Score is NA. No data.
EPSS Percentile010EPSS data is not available

redos: CVE-2024–1481 was patched at 2024-04-23

Exploitation in the wild detected (77)

Remote Code Execution (13)

Code Injection (2)

Security Feature Bypass (8)

Authentication Bypass (4)

Elevation of Privilege (1)

Denial of Service (11)

Memory Corruption (26)

Path Traversal (1)

Unknown Vulnerability Type (7)

Incorrect Calculation (2)

Information Disclosure (2)

Public exploit exists, but exploitation in the wild is NOT detected (1404)

Remote Code Execution (327)

Command Injection (21)

Security Feature Bypass (35)

Elevation of Privilege (6)

Authentication Bypass (14)

Code Injection (10)

XXE Injection (6)

Path Traversal (22)

Denial of Service (331)

Information Disclosure (46)

Arbitrary File Reading (7)

Cross Site Scripting (113)

Memory Corruption (137)

Incorrect Calculation (6)

Arbitrary File Writing (15)

Spoofing (2)

Unknown Vulnerability Type (306)

Other Vulnerabilities (9995)

Elevation of Privilege (88)

Remote Code Execution (1252)

Denial of Service (2249)

Authentication Bypass (78)

Memory Corruption (960)

Code Injection (33)

Command Injection (58)

Security Feature Bypass (157)

Arbitrary File Writing (228)

Path Traversal (83)

Arbitrary File Reading (61)

Information Disclosure (331)

XXE Injection (23)

Cross Site Scripting (572)

Incorrect Calculation (72)

Open Redirect (16)

Unknown Vulnerability Type (3724)

Spoofing (10)